Under Lock and Key
9/93 Dr. Dobbís Journal, USA: Programmerís Bookshelf: Under Lock and Key, Lynne Greer Jolitz . While you canít keep network systems and data under lock and key, there are security techniques you can still employ. Lynne examines the approaches presented in UNIX System Security and UNIX Installation, Security, and Integrity.
Under Lock and Key
Review by Lynne Greer Jolitz
Copyright (C) Dr. Dobb's Journal, September, 1993
In the early days of computing, security in computer systems was not
the primary concern of administrators, since computers were generally setup
as centralized systems with terminals located in controlled areas, and networks
were not yet commonplace. (Incoming modem lines on the public telephone
network were the major security headache of system administrators.) Until
the mid-80s, in fact, enterprising students who punched holes in security
often ended up working for those very groups and firms they'd penetrated.
(Kevin Poulsen, awaiting Federal charges for illegal computer access, was
hired by SRI after a rash of system break-ins.) Still, security holes remained
a bemused topic of conversation, and were not considered serious except
by a few predictors of doom.
The Boom in Security from the Internet Worm
Security is like insurance--it's a nuisance to pay for, until a disaster
occurs. This lesson was illustrated during the "Morris worm" incident
which caused the immediate contamination of hundreds of thousands of systems
and the resultant shutdown of the NSF Internet. In the aftermath, security
awareness was raised to an all-time high from which it has gradually eroded
as everyone loses interest until the next crisis. Such is the boom-and-bust
cycle of computer security.
What was different about the Morris work was that the intruding program
took advantage of networking and operating systems standardization to allow
automatic propagation of itself onto freshly compromised systems. This meant
that, like Von Neumann exponentiating machines, the Morris worm could rapidly
scale its ability by the cascade effect of dedicating an exponential number
of hosts to the effort. In addition, because the program added to its information
store of "ways to break the system," the worm had greater "growth"
potential than an ordinary computer virus because it could, again, leverage
the network to pass back information and "learn" better how to
break into more systems.
In sum, the Morris worm neatly demonstrated the vulnerability of computer
networks, and made network-wide system security mandatory instead of an
abstract research topic. To aggravate things, the rise of high-powered low-cost
systems attached to the network have made security a part of systems design,
planning, and administration long before it became a "popular"
topic of conversation. With the number of Internet hosts now approaching
1 million and growing, security merits primary consideration before placing
any system on the global network.
A Site Administrator's View of Security
When it comes down to it, security is the mundane part of computer administration.
You put the software equivalent of a padlock on resources, files, and accounts,
rotate the assignment of keys to users of these items, and track when attempts
to unlock them are made. When initiating security procedures, however, an
understanding of the users and environment is crucial to creating a secure,
yet acceptable, work environment. A book which covers security should be
comprehensive in all aspects of security; otherwise, you don't have a secure
system. Security, whether a house or a file server, is as strong as the
UNIX System Security is geared towards the system administrator and
is engaging in its "tales" of security woes. The book is also
categorized in much the same way that a systems administrator would no doubt
view security: account security, filesystem (or, more properly, "data")
security, and network security in general, followed by specific types of
systems (securing workstations, for example), policies, and references.
While it meanders somewhat through its intermingling of security procedures
and needs, its hands-on cookbook approach should be of great use to any
goal-oriented site administrator who prefers the historical approach to
security--the "finger in the dike" view.
At the same time, this choice of organization is a flaw in UNIX System
Security. The book does not go into as much depth as necessary, allowing
a bit of cookbook knowledge to delude you into thinking you know everything.
There's no overview of what security actually is (you have to go to the
National Computer Security Center's famed Orange Book to find out). Security
is a broad term that means different things to different groups, so defining
what kind of security mechanism and its resulting effect is important. For
example, there's no comparison between account security (most common and
simple to implement) verses data security (much harder) or network (a combination
of data and account security and the actual physical arrangement of the
network itself, and an area which is also given short shrift in books on
network architecture and management).
But more importantly for a book geared to site administrators, there's little
perspective offered on the differing needs of various sites--a government
site versus one in the private sector, for instance--but instead, it seems
to be biased towards educational-site experiences. For example, government
time and energy is often oriented towards "air gap" security to
avoid penetration or subversion of the system. The private sector, on the
other hand, tends to view those "within" the system (such as employees)
as possible security problems--hence the focus on auditing, logs, and transaction
files. Neither of these considerations is directly discussed, primarily
because an educational site prefers a more open and free exchange of ideas
and viewpoints (and also, because they don't usually have money to throw
at procedures and personnel). The short shrift given to auditing, in particular,
is an oversight for any private-sector site administrator. This is especially
the case as modern computer systems with integral security auditing on per-file
and per-process level become available.
Policies with respect to software, passwords, and so forth are also discussed
in UNIX System Security, but these policies have an educational-site
bias, and system administrators should refer to their site guidelines before
implementing any of these suggestions. (If your site doesn't have guidelines,
it's time to establish them.) Legal issues regarding site policies and policing
and software licenses and copyrights are also volatile and undefined at
this time, and the legal examples should be read with a grain of salt. Yet,
for naive institutions that never considered such policies necessary, it
does bring them back into the "real" world.
System Security at a Glance
For a more traditional overview of UNIX security, UNIX Installation,
Security, and Integrity is welcome. Written in a concise and direct
form, this book fills out the topic and is careful in discussing security
categories. After breaking down the main-system security into appropriate
categories (filesystem security, account security, and process security
on the local system), it discusses cryptography and network security. It
also deals with security monitoring and auditing procedures. Thus, the last
word in its title actually has meaning.
One item I appreciated was the careful differentiation between trusted and
regular systems. The authors went so far as to include a mention of hardware
security support, an oft-forgotten area which should be covered in every
The reference section of both books contain useful papers and books, including
the Orange Book and some of Robert Morris's papers on security (which may
have influenced his son's "worm" work) and brief discussions of
secure software (such as Kerberos). In concentrating on recent works, however,
some of the classic works were ignored, including studies on the KSOS System
(Ford Aerospace) which are worth mentioning for their scope and depth.
UNIX System Security should become popular among site administrators
struggling to get a handle on security needs--especially since most vendor-specific
manuals don't cover those well-known security "holes" which can
cause grief. For a more thorough and concise view of security, administrators
should also obtain UNIX Installation, Security, and Integrity. But
for a real understanding of security in the 1990s, check the references
and attend the security conferences. That's where the action is.
UNIX System Security
David A. Curry
Addison-Wesley Professional Computing Series, 1992, 279 pp.
UNIX Installation, Security, and Integrity
David Ferbrache and Gavin Shearer
Prentice-Hall, 1993, 305 pp.