John R. Wetsch
The focus of any security implementation is to control
data, and secure system resources. A comprehensive security
be scalable from standalone systems to distributed client/server
and must address security issues at network, system,
data, and physical levels or layers. Each or these layers
a method of access to your system. From the point of
view of users
accessing the system, they first come through the network
enter your system through the system layer, then go
find data, and possibly have physical access to your
Multilayered security protects the system at each level,
a security overlap between layers, and helps you build
security view of your system.
The Network Layer
The network layer is complex, ranging from a simple
to a particular flavor of network implementation. With
connections to your system, your security may start
with a fundamental
login and password authentication at your server. A
implementation would use the security features incorporated
network operating systems (NOS).
Generally, the network layer is the weakest security
layer. All types
of users will be moving through your network to gain
access to your
system. To strengthen your network layer, implementing
may be appropriate. The concept of a firewall is to
stop or slow the
progress of an intruder in your system, similar to a
that is designed to slow the progress of a fire through
A firewall strategy segments access to your servers,
to specific servers or LAN systems. You can implement
a simple firewall
on a networked system that will allow you to control
access to key
areas. Assume, for instance, an ethernet TCP/IP environment
of two LAN systems. The first LAN system (machine name:
dedicated to development, while the other system is
a production system
(machine name: beta). In this scenario the goal is to
keep the nonsystem
users out of the development system but allow the development
to access both systems.
You would begin by adding to your network a front-end
name: firewall) that all users would log into. In each
you would add either
for a developer or
for a production system users. All users would now be
routed to the LAN system they need. To ensure that users
off the system when they exit, add the statement
kill -9 0
after the rlogin statement. You could implement
further segmentation of resources by using the Network
(NFS), if you have this installed. The goal here is
to give users
the resources they need but nothing more. The last lines
should now read:
rlogin machine-name #where machine-name is alpha or beta
kill -9 0 #Exits the user from the shell and removes
You may wonder why I chose to use
kill -9 0
after rlogin rather than to exec the
rlogin from the firewall system. An
exec rlogin hostname
is more concise and is in fact more secure, as it removes
the possibility that the kill command could be ignored.
have successfully implemented both scenarios and I suspect
exec rlogin hostname
is more commonly used for these purposes. However, my
aim here was to make the usage of shells consistent
across all platforms
in an attempt to be generic, and the
kill -9 0
implementation can also be used in the environment where
shell access is restricted.
The System Layer
The system layer begins with login and password authentication.
the system layer, the system administrator can fully
employ the tools
available in the operating system to monitor and control
In most texts on UNIX security the systems layer is
dealt with in
considerable detail. In these texts you learn how to
set up system
accounting, sample scripts, and other UNIX utilities
that can be used
to assist in system security.
Security at the system layer begins by knowing the key
areas of your
system and addressing each area as it pertains to your
The following serves as a checklist of this area and
can be established
1. Know your bits.
2. Establish a password strategy.
3. Set up user environment.
4. Keep tabs on your key files.
5. Establish system accounting.
6. Establish system checking procedures.
7. Watch your overhead.
Knowing your bits involves setting user and group IDs,
and umask properly. The umask, which is used to set
the default permissions
on files, can also be used by shell users to set their
A sticky bit lets administrators limit write access
to a file to the
superuser and the file owner.
Knowing your key file areas is important, too. The device
is /dev; /bin is used for public access to UNIX commands;
/etc contains configuration files and other executables;
is, of course, your root directory. Once you know how
your UNIX environment
should be set and where your key files are, you can
write and activate
a simple check utility using crontab.
The checksys script (Listing 1) assumes that you've
a directory called /etc/checkfil, accessible only to
and cd'd into it. The script simply accesses your key
and writes ls -l listings to a file. The script then
a diff against a master file you create prior to running
command and then saves the output of the diff command
separate file. By using cat on the diff output, you
can find any changes to files made since the master
was created. If
the diff output looks good, you can update your master
running rm master and then mv checkfil master. With
a regular run of checksys, you will be aware of what
change regularly. You will also be able to tell if permissions
bit settings to key files have been changed.
Within the system layer, the system administrator must
a password strategy. This includes addressing such areas
length and password aging, establishing policies for
setting up user
accounts, setting policy on deactivating users who do
use the system,
and removing user accounts. Other considerations of
include the minimum time between password changes, and
want users to choose their own passwords or have the
Setting up your system environment is equally important.
to think through what paths you want your users to access
how many login attempts you'll allow, how much idleout
time is required
before automatic logoff, whether to set a ulimit that
ration disk space and prevent an errant process from
filling up your
Finally, set up your system accounting to allow you
to track usage
of your system. For all of these areas you must establish
that will allow you to maintain and track all security
Without these procedures your files will get away from
you and become
unmanageable. In essence, keep track of your overhead.
implementation requires additional work and system tracking.
must be done daily!
With system layer security in place, the system administrator
address the matter of application security. Do all users
to the shell? In the network layer example, I posited
users probably need shell access but production system
need access to their applications.
In a single application environment you could simply
enter a startup
to the application in the .profile, between the rlogin
statement and the kill statement. The result would be
when users attach to a machine and log in, they come
the application. When they exit the application, the
statement forces them off the system.
It's more likely that users will require access to several
A user interface can help these users without letting
them drop to
a shell. If you are not using a GUI, then you can implement
menu script. The menxshell script in Listing 2 is a
that will allow you to set up submenus or directly access
System administrators can use a menu system to make
the system work
better for their users. However, administrators must
be beware of
backdoors to some restricted applications. For instance,
allow users to access vi through the menu. Once the
editor is invoked, the user can enter shell commands
using the !
operator. Know the extent and limitations of your applications.
Finally, from the application layer the system administrator
the particular security features of an application,
if you must administer a database, you will need to
database security features as transaction logging; privileges
and fields, including add, modify, or delete; and access
The Data Layer
The data layer requires protection of the data on your
system as well
as your system's resources. At this layer you will address
and restore strategies. This would include making a
backup; establishing policies and procedures for daily,
monthly backup types; and selecting the appropriate
such as tar, cpio, or an off-the-shelf package, to standardize
your backup environment. The goal of the administrator
here is to
be able to restore any files lost, destroyed, or damaged.
You may also decide to implement a Redundant Array of
Disks (RAID) technology such as disk mirroring. Overall,
evaluate the environment to determine the best method
to ensure data
The Physical Layer
Implementing the various components of the network,
system, and data
layers is not enough if your physical layer is not secure.
the physical layer entails securing both your hardware
and your licensed
software. You must ask how secure the system environment
is. Can anyone
approach your equipment, see a blinking light, and press
Is there a contingency plan in case of fire, theft,
or system breakdown?
Is your data layer's backup media stored in a secure
At the physical layer, you'll need to set up a disaster
that addresses what needs to be done if any of the layers
a plan is already in place, you should make sure the
plan is current
and reflects the environment.
The layered approach to system security gives administrators
of addressing user entry into their systems. It allows
to collect all of the information required to write
a security plan.
Good system procedures are nothing if they are not enforced
policy. Any security feature implemented must be maintained.
A security system should consist of at least three basic
The first document is a security plan that provides
the basis for
the security methods and physical environment. The second
is a disaster recovery plan that takes care of contingencies.
third document is a policy and procedures manual that
procedures developed and in use. Before putting together
any of the
documents, the administrator needs a risk analysis to
and costs of downtime to the organization.
No system is 100 percent secure. The extent of any assessment
on the complexity of the system. The goal of layered
security is to
ensure that the administrator has completely addressed
Within your organization, implement the security plan
as you would
any other company policy. Enforce the security plan.
A security plan
that incorporates a layered approach should, at a minimum,
Software auditing policies and installation guidelines
to track the authorized use of software.
Access policies, to includes passwords, levels of access,
workgroup assignments, and definitions of these levels.
Control of physical access to equipment.
Privacy of information, if applicable.
User accountability, to include usage and security training.
When a security plan and system control methods are
system administrator's task has just begun. Follow up
and make your policies and procedures work. Decide what
you will do
in case you detect a breach in your security.
About the Author
John Wetsch is a Senior Business Systems Analyst for
He has completed his Ph.D. in Information Systems from
University. He may be contacted at firstname.lastname@example.org.