5.2 Unix-System

Description

Here we deal with a stand-alone Unix system, i.e. one without any links to other computers. Terminals, drives, printers and other devices may be connected. Also, a graphic shell (user interface) such as X Windows may be available. Accordingly, X terminals and graphic input devices may be connected in such cases. The following is based on the assumption that a Unix system will usually be a multi-user system.

Threat Scenario

The following typical threats (T) are assumed as regards IT baseline protection of a non-networked Unix system:

Force Majeure:

• T 1.1 Loss of personnel
• T 1.2 Failure of the IT system
• T 1.4 Fire
• T 1.5 Water
• T 1.8 Dust, soiling

Organisational Shortcomings:

• T 2.7 Unauthorised use of rights
• T 2.9 Poor adjustment to changes in the use of IT
• T 2.15 Loss of confidentiality of sensitive data in the Unix system

Human Failure:

• T 3.2 Negligent destroying of equipment or data
• T 3.3 Non-compliance with IT security measures
• T 3.5 Inadvertent damaging of cables
• T 3.6 Hazards posed by cleaning staff or outside staff
• T 3.8 Improper use of the IT system
• T 3.9 Improper IT system administration

Technical Failure:

• T 4.1 Disruption of power supply
• T 4.6 Voltage variations / overvoltage / undervoltage
• T 4.7 Defective data media
• T 4.8 Discovery of software vulnerabilities
• T 4.12 Lack of authentication possibilities between X Server and X Client

Deliberate Acts:

• T 5.1 Manipulation/destruction of IT equipment or accessories
• T 5.2 Manipulation of data or software
• T 5.4 Theft
• T 5.7 Interception of lines
• T 5.8 Manipulation of lines
• T 5.9 Unauthorised use of IT systems
• T 5.18 Systematic trying-out of passwords
• T 5.19 Abuse of user rights
• T 5.20 MMisuse of administrator rights
• T 5.21 Trojan Horses
• T 5.23 Computer viruses
• T 5.40 Monitoring rooms using computers equipped with microphones
• T 5.43 Macro viruses

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.

In the following, the safeguard package for "Unix system" is set out.

For any connected DOS PCs, the measures described in Chapter 5.1, are to be implemented. It is advisable to install the server in a separate server room or in a protective cabinet. The safeguards required here are described in Chapters 4.3.2 and 4.4. If an office is used simultaneously as a server room, the safeguards described in Chapter 4.3.1 must also be implemented.

In addition, the following measures will have to be taken:

Infrastructure:

• S 1.28 (2) Local uninterruptible power supply [UPS] (optional)
• S 1.29 (3) Adequate siting of an IT system (optional)
• S 1.32 (1) Adequate siting of the consoles, devices with exchangeable data media, and printers

Organisation:

• S 2.3 (2) Data media control
• S 2.4 (2) Maintenance/repair regulations
• S 2.9 (2) Ban on using non-approved software
• S 2.10 (3) Survey of the software held
• S 2.13 (2) Correct disposal of resources requiring protection
• S 2.22 (2) Escrow of passwords
• S 2.25 (1) Documentation on the system configuration
• S 2.26 (1) Designation of an administrator and his deputy
• S 2.30 (1) Provisions governing the designation of users and of user groups
• S 2.31 (1) Documentation on authorised users and on rights profiles
• S 2.32 (2) Establishment of a restricted user environment
• S 2.33 (2) Division of administrator roles under Unix
• S 2.34 (1) Documentation on changes made to an existing IT system
• S 2.35 (1) Obtaining information on security weaknesses of the system

Personnel:

• S 3.4 (1) Training before actual use of a program
• S 3.5 (1) Education on IT security measures
• S 3.10 (1) Selection of a trustworthy administrator and his substitute
• S 3.11 (1) Training of maintenance and administration staff

Hardware/Software:

Access to the Unix system

• S 4.2 (2) Screen lock
• S 4.7 (1) Change of preset passwords
• S 4.13 (1) Careful allocation of identifiers
• S 4.14 (1) Mandatory password protection under Unix
• S 4.15 (2) Secure log-in
• S 4.16 (3) Restrictions on access to accounts and/or terminals
• S 4.17 (2) Blocking and erasure of unneeded accounts and terminals
• S 4.18 (1) Administrative and technical means to control access to the system-monitor and single-user mode

Allocation of attributes / Working with the Unix system

• S 4.9 (1) Use of the security mechanisms of X Windows
• S 4.19 (1) Restrictive allocation of attributes for Unix system files and directories
• S 4.20 (2) Restrictive allocation of attributes for Unix user files and directories
• S 4.21 (1) Preventing unauthorised acquisition of administrator rights
• S 4.22 (3) Prevention of loss of confidentiality of sensitive data in the Unix system
• S 4.23 (3) Secure invocation of executable files
• S 4.24 (1) Ensuring consistent system management

Logging / Security checks

• S 4.25 (1) Use of logging in Unix systems
• S 4.26 (2) Regular security checks of the Unix system
• S 4.40 (2) Preventing unauthorised use of computer microphones
• S 4.44 (2) Checking of incoming data for macro viruses

Contingency Planning:

• S 6.20 (2) Appropriate storage of backup data media
• S 6.21 (2) Backup copy of the software used
• S 6.22 (2) Sporadic checks of the restorability of backups
• S 6.31 (2) Procedural patterns following a loss of system integrity
• S 6.32 (1) Regular data backup

© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 6 April 2000