Cover V02, I06


Publisher's Forum

The only secure computer is one that can't be turned on. If you turn it on, it can be used. If it can be used, someone unauthorized might use it. If you connect it to a modem or network, any number of people can use it. Preventing unauthorized use of the computer and unauthorized access to the data is one of the most important jobs of a system administrator.

Unauthorized access is not the exclusive domain of international spies. It is more likely that someone will breach your system's security from within. So, if you really want to detect all breaches, you must watch access to your system from the inside and the outside. To paraphrase: while a system administrator rarely needs to be paranoid, that doesn't mean someone isn't out to get your data.

In this issue we present several ways to make your system more secure. Chris Hare discusses C2 class trusted systems based on the Department of Defense's Orange Book. Many UNIX vendors include C2 with their distributions, yet some system administrators install it thinking This Is Good while others don't install it thinking This Is Going To Get In My Way, neither group always knowing what C2 is about. In another article, Don Pipkin shows you how you can selectively apply super-user privileges. Larry Reznick details a method for dealing with unsecured, idle workstations, and Bill Rieken presents several security techniques every system administrator can use.

The basis for building a secure system is to think carefully about who has access to your system and to your files, both inside and outside of your company. You'll need also to think about permissions, distributed read/write device access, and availability, then review the security features your system offers and decide which should be implemented. You may want to apply the security techniques your fellow administrators have contributed to this issue. And if you have solved a security problem or found a technique that reduced the vulnerability of your system, write us. Tell us about it. We can all benefit from the problems and solutions you've found.

Sincerely yours,
Robert Ward (". . . ! uunet!rdpub!saletter")