Annotation of coherent/a/usr/man/COHERENT/security, revision 1.1
1.1 ! root 1:
! 2:
! 3: security Technical Information security
! 4:
! 5:
! 6:
! 7:
! 8: Because COHERENT is a multi-user, multi-tasking operating system
! 9: which can support users from remote terminals, steps must be
! 10: taken to ensure that the system is secure. Sensitive information
! 11: that is stored on the system must be protected from being read or
! 12: copied by unauthorized persons; files must be protected against
! 13: vandalization by intruders. Unless a reasonable degree can be
! 14: guaranteed, no multi-user operating system can be trusted to ar-
! 15: chive important information.
! 16:
! 17: In one sense, it is easy to achieve perfect security in a com-
! 18: puter system. As Grampp and Morris have noted, ``It is easy to
! 19: run a secure computer system. You merely disconnect all dial-up
! 20: connections, put the machine and its terminals in a shielded
! 21: room, and post a guard at the door.'' For practical uses,
! 22: however, security means balancing ease of access against restric-
! 23: tiveness: users should have easy access to what is properly
! 24: theirs, and should be barred from system facilities that do not
! 25: belong to them.
! 26:
! 27: The COHERENT system has the following tools to assist with
! 28: security.
! 29:
! 30: _�P_�a_�s_�s_�w_�o_�r_�d_�s Every user account can be ``locked'' with a password.
! 31: Each user can assign her own password, and the system
! 32: administrator can set passwords for the superusers root
! 33: and bin.
! 34:
! 35: Passwords should be changed frequently. A password
! 36: should have at least six characters, should not be a
! 37: common name or word, and preferably should include a
! 38: mixture of upper- and lower-case letters, to prevent
! 39: decryption by brute-force methods.
! 40:
! 41: Passwords should be guarded jealously. In particular,
! 42: the password for the superuser root should be kept
! 43: secret, as she can read every file and execute every
! 44: program throughout the system.
! 45:
! 46: _�P_�e_�r_�m_�i_�s_�s_�i_�o_�n_�s
! 47: Execution of system-level programs, such as mount, is
! 48: restricted to the superuser root. This prevents in-
! 49: truders from seizing superuser permissions through un-
! 50: authorized manipulation of system services. Ordinary
! 51: users are also restricted from directly access system
! 52: devices, for the same reason.
! 53:
! 54: _�E_�n_�c_�r_�y_�p_�t_�i_�o_�n
! 55: The command crypt performs rotary encryption, similar
! 56: to that used by the German Enigma machine. Files of
! 57: sensitive information should be encrypted, to protect
! 58: them against being read by unauthorized persons. Note
! 59: that encryption is the only true defense against un-
! 60: authorized reading: not even the superuser can read an
! 61: encrypted file unless she has the encryption key.
! 62:
! 63:
! 64: COHERENT Lexicon Page 1
! 65:
! 66:
! 67:
! 68:
! 69: security Technical Information security
! 70:
! 71:
! 72:
! 73:
! 74: Many COHERENT systems have only one user and are not networked;
! 75: for such installations, the normal level of security may be an
! 76: annoyance. Passwords can be turned off by using the command
! 77: passwd to set the password to <return>. The command chmod can be
! 78: used to widen access to devices and system-level utilities; see
! 79: the Lexicon entry for chmod for more information on file access.
! 80:
! 81: Security ultimately is a system-wide responsibility. To quote
! 82: Grampp and Morris, ``By far, the greatest security hazard for a
! 83: system ... is the set of people who use it. If the people who
! 84: use a machine are naive about security issues, the machine will
! 85: be vulnerable regardless of what is done by the local management.
! 86: This applies particularly to the system's administrators, but or-
! 87: dinary users should also take heed.''
! 88:
! 89: ***** See Also *****
! 90:
! 91: chmod, crypt, passwd, technical information
! 92: Grampp FT, Morris RH: UNIX operating system security. _�A_�T&_�T _�B_�e_�l_�l
! 93: _�L_�a_�b _�T_�e_�c_�h _�J 1984;8:1649-1672.
! 94:
! 95:
! 96:
! 97:
! 98:
! 99:
! 100:
! 101:
! 102:
! 103:
! 104:
! 105:
! 106:
! 107:
! 108:
! 109:
! 110:
! 111:
! 112:
! 113:
! 114:
! 115:
! 116:
! 117:
! 118:
! 119:
! 120:
! 121:
! 122:
! 123:
! 124:
! 125:
! 126:
! 127:
! 128:
! 129:
! 130: COHERENT Lexicon Page 2
! 131:
! 132:
unix.superglobalmegacorp.com
This archive runs on limited infrastructure.
Preserving old code on modern bandwidth.
Automated agents are requested to crawl responsibly.
![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to security CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [MW Coherent from dump] / coherent / a / usr / man / COHERENT