These days, the phrase "computer security" is most often associated with protecting against break-ins: attempts by an unauth orized person to gain access to a computer system (and the person will bear a strong resemblance to an actor in a movie like War Games or Hackers). Such individuals do exist, and they may be motivated by maliciousness or mere mischievousness. However, while external threats are important, security encompasses much more than guarding against outsiders. For example, there are almost as many security issues relating to authorized users as to potential intruders. This chapter will discuss fundamental Unix security issues and techniques, as well as important additional security features offered by some Unix versions. See Practical Internet and Unix Security by Simson Garfinkel and Gene Spafford (O'Reilly & Associates) for an excellent, book-length discussion of Unix security. This chapter will undoubtedly strike some readers as excessivelyparanoid. The general approach I take to system security grows out of my experiences working with a large manufacturing firm designing its new products entirely on CAD-CAM workstations and experiences working with a variety of fairly small software companies. In all these environments, a significant part of the company's future products and assets existed solely online. Naturally, protecting them was a major focus of system administration and the choices that are appropriate for sites like these may be very different from what makes sense in other contexts. This chapter presents some options for securing a Unix system. It will be up to you and your site to determine what you need. Security considerations permeate most system administration activities, and security procedures work best when they are integrated with other, normal system activities. Given this reality, discussions of security issues can't really be isolated to a single chapter. Rather, they pop up again and again throughout the book. |