Digital UNIX System Administrator's Guide

This chapter describes several important aspects of Digital UNIX system security. As a system administrator, you are responsible for the overall security of the system, which includes both physical system security and Digital UNIX operating system security. By default. Digital UNIX is installed with a minimal security configuration, which may be sufficient for a noncritical, single-user workstation. For a Digital UNIX system that supports a mission-critical application or is connected to the Internet, however, this default minimal security configuration may be inadequate. The purpose of this chapter is to address these enhancements with the goal of a more secure Digital UNIX system. The following topics will be covered:
Physical Security
Resetting Passwords
Log-in Controls
The Trusted Host facility
Enhanced Security
Prior to beginning our discussions, it is important to understand the history and implications of implementing security on a UNIX system. UNIX was originally developed in a research environment with little thought given to security. The scientists at Bell Labs created UNIX for their own use, and such facilities as passwords and file permissions were avoided. This was the origin of the belief that UNIX is an inherently insecure operating system. UNIX can be configured to be completely insecure, of course, but so can any other computer operating system. Conversely, most modern implementations of UNIX, Digital UNIX included, provide facilities and tools to secure the system as tightly as necessary.
The issue of physical security should be covered before moving onto operating system...