1 Introduction for Users

The Digital UNIX operating system is delivered with an enhanced security optional subset. When this subset is installed and configured, the system is referred to as a trusted system. The Digital UNIX enhanced security features result in a trusted system designed to meet the C2 class of trust, as defined by the Trusted Computer System Evaluation Criteria (TCSEC, also called the Orange Book). The system also meets the F-C2 functional class as defined in the Information Technology Security Evaluation Criteria (ITSEC).

Although many of the requirements for maintaining the security of the trusted Digital UNIX system are the responsibility of your site's administrative staff, you have a responsibility, as a user of the system, to help enforce the discretionary controls provided by the system. This chapter explains system capabilities and user responsibilities.

1.1 Enhanced Security Features

The Digital UNIX system without the enhanced security subset installed provides traditional UNIX security, as described in the Digital UNIX manuals. Traditional UNIX security at the user level consists of basic login identification, authentication (password checking) and file permissions (discretionary access controls (DAC)). The following sections describe how enhanced security extends traditional security.

1.1.1 Login Control Enhancements

Enhanced security provides the following features for login control:

Recording of the last terminal used for a successful login
Recording of the time of the last successful login
Recording of the time of the last unsuccessful login attempt
Recording of the number of consecutive unsuccessful login attempts
Recording of the terminal used for the last unsuccessful login attempt
Automatic account lockout after a specified number of consecutive bad access attempts
A per-terminal setting for the delay between consecutive login attempts, and the maximum amount of time each attempt is allowed before being declared a failed attempt
A per-terminal setting for the maximum consecutive failed login attempts before locking any new accesses from that terminal

1.1.2 Password Enhancements

Enhanced security provides the following features for password control:

Configurable maximum password length, up to 80 characters
Configurable password lifetimes
Variable minimum password length
System-generated passwords that take the form of a pronounceable password made up of meaningless syllables, an unpronounceable password made up of random characters from the character set, or an unpronounceable password made up of random letters from the alphabet (all letters are from ASCII)
Per-user password generation flags, which include the ability to require a user to have a system-generated password
Record of who (besides the user) last changed the user's password
Password usage history

1.1.3 Audit Subsystem

One of the most useful features of a trusted Digital UNIX system is that the administrator can use the audit subsystem to hold users accountable for their actions. The audit subsytem records every relevant security event that happens on the system (for example, each file open, file creation, login, and print job submitted).

Each action is also stamped with an immutable audit ID (AUID) of the user who logged on, which allows all actions to be traced directly to a user. Users, by request to the system administrator, can use the audit trail to help recreate past events that affect the security of their accounts and data.

The audit feature is discussed in detail in Chapter 10.

1.2 How to Determine if Enhanced Security Is Installed and Running

If you are not sure if the optional, enhanced-security features are installed on your system, you can check as follows:

$ ls -l /usr/.smdb./OSFC2SEC4??.lk -rw-r--r-- 1 root system 0 Nov 8 11:02 \ /usr/.smdb./OSFC2SEC400.lk

The presence of the lock file (OSFC2SEC400.lk) indicates that the enhanced security subset is installed (but not necessarily running) on your system. If the subset is not installed, you will receive a "not found" message.

To determine if the installed enhanced security is running on your system, enter the following command:

$ /usr/sbin/rcmgr get SECURITY BASE ENHANCED

If the string "ENHANCED" is returned, enhanced security is running. If the string "BASE" is returned, enhanced security is not running.

1.3 User Accountability

A trusted system holds all users accountable for the actions that they perform on the system. When you log in, the system associates an audit ID (AUID) with your processes; the AUID remains stamped on processes regardless of the program being run. Even if you change your real or effective user ID (for example, by using su to become root or another user), the system still knows which authenticated user caused a specific action based on the identity recorded in the indelible AUID. Once stamped, the AUID cannot be changed.

The system maintains an extensive authentication profile describing the characteristics and capabilities of each user - for example, the particular login restrictions on the user.

It is extremely difficult for an unauthorized user to break into a trusted system because of the extra security features added to the login procedure. In addition, in a trusted system you can more easily detect a penetration or attempted penetration into your account. Note, however, that these additional assurances are useless if you do not protect your password.

1.4 User Responsibilities

As a user of a trusted system, you must help protect the information that is stored and processed on the system. Specifically, you must do the following:

Guard your password to protect against unaccountable access to your account.
Apply strict discretionary access controls (file and directory permissions) to protect your data from disclosure or destruction.
Report all suspect activity to the ISSO, so that past events can be analyzed through the audit trail.

A trusted Digital UNIX system provides tools and mechanisms that help the system maintain the level of trust for which the system was designed. These are described in subsequent chapters.