•
logon prompt
•
No Access permission
•
New Technology File System NTFS
•
New Technology LAN Manager NTLM
•
objects
•
owner
•
parent
•
permission
•
process
•
registry
•
Security Accounts Manager SAM
•
Security Descriptor
•
Security Group
•
Security Identifier SID
•
security principle
•
shares
•
System Access Control List SACL
•
Ticket
•
user account
•
user policy
•
user rights
•
Windows Explorer
Chapter 11: Securing Unix Servers
The security mechanisms available in standard UNIX that being ATT System V version 4, which essentially match those of BSD, are significantly simpler than those in Windows. Unix
was originally developed as a “security simplified” alternative to Multics—as such, security is mostly an afterthought designed more to prevent accidental harm by legitimate users than to
keep hackers at bay. Microsoft specifically designed the NT kernel to allow for much more expressive configuration of security than Unix in order to out-compete it.
But complexity doesn’t equal security—in fact, in most situations, complexity is anathema to security. And, the default configuration of Windows after an installation bypasses most of
Windows’ sophisticated security mechanisms anyway, whereas Unix security is usually considerably stricter than Windows security out-of-the-box. In practice, Unix security can be
configured similarly to Windows despite its inherent simplicity.
A Brief History of Unix
To understand Unix security, it’s important to understand why Unix was developed and how it evolved. In the mid 1960’s, GE, MIT, and ATT Bell Labs began development of an
operating system that was supposed to become the standard operating system for the U.S. government. This system was called Multics, and its primary purpose was to support multiple
users, multiple running programs, and multiple security levels simultaneously.
Multics
A complex operating system developed in the 1960s with many innovative concepts, such as multitasking. Multics was the precursor to the simpler and more portable Unix.
Note In this book, “UNIX” in all capital letters refers specifically to ATT System V version 4, and “Unix” in normal typeface refers to all Unix-compatible operating systems
generically. Linux is Unix, BSD is Unix, and UNIX is Unix.
Unfortunately, because of its distributed development and the difficult problems it attempted to solve, the Multics development effort became bogged down and fell years behind schedule.
In 1969, ATT pulled out of the Multics development effort. Multics was eventually completed in the early seventies, but it languished on a few government-owned and
commercial systems, without ever spawning an industry to support it or create applications for it. The last known running installation of Multics was shut down in 2000.
Ken Thompson, one of ATT’s programmers on the Multics team, decided to write a stripped-down version of Multics that threw out the security requirements that had bogged the
project down and just allowed for the launching and control of multiple processes at the same time. With the help of Dennis Ritchie co-developer of the C programming language, he had
a running operating system within a year. Ritchie suggested calling the operating system UNIX as a dig at the overburdened Multics operating system. In a few short years, the system
had been completely rewritten in Ritchie’s C programming language, and included the C compiler, so that programmers had a complete system with which they could develop
software.
Because ATT was prevented from marketing or selling software by the Communications Act of 1957 in order to retain its monopoly status as the telephone provider for the entire
country, ATT allowed Thompson to provide UNIX to whomever wanted it for the price of the tape that stored it. It quickly became popular in academic environments and as an
operating system for new computer systems whose designers couldn’t afford to develop an operating system.
In the mid-1970’s, some students at Berkeley bought a tape of the operating system, including the source code. Unlike most others who merely used the operating system or, at most, ported
it to a new type of computer, the Berkeley students set out to modify and improve the system as they saw fit. When they began distributing their improved version of Unix, they called it
the Berkeley Software Distribution, or BSD. BSD soon incorporated the Mach micro-kernel developed at Carnegie-Mellon University, which made the installation and incorporation of
device drivers much easier and allowed for more distributed modular kernel development by more parties. By the early 1990’s, BSD did not contain any code that was developed at
ATT, and Berkeley was able to place the entire distribution into the public domain. It survives today as the BSD 4.4, FreeBSD, NetBSD, and OpenBSD open-source distributions
and as the operating system for innumerable network devices.
BSD Berkeley Software Distribution
A highly customized version of Unix, originally distributed by the University of California at Berkeley.
In 1983, the U.S. government split ATT up, and the restriction that prevented them from selling UNIX commercially was lifted. ATT immediately recognized the potential of their
