Security

Introduction to Security for Users

Whether we like it or not, we need to worry about the security of our computing environment. There are people who would take advantage of this computer system if they had any, or more complete, access to it. This could range from the use of computer resources they have no right to, to the willful destruction and/or appropriation of the information we all have online. In order to maintain the level of security in our computing environment that we need, there are some things we all have to take responsibility for. Even though you may not feel like you personally have much to lose if someone had access to your account or files, you have to realize that as soon as someone gains ANY access to our system, it's 100 times easier for them to gain access to ALL of it. So when you are lax with your own account, you are endangering the work and research of everyone else working here.

WHAT YOU CAN DO

Passwords

Your password is the fundamental element of security not only for your personal account, but for the whole UNIX system that we share. Without an account and password a person has NO access to our system. If someone discovers (or you tell someone) your password, not only will they have access to your personal files, but they will have a much better chance to launch attacks against the security of the entire system. Accordingly, password security should be a concern of every user. It is important that your password is *yours and yours alone*. Never tell anyone your password. If someone needs access to some of your files, you can change the permissions and/or setup a new group to control access (see How file permissions work for more information).

To keep people from discovering your password, don't choose one which is easily guessed. The 'passwd' command will not allow you to choose passwords which are too simple, but it cannot prevent you from choosing a password someone might guess from knowing you (or finding out about you), such as your birth date, spouse's name, your street name, license plate, etc. Don't use passwords derived from any personal information about yourself.

Terminal Sessions:

Probably the most common danger to anyone's account is simply leaving the workstation while still logged-in, either to go grab something to eat, or because you thought you had logged out. It only takes a few minutes at an unattended terminal in order for someone to be able to gain access to your account whenever they want. So if you're going to be leaving your terminal, log out, or at least lock the screen. And when you do log out, take an extra second to be sure that you really are logged out. Don't walk away until you see the login prompt, e.g.

        alanine login:

File and Directory Protection:

Even without your password, it's possible for other users to gain access to your files and directories (and even your account) if your permissions aren't set correctly. If you mistakenly allow other users write permissions for critical files, they can easily break in to your account. Specifically, it is very important to keep files such as .cshrc, .profile, and .login protected. Also any other files that these source or call need to be protected as well. Giving other users write permissions on any files or programs that you execute invites their replacement by 'trojan horse' programs, which could cause damage to your files, or even try to get your password from you and pass it along to an intruder. Periodically do an 'ls -alc' command in your home directory and make sure your initialization files have appropriate permissions and modification times that make sense.

Besides write access, the other issue to think about is whether you want other users to be able to read and/or execute your files. The default in UNIX is to make all files accessible (but not modifiable) by other users. For most files, this is fine, but for some, such as class assignments, personal correspondence, or personal financial information, you're going to want to keep them private. You can do this by denying read access to other users. See the man pages on 'chmod' and 'umask' for more information.

Setting your Path:

Users also need to be careful about which directories they have in their default path, because of the possibility of executing trojan horse programs, as mentioned above. If you have in your path any directory which is publically writeable, or even writeable by anybody other than yourself, you may fall into this trap. If you have one of these directories in your path before some directory(s) of system commands, a potential intruder could place a trojan horse program of the same name as a system command in that directory. Then when you try to execute the system command, you get the trojan horse version. The program then has the same access to your files as you do - it could delete your home directory, change permissions on sensitive files, or maybe even con you into entering your password, which it would send on to the intruder.

To guard against this, avoid putting any of these directories in your path, or if you really have to, make sure that all of the system directories and your own directories appear before any that are writeable by anyone else. You should also put the current directory (the "." entry) at the very end of your path to avoid the possibility of executing a trojan horse from the current directory. You should also beware of unexpectedly being asked for your password, as there are very few programs that require this.

Using .rhosts Files

Users' .rhosts files are a common source of break-ins to UNIX systems, because they allow intruders to get access to other systems without needing a password. Because of this we have limited their use by only enabling them for the 'rsh' command and not 'rlogin'. We have imposed the further restriction that only users who specifically request the ability to use them will be able to. If you want to have your .rhosts file enabled for use with 'rlogin', send mail to root.

Detecting Unauthorized Access of your Account:

There are basically two ways to tell if someone has used your password. The individual may alter, remove, or add files and in some cases subdirectories in your directory. You should be aware of what is in your directory, and notice when files appear or disappear. In particular be on the lookout for carefully named files and directories, e.g. do an ls -la and look for entries that begin with a dot and be sure there are no unusual items. Intruders will often name a directory '...' (dot-dot-dot) which to the untrained eye is easily overlooked when you do an ls. Only an ls with the -a option will show these dot files. Also do an ls -lat which will sort your files by modification date, and look to see if any files have changed at times you can't recall modifying them.

Second, you can tell if a user logs in as you. When you log in, UNIX will print the time of your last login. Please check that each time you log in, and notify the facilities staff if the time reflects an unauthorized access. You can also check your last logins by means of the 'last' command. See the man page for details.

PASSWORD PRIMER

Your account password is the key to accessing and modifying all of your files. If another user discovers your password, he or she can delete all your files, modify important data, read your private correspondence, and send mail out in your name. You can lose much time and effort recovering from such an attack. If you practice the following suggestions, you can minimize the risk.

    NEVER give another user your password. There is no reason to do this. You can change permissions and have groups set up if you need to share access with other individuals. Your account should be yours alone.

  1. Never write down your password. Another person can read it from your blotter, calendar, etc. as easily as you can.

  2. Never use passwords that can be guessed, either from personal information about you (birth date, etc.) or from a on-line dictionary. As computers become more powerful, it is possible to run programs that try to crack your password. The intruder compiles a set of words (such as those in the UNIX dictionary) and tries each one on each account on the machine. A person with local knowledge can also try your spouse's name, pets' names, etc. Your account is vulnerable to this type of cracking unless you choose your password carefully.

  3. Change your password every few months. For this you use the 'passwd' command. You need to do this on any machine on which you have an account (run the 'accounts' program for a list). You need only change your password on one machine, and it will be changed for all of them.

  4. Vary the system by which you choose a password. For example, don't repeatedly use combinations like BLUEgreen and REDyellow. If an intruder discovers your pattern, he or she can guess future passwords.

PASSWORD SECURITY IMPROVEMENTS

Since the break-in which eventually resulted in a massive password change, we have studied the security of our systems and have investigated various security measures that could be implemented on our systems to reduce the chances of a recurrence of such an event. In particular, we have made a number of changes to improve password security. The first improvement to the password system is in preventing users from selecting easily guessed or generated passwords. We have integrated into our password program a large number of checks to ensure that passwords that are selected will be difficult to guess or determine, even through automated guessing programs. This improvement in our security is in place and operating.

The second improvement that we have implemented has to do with simplifying password maintenance for the users. This improvement provides the users with the ability to change their password on one machine and have it automatically changed on all machines where they have accounts. This will make it considerably easier for users to change their passwords and will hopefully encourage the users to change their passwords more frequently.

The next improvement deals with password aging. Security problems are often traceable to stale passwords and accounts. These are accounts that have become inactive for one reason or another or the password has not changed for a long time. In our particular environment we have had break-ins via such stale accounts. A password that remains the same for a long time provides an intruder the opportunity to run much more advanced and longer running programs to break such passwords. To address the problem of stale accounts and passwords we have implemented a password aging system. This system requires all users to change their passwords within a one month window at the beginning of the Fall and Spring semesters. News will be posted to tell users when the time has come to change. A reminder message will be posted halfway through the month. Individual users who have not changed their passwords will periodically receive mail reminding them to do so before the end of the month. One month after the first news posting, the passwords of all users who have not voluntarily changed their passwords will be changed for them.

SELECTING A SAFER PASSWORD

To begin, note that we have entitled this section 'safer', not 'safe' passwords. It is impossible to select a totally safe and secure password on a UNIX system. Given enough CPU hours it is possible to break any password. Therefore, the objective in selecting a password is to choose one that raises the amount of CPU time required to break it to an unreasonable value.

The passwd program itself will prevent you from selecting a password that things you should not do in choosing a password. Some of these are enforced by the passwd program and some of them are not. Following this list will significantly decrease the chance of your password being broken. We are also running our own password breaking programs to ensure that passwords selected by our users do not fall into these categories. Users with passwords failing to pass these tests will be required to change their passwords.

  1. Do not use any word or name in any of the dictionaries we have, e.g. /usr/dict/words. Don't 'grep' your new password out of that file, because someone could see the command (by doing a 'w') and get your password in that way.

  2. Do not use abbreviations of common phrases or acronyms, e.g. asits9 (a stitch in time saves nine), wysiwyg (what you see is what you get), or tanstaafl (there ain't no such thing as a free lunch).

  3. Do not use common literary names such as Baggins, Popeye, etc.

  4. Do not use the password you just had, or some minor modification of it.

  5. Do not use any password shorter than 6 characters.

  6. Do not use any password containing your login ID spelled backwards or forwards.

  7. Do not use any password containing one of your names or initials, or any combination thereof.

  8. Do not use any password matching anyone else's login id on the machine.

  9. Do not use any password involving personal data, such as your address, maiden name, relatives' names (e.g. spouse and children first names), pets' names, hobbies, favorite sports teams, etc. Be sure your password cannot be guessed from your .plan file, or from the Department communication list.

  10. Do not use any password matching any host name given by 'ypcat hosts'.

  11. Do not use any password consisting of sequences such as "abcdef".

  12. Do not use any password consisting of consecutive keys such as "qwerty".

  13. Do not use any password consisting of repeated or palindromic sequences.

  14. Do not use any password that looks like a car license number.

  15. Do not use any password which when truncated to 8 chars fits a previous rule.

  16. Do not use any password given to you when your account was set up.

Choose a password that does not fall into these categories, and you make it much more difficult for someone to gain access to your files. A variety of upper and lower case letters with symbols and digits will increase the complexity of breaking passwords.

Passwords can be longer than 8 characters, but anything typed after the eighth character is ignored. Read 15) again.

HOW TO CHANGE YOUR PASSWORD

You change your password by logging in to any department machine on which you have an account and then run the yppasswd program. The program first prompts you for your current password to confirm that you are the person changing it, then asks for your new password, and then asks for your new password a second time to confirm your typing of it. Your password is then changed.

OTHER RECOMMENDATIONS

  1. Don't have accounts you don't use and don't need. Idle accounts are ideal targets for hackers as they provide a place for them to hide.

  2. Minimize the number of guest accounts you sponsor to those actually required for your work and to those that will be used. Don't provide guest accounts to persons who will not be using them, again because idle accounts are targets.

  3. Notify Root immediately when a guest departs so that we can begin account deletion procedures.

  4. Notify Root of any suspicious behavior.

  5. Never log on to a public device and leave the device. This is an open invitation for someone to read, copy, delete, or even more subtly change the permissions on your files.

Press here to return to the Maintaining Your Account Menu.