Security mechanism in UNIX

-

 

UNIX employs a variety of security mechanisms to protect the integrity, confidentiality, and availability of data and resources. Here are some of the key security mechanisms in UNIX:

1. File System Security

  • File Permissions: UNIX uses a permission system that controls who can read, write, or execute files and directories. Each file has an associated owner, group, and set of permissions (read, write, execute) for the owner, group, and others.
  • Setuid and Setgid: These special permissions allow users to execute files with the permissions of the file owner or group. This is often used for tasks that require higher privileges.

2. User and Group Management

  • User Accounts: Each user in UNIX has a unique user ID (UID) and home directory. User accounts help to segregate and control access to system resources.
  • Groups: Users can belong to one or more groups, each identified by a group ID (GID). Group memberships are used to manage permissions and access to files and directories.

3. Authentication Mechanisms

  • Password Protection: UNIX systems use encrypted passwords stored in the /etc/shadow file (in modern systems) to authenticate users. This file is readable only by privileged users to prevent unauthorized access.
  • Pluggable Authentication Modules (PAM): PAM provides a flexible mechanism for authenticating users. It allows system administrators to configure authentication methods (e.g., password, biometric, two-factor) and policies.

4. Process Control

  • Process Ownership and Privileges: Each process in UNIX runs with the privileges of the user who started it. System processes run with elevated privileges, while user processes run with restricted privileges.
  • Privilege Separation: By running processes with the minimum necessary privileges, UNIX minimizes the impact of a potential security breach.

5. Network Security

  • Firewall and Packet Filtering: Tools like iptables (on Linux systems) allow administrators to configure firewall rules and filter network packets based on various criteria, enhancing network security.
  • Secure Shell (SSH): SSH provides encrypted communication for remote login and command execution, replacing older, less secure protocols like Telnet.

6. Auditing and Logging

  • System Logs: UNIX systems maintain log files that record system events, user activities, and errors. These logs are stored in files such as /var/log/syslog and /var/log/auth.log.
  • Audit Daemons: Tools like auditd on Linux provide detailed auditing capabilities, allowing administrators to monitor and log security-relevant events.

7. Security Enhancements and Extensions

  • Access Control Lists (ACLs): ACLs provide more granular control over file permissions than the traditional UNIX permission system, allowing specific permissions for individual users and groups.
  • SELinux and AppArmor: These are mandatory access control (MAC) systems that provide additional security by defining and enforcing security policies that restrict how applications interact with the system.

8. Kernel Security

  • Kernel Modules: UNIX kernels can load and unload modules dynamically, allowing administrators to extend kernel functionality without rebooting. This capability is controlled to prevent unauthorized modules from compromising system security.
  • Security Patches and Updates: Regular updates and patches are applied to the UNIX kernel and system software to fix vulnerabilities and enhance security.

9. Encryption and Secure Storage

  • Disk Encryption: Tools like LUKS (Linux Unified Key Setup) provide disk encryption to protect data at rest.
  • Encrypted Filesystems: Filesystems like eCryptfs offer file-level encryption, ensuring data security even if the physical storage is compromised.

10. Resource Quotas and Limits

  • Disk Quotas: Administrators can set disk quotas to limit the amount of disk space and number of files that a user or group can use, preventing resource exhaustion.
  • Resource Limits: Using tools like ulimit, administrators can set limits on system resources (CPU time, memory usage) that processes can consume, enhancing system stability and security.

These mechanisms work together to create a robust and secure environment for UNIX systems, protecting against unauthorized access, data breaches, and other security threats.

Ulasan

Catat Ulasan

Catatan popular daripada blog ini

SISTEM PENGOPERASIAN KOMPUTER (OS)

-
Imej
Sistem pengoperasian merupakan perisian sistem yang terpenting bagi setiap komputer. OS adalah satu atau lebih atur cara yang mengurus operasi CPU,mengawal input/output dan sumber storan dan aktiviti komputer serta pelbagai servis sokongan seperti pengurusan memori,ruang cakera dan lain-lain. DEFINISI OS Sistem pengoperasian atau operating system (OS) adalah set program-program yang dipasang dalam cakera keras. Tanpa OS, sesebuah komputer tidak dapat beroperasi dengan baik. OS sangat penting kepada komputer: TUGAS SISTEM PENGOPERASIAN I. Mengawal, menyelaras dan mengkoordinasi perkakasan. II. Menyediakan antara muka pengguna (User Interface). III. Membolehkan program aplikasi dipasang untuk kegunaan pengguna. TUJUAN SISTEM PENGOPERASIAN KOMPUTER         I.            Memaksimakan produktiviti sistem komputer dengan pengoperasian yang lebih efiksyen.       II.            Komponen penting sebagai antaramuka sistem di antara pengguna dan perkakasan komputer. FUNGSI-FUNG
Read more »

JENIS-JENIS SISTEM PENGOPERASIAN KOMPUTER

-
Imej
Sistem Pengoperasian terbahagi kepada 4 jenis :- i .  Sistem Berkelompok ii. Sistem Multipengaturcaraan iii. Sistem Perkongsian Masa iv. Sistem Agihan a)Pemprosesan Berkelompok Sistem di luar talian telah mengurangkan masalah pergantungan input output kepada tenaga manusia. Dalam usaha untuk menghapuskan langsung ini, suatu teknik yang tertentu diperlukan bagi membolehkan input output dikendalikan serentak dengan pemprosesan. Teknik ini telah dapat digunakan dengan terciptanya dua perkakas yang dikenali sebagai pemprosesan input output atau saluran dan sampukan. Pemprosesan input output seperti yang telah disebutkan adalah satu peranti yang boleh mengawal satu atau lebih periferal atau ingatan tanpa melalui pemproses pusat. Sampukan pula adalah satu isyarat yang memindahkan kawalan pemproses pusat kepada satu lokasi yang tertentu dan pada masa yang sama juga menyimpan nilai pembilang arahan yang lepas. Justeru itu sampukan akan menyebabkan satu-satu aturcara yang
Read more »

JENIS - JENIS ARAHAN SQL

-
1. DATA DEFINITION LANGUAGE (DDL) Penyataan Data Definition Language atau DDL digunakan untuk menakrifkan dan menguruskan sesuatu jadual. Berikut adalah fungsi penyataan DDL : • Menakrifkan dan mencipta jadual yang  baharu • Menghapuskan jadual yang tidak diingini lagi • Mengubahsuai takrifan pada jadual yang telah diwujudkan Walaupun penyataan DDL lebih kepada pengurusan pembinaan jadual, arahan pembinaan pangkalan data dan arahan untuk memilih pangkalan data yang hendak digunakan juga termasuk dalam penyataan ini. ARAHAN SQL BAGI PENYATAAN DDL Berikut merupakan kata kunci arahan SQL dalam penyataan DDL : Kata kunci Arahan SQL Fungsi CREATE DATABASE Membina pangkalan data yang baharu. USE Memilih pangkalan data yang hendak digunakan. CREATE TABLE Menakrifkan dan membina jadual yang baharu. ALTER TABLE Mengubahsuai struktur jadual yang sedia ada. DROP TABLE
Read more »