Administering Standalone Versus Networked Systems
Next: Improving Security of
Up: Improving Security in
Previous: Improving Security in
Security precautions that should be taken when administering
standalone systems also apply to networked systems. Although
a discussion of security threats for standalone systems
is out of the scope of this report, the following
is a list of several security precautions to consider when
administering a system regardless of whether the system is
standalone or connected
to a network.
- Avoid weak passwords, i.e., passwords that are easy to crack.
- Make use of file access control, auditing, and backups.
- Check with vendors and install all applicable security-related
- Limit readability and writeability of system files.
- Regularly check system binaries against copies from distribution media
to verify that programs have not been modified.
Binaries for common network access procedures, such as rlogin,
rsh, rcp, ftp, telnet and uucp are particularly
vulnerable. Altered versions of these binaries can allow unauthorized
access to the system.
- Examine all commands or scripts that run automatically at specified
dates and times, e.g., for SunOS
cron and at can be used to execute commands and scripts
at specified dates and times. These commands could be useful to a
- Check for unauthorized setuid and setgid programs, i.e., check
for programs that grant special privileges to the user who is executing
- Protect modems and terminal servers.
It is common for workstations to be primarily used by an
individual user. As a result, individual users are forced to
become system administrators.
Users of individual systems may either not have the knowledge to
securely configure their workstation, or may decide to sacrifice security
In order to protect against unauthorized use,
systems should be responsibly administered, regardless
of whether they are standalone, or networked single-user or multi-user
Fri Oct 7 16:17:21 EDT 1994