Effectively Manage Passwords and Logons
To secure your NT-UNIX network, you need to effectively manage the logon process, which starts when users create passwords. In most organizations, the logon name is user friendly and fairly easy to discern (e.g., msmith for Mary Smith). This practice leaves the password as the key to securing access. You must give users guidelines on how to create passwords that hackers won't easily discern. For example, tell users not to create passwords that use their name or use pop culture words (e.g., rollingstone or xfiles). Instead, users need to create passwords consisting of alphanumerics that would make little sense to a third party.
Because the person bent on viewing unauthorized data or destroying files is as likely to be an individual down the hall as a wizard in a remote location, you need to remind users that they must not write or verbalize their passwords. Also, tell users that they need to be aware of those who can observe them typing their password; replicating keystrokes is a simple task.
Hackers maintain a dictionary of words and run an automated process in which the words in their dictionary are tried against a user's account. In NT and many UNIX variants, you can set a lockout option that will freeze a user's account if the person submitting the password surpasses the specified number of logon attempts. In UNIX variants with lockout options, the systems administrator can generally set up the frequency as part of the user management or add user functions. To account for users accidentally typing in the wrong password, we recommend that you set the lockout option at three or four attempts.
The Administrator account in NT doesn't have a lockout option. Microsoft Windows NT Server 4.0 Resource Kit has a lockout utility, PASSPROP/ADMINLOCKOUT. An alternative approach is to change the administrator's logon name to a non-obvious descriptor. Hackers must then identify both the administrator's logon name and password to get into the system. To further frustrate hackers, you can set up a bogus account in User Manager for Domains without rights or privileges under the administrator's old name.
Effectively Manage User and Group Accounts
If hackers breach your NT-UNIX system through a user's account, how you manage permissions and ownership determines the amount of damage that hackers can inflict. Systems with loosely configured rights are prime targets for devastation. If hackers breach NT's Administrator account or UNIX's root superuser account, they can do irreparable damage.
NT and UNIX OSs embrace the same basic principles of permissions and ownership. In both OSs, files can have no permissions or a mixture of read, write, and execute permissions. (NT also has delete, list, change permission, and take ownership options.) In both OSs, ownership is based on the rights of who can administer an object and provide individual user and group privileges. The OSs don't tie ownership with membership unless you instruct them to. In other words, just because a user is a member of a group that has access to an object, you cannot infer that the user has ownership of that object.
Most security problems arise from improperly managing user and group accounts. To let coworkers access information, users typically give them write permissions to their $HOME directory. This permission setting provides an open invitation for anyone to view, change, and copy data.
You can create a more secure system by setting up group rights. You can create NT local and global groups by selecting New Local (or Global) Group in User Manager for Domains. In UNIX, you use the /etc/group file to add system groups and, in turn, give users the ability to add members to those groups and assign file permission levels. Users can assign privileges to a group at the appropriate read, write, and execute levels.
For a highly secure UNIX environment, you can use umask, a UNIX utility that lets you establish default file permissions within a global or user-specific /etc/profile or .profile script. You can also set similar default settings through NT's Permissions dialog box in the Properties file. You can initially protect the users' $HOME directory until they take deliberate action to share files with a designated group. You must encourage users to minimize coworkers' access to their files.
When users share file systems and resources, you must take special measures. As a general rule, you need to maintain the default file system rights that NT and UNIX set on the root, or system, directories. If needed, you can then control permissions to devices on the user and group levels. NT permits excellent gradation of resource permissions.
Physically Secure Your Network
Underestimating the importance of physical security can be a fatal mistake. Popping open the cover of a server is easy. After a hacker is inside, pulling a hard disk takes only seconds, and the organization's data is out the door.
Consider another scenario. With some UNIX variants, possessing the boot disk is like having the key to the castle. If disgruntled employees get a boot disk and gain access to a server's 3.5" drive or CD-ROM drive, they can erase all data on that server or gain access to the root console, opening the door to the entire system.
The same scenario can occur with NT systems that have FAT partitions. Disgruntled employees can easily boot these systems with a DOS disk. Microsoft designed NTFS partitions to prevent such intrusions. However, utilities are now available (such as ntfsdos.exe) that let users boot NT with NTFS.
So what can you do to prevent this type of abuse? Common sense dictates placing servers in a secured room or locking components into place. More sophisticated solutions include the use of smart cards, fingerprint scanners, and digital signatures. Using BIOS-level passwords is another line of defense. And don't forget to disable hardware components when you aren't using them.
Ensure Data Integrity via Backups
Although people do not usually view these tasks as security measures, regularly conducting data backups and securing your data backup system are fundamental to a secure NT-UNIX network. Performing regular backups is critical to restoring operations in the event of a damaging virus or hack job. Equally important is what you do with the backup media. At a minimum, you need to store backup media in a secure environment. Also, you need to consider archiving and storing a second set of backup media in a secure remote location.
Monitor Applications
Managing software licenses is another task that administrators don't often regard as a security measure. However, licensing is typically one of the largest IS investments. Thus, theft and piracy are major problems. As the systems administrator, you are responsible for distributing the media and preventing unauthorized copying or theft.
As the systems administrator, you are also responsible for removing and preventing the installation of unauthorized applications. Installing software from unknown sources might introduce computer viruses and Trojan horses to your network. (A Trojan horse is a program that supposedly performs one task but does something very different.) Unauthorized software can produce leaks or modify system properties. Even loading network-monitoring tools can open security holes if you install the tools incorrectly.
In case a virus or Trojan horse gets into your system from unauthorized software or another source, you need to carefully maintain proper permissions and ownership policies to minimize damage. Viruses and Trojan horses generally can't cause harm when you deny them access. In addition, installing antivirus software is a good idea. This software is readily available for NT. UNIX antivirus software is slowly becoming commercially available.
Don't Make These Mistakes
The biggest mistake that systems administrators can make is to take security lightly. Another mistake is to underestimate how far a hacker will go to gain access for profit or enjoyment. To secure an NT-UNIX environment, you need to develop and implement a plan that is comprehensive yet unobstructive. A plan incorporating the eight components we've just discussed is a good place to start.