CISA Made Easy

                                           - easy CISA preparation

Monday, October 27, 2008

Access Control in UNIX based operating systems

A lot of UNIX based operating systems are available. Although basic architecture is same for all these Operating System but they varies in functionality. Following are some of the important UNIX based OS:

Solaris,
SCO UNIX,
Linux- Red Hat, Fedora,
BSD – Open BSD, NetBSD, Free BSD
HP-UX
AIX
Darwin
Mac

In Unix based information system following measures are very much required to ascertain proper access control.



CISA Exam may not ask platform specific question. Similarly the directory structure and commands may not be asked. CISA aspirants need to know the basic concepts behind these only. I am providing these details for Information Security Professionals and IS Auditors.



1)Root access Control

Root access can be controlled by configuring one of the following:

a. /etc/default/login
b. Sshd.config
c. Ssh.config


2)Remote Access Control

Remote access can be controlled by configuring one of the following:

.rhosts
.netrc

The use of the following should be strictly on need basis as per predefined policy:

a. rlogin – remote login
b. rcp- remote copy
c. ftp – file transfer protocol
d. telnet – remote connectivity


3)Restrict su capabilities to a few

4)Role Based Access Control (RBAC)

RBAC can be configured by following:

a. etc/security/auth_attr - deals with attribute related to authorization
b. etc/security/prof_attr - deals with attribute related to profiles
c. etc/security/exec_attr- deals with attribute related to execution
d. etc/user_attr - deals with attribute related to users and roles

5)File System Access Control Lists (FACL)

By following command the FACL information may be obtained:

getfacl –ad

this will give nessacary information like

filename
file owner
file group owner
ACL
Or default ACL

The command setfacl with parameters may be used to set ACLs.

6)Password Aging

The periodic password agiing should be implemented by using

/etc/default/passwd


7)System Log management

This should be done to know

Event logs
SU attempts
Failed login attempts
Last command – who logged in, when and from where

Also the periodic review of /etc/hosts.allow and /etc/hosts.deny should be done
to know the efficacy of SSH.

Ideally logs should be stored in a separate system and access to that system should be only to security administrator. In no case logs should be accessed by system administrator.

Some of the commands/directories/files mentioned above may be specific to a particular flavour of UNIX.


Add Post To: | Digg| Technorati| del.icio.us| Stumbleupon| Reddit| BlinkList| Furl| Spurl| Yahoo| Simpy|

Posted by PassCISA | Permalink |  

Labels:

Readers who visited this post also read :

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 

Home | | | | |

CISA made Easy - Easy CISA Preparation