Securing a Unix Dedicated Server
By Ownerby The Hosting News Staff
When securing a Unix dedicated server, it is of utmost importance that the system administrator (admin) is fully versed in the basics of Unix. In theory, Unix is a time-sharing operating system. The standard interface provided is simple and can be easily customized or replaced by some other interface.
The file system is implemented as a multilevel tree and thus supports the concepts of directories and sub directories. User files are considered as a stream of bytes. Disk files and I/O are treated similarly, making the usage of system device independent. A simple CPU scheduling algorithm like priority algorithm is used.
Unix has high flexibility as it was essentially designed by programmers for programmers. The main features of Unix can thus be listed as follows:
Multi-user time sharing operating system
Multitasking operating system
Portability
Modularity
System security
File structure and security
Device independence
Communication
The Unix dedicated server comes with several hundred supplied programs in terms of utilities and tools, which provide a rich and productive environment to create bigger modules from smaller ones. Integral utilities are parts of the Unix dedicated server that provide necessary support to the operating system for the practical operation of a computer with Unix line command interpreter.
Computer system security means protecting computer hardware and information contained within the system. Threats to the system can be both internal and external. External threats include unauthorized access to the computer system, unauthorized tapping of data being transferred over the network, fire, and electric power faults.
Internal threats are of a more serious nature like destruction of software data by mistake or on purpose, examination or access of sensitive data by unauthorized users, or alteration of this data.
Unix dedicated server provides several safeguards in terms of:
Password protection for system access
Control of access to individual files
Encryption of data files
Encryption of passwords
System accounting functions
System administrators also have to take into consideration the file structure and security of the Unix dedicated server. Unix uses a hierarchical file system for easy maintenance. It has a consistent format for files, the byte stream, making application programs easier to write.
The Unix dedicated server permits more than one user to update the same file at virtually the same time. However, if two users update the same file at exactly the same time, problems that affect the integrity of the data may occur. For example, the write operation of one user can undo the one just performed by the other user. To minimize these problems, file, record locks and explicit permissions are implemented.
In a Unix dedicated server, one of the design principles is to treat disk files and I/O devices as files from a user’s perspective – thus, safeguarding the user from the intricacies of the device. This provides device independence to the user. The hardware devices are given names in the file systems. These device special files are though known to the kernel as device interfaces, but are accessed by the user in the same way as other files.
All data in a Unix dedicated server is arranged in files; so it is essential to understand the Unix file system, both on a logical level, and also as it is implemented on the physical device. The routine tasks of a system administrator range from maintaining security, performing backups and disk management, to providing reliable service to all users. But non-routine system problems can be quite grave and unexpected. To handle all these problems effectively, the admin should have thorough knowledge of practically every system component.
An administrator is responsible for the installation of all system peripherals and has to take into account the interrupt requests of the various devices and ensure that they will not clash and that the I/O addresses are specified properly. A Unix dedicated server provides a special login name for the exclusive use of the admin; it is known as root. This account comes with every system and does not need to be separately created.
The admin has tremendous powers, and generally, any command given by the administrator has a greater chance of being successfully executed as compared to the commands issued by other users. There are many commands which only the admin can execute; no other user will be able to execute them at all.
Installation dependent parameters are specified by the admin through system configuration. The system configuration can be done at three stages:
First, the admin can hard-code configuration data into files that are compiled and linked when building the kernel code.
Second, the admin can supply configuration information after the system is already running; the kernel updates internal configuration tables dynamically.
Third, self-identifying devices can be used to enable the kernel to recognize which devices are installed. The kernel reads hardware switches to configure itself.
The kernel is the master program of the Unix dedicated server that interacts directly with the hardware of the computer, through device drivers that are built into the kernel. The Unix dedicated server deals with two-core components – the files and the processes. The kernel houses data structures for both of these. It manages each one individually as well as the communication between them. If a user program requires kernel services, then it needs to use standard library functions, which in turn map the primitives to respective system calls.
Two tables called the block device switch table and the character device switch table are used to describe the kernel to the driver interface. Each device type has entries in the table that direct the kernel to the appropriate driver interfaces for the system calls. The open and close system calls of a device file pass through the two device switch tables, according to the file type.
A Unix dedicated server also has mount and unmount commands, which are used for mounting and unmounting file systems. The end result of mounting is that the user sees a single file system, and the fact that the file that seems moved from one directory to another was actually moved between two hard disks is hidden.
This overview should help one understand the various considerations in securing a Unix dedicated server, and present security as a top priority when administrating a server.
