• Choose a category
• All
• Classic-Fiction

Unix was created in the 1970s. The product designers took an open-systems approach, meaning that the entire source code for the operating system was readily available for most versions. This open-source philosophy has allowed tens of thousands of programmers, computer scientists, and systems developers to tinker with and improve the product.

The National Security Agency (NSA) has released a set of enhancements to provide additional security for Linux systems. These enhancements are bundled in a set of tools called Security Enhanced Linux (SELinux). SELinux uses mandatory access control methods as part of the mechanisms for improved security. You can find information on it at http://www.nsa.gov/selinux/.

Linux and Unix, when properly configured, provide a high level of security. The major challenge with the Unix environment is configuring it properly.

Unix includes the capacity to handle and run almost every protocol, service, and capability designed. You should turn off most of the services when they aren’t needed by running a script during system startup. The script will configure the protocols, and it will determine which services are started.

All Unix security is handled at the file level. Files and directories need to be established properly to ensure correct access permissions. The file structure is hierarchical by nature, and when a file folder access level is set, all subordinate file folders usually inherit this access. This inheritance of security is established by the systems administrator or by a user who knows how to adjust directory permissions.

Keeping patches and updates current is essential in the Unix environment. You can accomplish this by regularly visiting the developer’s website for the version/flavor you’re using and downloading the latest fixes.

Linux also provides a great deal of activity logging. These logs are essential in establishing patterns of intrusion.

An additional method of securing Linux systems is accomplished by adding TCP wrappers, which are low-level logging packages designed for Unix systems. Wrappers provide additional detailed logging on activity using a specific protocol. Each protocol or port must have a wrapper installed for it. The wrappers then record activities and deny access to the service or server.

Linux is considered an open-source program. This means that all of the source code for the system is available for examination and modification. This typically requires a high level of programming expertise. Vendors such as Sun, IBM, and HP have implemented Unix-based or Linux-based systems to simplify the process. In most cases, they make the modifications available to customers.

As an administrator of a Unix or Linux network, you’re confronted with a large number of configuration files and variables that you must work with in order to keep all hosts communicating properly.

Hardening Novell NetWare

Novell was one of the first companies to introduce a network operating system (NOS) for desktop computers, called NetWare. Early versions of NetWare provided the ability to connect PCs into primitive but effective LANs. The most recent version of NetWare, version 6.5, includes file sharing, print sharing, support for most clients, and fairly tight security.

NetWare functions as a server product. The server has its own NOS. The NetWare software also includes client applications for a number of different types of systems, including Macintoshes and PCs. You can extend the server services by adding NetWare Loadable Modules (NLMs) to the server. These modules allow executable code to be patched or inserted into the OS.

What Microsoft calls service packs—updates to the core operating system—Novell calls support packs. The support packs fix known problems with the OS and occasionally add additional functionality.

NetWare version 6.x is primarily susceptible to denial of service (DoS) types of attacks, as opposed to exploitation and