D E C E M B E R 1 9 9 9
Subscription Information

Computing News Back Issues

Computer Security

Computing Infrastructure Support (CIS)

CIS Services

Computing Standards

Software Downloads

Y2K Info

CIS Computer
Help Desk

CIS Help
Request Form

Unix Services
ISS
IMAP4
Calendaring


Unix Support Group Now Offers Security Tune-ups

The Unix Systems Group in the Computing Infrastructure Support Department is now offering a security tune-up service for users of Unix workstations. This service is offered for a flat fee of $90 — the cost of only one hour of desktop support — as an incentive for users to have the security on their UNIX system checked and updated.

According to Group Lead Gary Jung, a number of network services running on many workstations pose security vulnerabilities. Although they can be patched, doing the job right requires expertise, software and time. One of the biggest problems, he adds, is that users may have a number of vulnerable network services running on their machines, but are often unaware of potential problems. Hackers are looking for exactly these kinds of vulnerabilities to exploit, Jung said. The security tune-up reviews what services are running, turns off those which are not used and applies security patches to the ones being used. This can greatly reduce the possibility of a security compromise.

Among the services included in the tune-up are:

  • Installation of up-to-date security patches. This is one of the most important things to do.

  • Turn off unnecessary network services. Usually, the default system installation leaves many network services running that are not needed by the user and can be potential security problems.

  • Installation of TCP Wrappers. TCP Wrappers allows a workstation to effectively restrict network services such as telnet and FTP to only LBNL machines and user-specified remote machines.

  • Secure Shell installation. This software effectively eliminates the use of clear-text passwords when a user connects to a remote site. This reduces the possibility of a hacker "sniffing" a user's password when the user connects to a remote machine.

  • Installation of DOE security notification banners, as required by Lab policy.

The Lab's Computer Protection Program regularly sends out announcements of newly discovered security vulnerabilities and fixes, but keeping up with them can be a chore, Jung says. The never-ending series of potential loopholes is also a good reason to have your system's security checked on a regular basis.

To see a website listing recommended configurations, go to: http://www.lbl.gov/ICSD/CIS/UNIX/security. The site also contains links to security software for employees who want to do their own security check-up.

For more information about this and other services provided by the Unix Systems Group, contact Jung at X4894, GMJung@lbl.gov, or Mark Hankins at X2932, MHankins@lbl.gov.

  
Return to Computing News