security for large sites

[Ray Shwake]

bernie at DIALix.UUCP (Bernd Felsche) writes:

>	I suggest that you read Kochan & Wood's "UNIX System Security" to
>	get informed.

ABSOLUTELY! I picked up a copy shortly after its appearance, and found
much on which to build. [Query: Anyone know what's been added/changed in
the Second Edition?]

>	UNIX system security is largely a matter of management.  If your
>	system lacks security, the reason is self-evident.

VERY TRUE! Admittedly, one can do more with C2/B1/... systems, and others
designed specifically to enhance the essential security provided in UNIX.
A security guide developed years ago by our security task force included,
up front, guidance for Managers, Administrators and Users in support of
computer security. 

On the other hand, some "secure" implementations are such administrative
headaches and require so much in the way of additional resources that
people do what they can to keep it out of their way - i.e. they compromise
it. Any comments from System V/MLS users?

>	For any installation, at any time, there should only be one
>	person who knows the root password.  Installation size is
>	irrelevant.  In case of DDD (disaster, disease or death) the
>	password can be retrieved from a sealed envelope, stored in a
>	secure but visible location. 

In many organizations, this is simply unrealistic. I served for several
years as LEAD administrator over a small group that I could rely on as
necessary. "Sealed envelopes" may serve Karnak's requirements, but don't
usually serve those of system administrators.