Chapter 16. System Security

Keeping the system’s information secure is one of the system administrator’s primary tasks. System security involves protecting data against loss due to a disaster or system failure. In addition, it is the system administrator’s responsibility to protect systems from the threat of an unauthorized intruder and to protect data on the system from unauthorized users. Some of the worst disasters I’ve seen have come from authorized personnel—even system administrators—destroying data unintentionally. Therefore, the system administrator is presented with two levels of security: protecting data from accidental loss and securing the system against intrusion or unauthorized access.

The first scenario—protecting data from accidental loss—is easy to achieve with a full system backup scheme that you run regularly. Regular backups provide protection in the event of a disaster. If a user accidentally destroys data, if the hardware malfunctions, or if a computer program simply corrupts data, the system administrator can restore files from the backup media. (Backup and recovery techniques are covered in Chapter 20, “Backup and Recovery.”)

The second form of security—securing the system against intrusion or unauthorized access—is more complex. This book cannot cover every security hole or threat, but it does discuss UNIX security fundamentals. Protection against intruders involves the following:

• Controlling physical security Limit physical access to the computer equipment.

• Controlling system access Limit user access via passwords and permissions.

• Controlling file access Limit access to data by assigning file access permissions.

• Auditing users Monitor user activities to detect a threat before damage occurs.

• Controlling network security Protect against access through phone lines, serial lines, or the network.

• Securing superuser access Reserve superuser access for system administration use only.