• shell • socket • User Identifier UID

Chapter 12: Unix Network Security

This chapter covers the major contemporary Unix network security mechanisms. There are a number of obsolete Unix protocols and security mechanisms that are not discussed here because they are no longer used—either because better alternatives exist now or because their security was weak and is now considered compromised. This chapter provides an overview of the basic network security mechanisms available to Unix including their relative merits, security posture, and administrative difficulty. It’s not possible to cover the configuration or administration of these protocols in a single chapter, but pointers to other resources for configuring them are provided. Unix Network Security Basics Standard Unix ATT System V does not include facilities to implement either single- signon one password and user account in the network or pervasive network security. Security accounts are only valid on individual machines, machines do not “trust” other machine’s accounts per se, and every network service implements its own security mechanisms. Unix security is similar to Windows “Workgroup” mode security in this respect, where trust amongst machines does not exist. Also consider that no true universal network file system exists in Unix. While Windows has had “Windows networking” since its inception to allow for file and print sharing, Unix did not have anything that could be called a standard file sharing mechanism until the early nineties, when NFS became the de facto file sharing standard. Prior to that, FTP was the closest thing to a file sharing standard, but it only allowed for copying files, not mounting and using them remotely. Without a standard network file sharing mechanism, there was little point in having a single network logon—traversing machines wasn’t that much of an issue. But as networks of single- user computers became popular in the late 1980’s, Unix began to show its age. Of course, numerous solutions to these problems have cropped up in the 30 years since Unix was developed. Originally, network access simply meant connecting to a Unix machine using a terminal application and logging in using a local user account. This method is still used by telnet, remote shell, secure shell, and numerous other remote logon protocols. remote logon The process of logging on to a remote machine in order to execute software on it. When Sun developed the Network File System and Network Information System, they simply adapted Unix security to a network environment. In these situations, all machines share a central account database, but they log on locally using these accounts. Because UIDs are synonymous throughout the network supposedly, this mechanism was relatively seamless, but terribly insecure—any user logged onto a local machine could simply change their UID in their own passwd file to match a target account on the NFS server, and then log in. The NFS server would simply trust their UID and serve them supposedly secure files. Network File System NFS A file-sharing protocol developed by Sun Microsystems for use in Unix environments. NFS allows clients to mount portions of a server’s file system into their own file systems. Network Information Service NIS A simple distributed logon mechanism developed by Sun Microsystems for Unix, originally to support single sign-on for NFS. The first real attempt to create true network security, where one logon account was valid throughout a security domain and where computers could participate in robust trust relationships, was the Athena project at MIT, which evolved into Kerberos. Kerberos solved the problem so well that Microsoft replaced their own relatively sophisticated Windows NT Domain model security with Kerberos when they released Windows 2000. While not perfectly secure, Kerberos solves so many different security problems that it will clearly be the standard single logon methodology for quite some time. Unfortunately, none of the existing network services supported Kerberos, and they had to be modified and recompiled to support it. For proprietary network services, adding support for Kerberos was difficult and in many cases still has not happened. Remote Logon Security Local Area Networks LANs are new to Unix. Unix was developed in the mid 70’s, but LANs didn’t come onto the scene until the mid-‘80s. Linking computers together seamlessly was an esoteric problem when Unix came out—the major problem originally was linking a large number of terminals to a single computer. Local Area Network LAN A network in which all participants can communicate directly without the need for routing at the network layer. The term is somewhat obsolete, as many LAN-sized networks implement routing for various reasons since the advent of the Internet. terminal A remote display and keyboardmouse console that can be used to access a computer. This explains why Unix security is so self-centric—Unix was pretty much set in stone before networking computers together was really that much of a problem. Originally, the problem was trying to get enough serial ports connected to a single computer so each user could have his own terminal. Remote logon allows multiple users to connect to a single computer and run their software on it. Originally, remote logon was accomplished by connecting multiple terminals each to a