S 5.38 Secure integration of DOS PC's into a Unix network

Initiation responsibility: Head of IT Section, IT Security Management, Administrators

Implementation responsibility: Administrator, IT users

DOS PC's can be integrated into Unix networks in various ways. In general, PCs have weaker security mechanisms than Unix systems. Everyone with access to a PC can administrate it, thus being able, for example, to change settings or install software.

By installing the appropriate software, a networked PC can be used to eavesdrop the network. Therefore only authorised users may have access to a PC (see also S 1.23 Locked doors and S 2.6 Granting of site access authorisations). Moreover, measures must be taken to ensure and regularly monitor that software cannot be loaded without supervision (see also S 2.9 Ban on Using Non-Released Software and S 2.10 Survey of the software held).

In addition, it is easily possible by changing the configuration of a PC, to fake any computer ID and thus carry out a masquerade. This means that when using RPC on the Unix server no trusted hosts must be defined. Trusted hosts are systems which are regarded as trustworthy and from which you can log in (using rlogin) or perform a command (using rsh) without giving a password. This is set in the $HOME/.rhosts and /etc/hosts.equiv files on the Unix server. It must be ensured that the $HOME/.rhosts and /etc/hosts.equiv files are not available or are empty and that the user does not have access permission to them (see also S 5.20 Use of the security mechanisms of rlogin, rsh and rcp).

If PC's are connected to a Unix network via NFS, the following points should be noted:

• On an NFS server every file system or directory which can be mounted by other computers must be entered in a file (e.g. /etc/exports or/etc/dfs/dfstab). The access rights of the NFS clients to the released file systems are also set in this file. When using NFS, care must be taken on the Unix server that directories are only released for mounting where absolutely necessary.

• In order to avoid root rights being acquired through NFS, no root access must be granted for exported file systems on the Unix server as would be possible using the " root=" option. Under no circumstances may root access be given to a PC in this way.

• When copying files from a PC to a Unix system via NFS or ftp it can happen that the attributes are set too freely. You must always check whether this is the case and change the umask if necessary.

Computer viruses occur mainly on DOS PC's. When PC's are networked with Unix systems, viruses can spread by infected programmes passing from PC to PC. The same measures should therefore be taken here as when exchanging programmes using data media or remote data transfer (see also S 4.3 Periodic runs of a virus detection programme). Whereas file viruses only represent a threat within a DOS emulation system, viruses which change the boot sector of Intel-based systems like PC's can also be a threat to Unix systems on Intel platforms; and the greatest danger to Unix systems from computer viruses comes from PC's which have mounted a Unix system using NFS. Viruses which delete or alter files or directories on a PC can also access mounted directories and destroy them. So when opening directories for mounting, the access permissions must be allocated as restrictively as possible, in particular read-only access should be given for directories using the ro option ( read only). Apart from this, users on Unix should set the attributes for their files and directories as restrictively as possible, so that other users cannot access them, or so that no writing access is possible for files which are not regularly changed. This should be pre-set using an appropriate umask.

Additional controls:

• Are the permissions associated with NFS directories too wide-ranging?

• Are network access points sufficiently protected (organisationally or technically)?

• Are the RPC configuration files correctly set?