Essays24.com - Term Papers and Free Essays
Search

An Overview Of Unix Security

Essay by   •  November 5, 2010  •  1,368 Words (6 Pages)  •  1,298 Views

Essay Preview: An Overview Of Unix Security

Report this essay
Page 1 of 6

An Overview of UNIX Security

Michael A. DeGrosse

POS/420

Mr. Richard Bohn

August 7, 2006

An Overview of UNIX Security

The purpose of this paper is to analyze the security of UNIX. Considerations shall be given regarding generalized security aspects of a typical UNIX system. The ultimate scope of the following presentation shall remain within the boundaries of a few of the more critical UNIX security aspects. Of particular note will be discussion regarding standard user access, root access, file system security, and internet access precautions. This will not focus on specific measures used to implement security, but rather will investigate both pros and cons typical of a UNIX installation. Finally, a brief description of UNIX security versus other operating systems will be noted.

Since no two UNIX-based operating system builds are exactly alike, it is important to note that each build may have its own inherent security flaws. For example, in 2002 a buffer overflow issue existed within Linux which could potentially make all Linux builds vulnerable (PCWorld). However, this flaw involved only elements which were specific to the Linux kernel and did not impact other build versions such as those specific to Solaris. Nonetheless, while different security flaws may exist, many builds share similar security features, including the specific security aspects noted in this paper's scope.

Virtually all UNIX-based or UNIX-like systems require specific log on procedures. Depending upon an individuals access permissions, one is generally assigned an account or group with which to access terminals or workstations. User accounts, as these are typically described, can generally be assigned different access credentials depending on that individual's requirements. For the most part, user accounts have a limit to which actions one can prescribe, thereby protecting the rest of the UNIX system from any intentional or unintentional attack.

Of the utmost security concern is the protection of the root account. The root account allows a user absolute control of the system, including the ability to alter practically every aspect of the systems, from individual files to installed programs. Indeed, an entry in Wikipedia.com notes, that a UNIX administrator should be much like Clark Kent, only using the root account, or becoming Superman, when absolutely necessary, lest the security of the account be compromised (2006). Ultimately, this implementation represents a near surefire way to protect the system against many internal and external threats. By ensuring regularly scheduled root account password changes and ensuring the passwords are strong, the cons noted previously should be relatively easy to avoid.

File system security is also very important regardless of the UNIX implementation. UNIX files system security generally allows access permissions to be granted to various defined users and groups. UNIX also contains an access right flag know as the "sticky bit". The sticky bit can be used to allow users and groups write access to certain directories within the system. Similarly, the sticky bit can be used by a user to disallow other users with access to the same directory to alter the contents of the file. The file can only be altered by the file owner, the directory owner, and the root account (linuxdevcenter.com, 2006). This particular element allows for a great deal of control across the user level while at the same time [Redundancy, consider either "while" or "at the same time."] ensuring the administrator or super user has total access.

UNIX internet security tends to be an area with relatively few issues in comparison to other operating systems, particularly Microsoft Windows-based systems. Indeed, the vast majority of internet servers in the world are UNIX-based, and running the Apache web server. Typically, virus and worm threats are far fewer than Microsoft systems. Additionally, since UNIX access permissions to the operating system's kernel are the domain of only the root user, few security holes can be exploited. Security holes do crop up periodically and most commercial distributions are patched relatively quickly. Patch management is of extreme importance when administering a UNIX system. The longer a UNIX system goes without critical updates the more vulnerable it becomes to potential attacks. Nonetheless, the definitive truth is that UNIX systems enjoy a relatively low number of external threats. Apparently, Windows is just too soft a target for intrepid hackers to ignore. UNIX has been around for nearly three decades and has a level of stability and security Windows systems have yet to surpass. On a slightly unrelated note, many flavors of UNIX exist in freely distributed forms. While these free builds may not offer the level of technical support as commercial versions, for many companies the selection of free versions allow them a greater degree of control over the operating system environment. Of course these freely distributed versions may require a greater degree of in-house product support, thereby negating the cost savings of using non-licensed UNIX builds. Ultimately, the pros and cons of a free or commercial build must be weighed carefully.

To summarize, UNIX security, when appropriately maintained provides a high degree of defense against would-be attackers. UNIX offers a deep level of customizability with regard to user access, far beyond the current level offered by Microsoft products. By restricting kernel access only to the super user or root account, UNIX eliminates a large number of potential assaults. However, the significance of UNIX root accounts cannot be underestimated. While at once a defining and important characteristic of UNIX system, it is at the same time a potentially great [The word "great" is considered informal for academic writing. ] weakness. Of course this simply necessitates the need for carefully planned security protocols and security measures. Ultimately, Microsoft's visibility causes its products to be targets of many hacks and worms and while surely not the only reason for Microsoft fallibility, the problems are rampant enough to warrant a closer look at the more stable UNIX products. With clearly and thoroughly defined permissions, careful security administration, and appropriate documentation, there exists little reason why

...

...

Download as:   txt (8.8 Kb)   pdf (113.8 Kb)   docx (12.6 Kb)  
Continue for 5 more pages »
Only available on Essays24.com