![]() ![]() I have heard the phrase “I need root” more times than I care to remember. In a Unix/Linux environment, many people need or at least claim to need superuser privileges. The root account provides the highest and broadest level of control (god-like privileges), so protecting root access must be a priority. It’s not just these systems that you must protect it’s the applications and the data stored on them.Īll Unix and Linux systems suffer from the same weak point – the “root” account. Linux has now become the most common, go-to operating system for computer hardware and even mainframes these days. Your mission-critical applications, such as web servers, database servers, and application servers, are more often than not running on Unix/Linux. Simply put, Unix and Linux systems are high-value targets for cyber criminals. Why should you focus on Unix and Linux security? If you don’t include Unix and Linux in your security strategy, you’re leaving open some of the most vulnerable and high-value targets prone to attack. Just imagine the work when an employee leaves your organization and all the places and permutations you’d need to check to revoke their access. You need to assign privileges to users across multiple different accounts, including LDAP, local accounts, and Active Directory. Even those that try to leverage LDAP end up with overly complicated configurations and spend many hours managing multiple directories that are separate from Active Directory. Some companies have tried to design and integrate their own synchronization or provisioning tool, none of which have shown much success. Imagine the work when an employee leaves your organization This approach is a violation of least privilege best practices and makes it difficult to know who is using the system and what they are doing, which then makes compliance reporting and forensics in the case of a breach quite challenging. Others still use generic shared accounts and control privileged access to those shared accounts. ![]() Users struggle to remember their credentials and compliance becomes more or less impossible.Īdministrators have turned to numerous different workarounds and configurations to try and ease this burden, with varying success and still resulting in too many local accounts on their system. It’s a lot of work for administrators to keep things secure. With a user’s attributes tied so tightly to the file and folder permissions on a Unix host, which is something else that hasn’t changed much since the early days of Unix, user, group, and permission management quickly becomes a tedious and time-consuming task. I might be Pharper with a capital P on the first one, pharper on the second, p.harper on the third, and so on. You can easily end up with different usernames, UID’s, PGID’s, GID’s, home directories, login shells, and, of course, passwords on each system. But, when you have multiple servers, a single user becomes multiple and it’s very easy to start mixing things up and create a mess. If you have a single host with one user, there’s no problem with management. One thing that hasn’t changed much in all these years is that every Unix server, and its open-source cousin Linux, has a local database of users and groups. Unlike the linear progression of Windows operating systems, in which most organizations use a single version until it is replaced, many flavors of Unix are in use at the same time, even within a single organization. What started in Bell Labs 40 years ago has spawned more than 150 variants of Unix in use today. ![]() Over its long history, Unix has evolved and changed in many different ways. ![]() Security models have struggled to match the evolution of Unix. ![]()
0 Comments
Leave a Reply. |