![[Return to Library]](BOOKSHELF.GIF)
![[Contents]](TOC.GIF)
![[Previous Chapter]](REW.GIF)
![[Next Section]](NEXT.GIF)
![[Next Chapter]](FF.GIF)
![[Index]](INDEX.GIF)
![[Help]](HELP.GIF)
This chapter discusses DECwindows environment features that improve the security of a workstation.
When you log in to a workstation and create a session, your workstation determines which hosts are authorized to access its display. Every user who can log in to an authorized host has the following kinds of access to your workstation:
Users can read the contents of one or more windows on your workstation. When you press a key on your keyboard a character representing the key appears on your workstation screen. Thus, you can see what you type on your screen. Any user on a host that is authorized to access your display could divert your keystrokes to another workstation display. An unscrupulous user could capture and display keystrokes (including your password) on another system.
Users on authorized hosts can send simulated keystrokes to your workstation display. Your workstation software treats the keystrokes the same whether you type them from your keyboard or an application program sends them. Users on authorized hosts can send commands to your workstation and every command is executed under your user login and password. For example, any user on an authorized host could delete all the files in your home directory tree.
Users on authorized hosts can capture a snapshot of any one of your windows or your entire workstation screen, without your knowledge. This snapshot is a static picture of the contents of your display. In general, if you can see it on your display, any user on an authorized host can see the same thing.
![[Previous Section]](PREV.GIF)
Controlling access to your workstation display is the key to creating a secure workstation environment. Your workstation keeps an access control list (ACL), which names the hosts on a network that can access its display. This list is a combination of a system list that your security administrator creates and a personal workstation list that you create.
Remember that hosts that are authorized to access your workstation display can read it, write it, and copy it at any time. Restricting access is the only way to prevent users from taking a snapshot of the contents of your workstation display.
There are three ways to designate which hosts can access your workstation display:
Your security administrator can authorize a host to access a workstation's display by adding the host name to a systemwide authorization file called /etc/X*.hosts. The asterisk (*) refers to the number of the workstation display that the hosts listed in the file can access. The standard display number is 0 (zero). Hosts that are not listed in this file cannot access your workstation display. When shipped with your system, the /etc/X*.hosts file is empty, which means that only your workstation (the local host) can access its display.
Your workstation ACL can allow hosts access to your workstation display even though the system ACL does not. You can thus explicitly authorize other users or yourself, when you are logged in from another host, to display DECwindows applications and programs on your workstation.
Allowing remote systems to access your account on a workstation is a security concern. Check with your security administrator before authorizing additional hosts to use your workstation display.
Take the following steps to authorize other users to use your workstation display:
To remove a host name for the current session:
Users logged in to the host you remove will no longer have access to your workstation for this session. However, the system ACL is checked each time you start a session. Thus, removing a host is temporary if the host is listed in the /etc/X*.hosts file.
The changes you make to your workstation ACL remain in effect only for the current session unless you save them. You can save the changes you make during a session from the Customize menu in the Session Manager window. When you save the changes you make during a session, the hosts listed in the Customize Security box are stored in a file called .Xdefaults, in your home directory. Each time you start a new session, the workstation checks the /etc/X*.hosts system file as well as the .Xdefaults file to determine its ACL.
Any user who can edit the .Xdefaults file could modify the ACL for your workstation display. If that happens, the new list of authorized hosts would become effective the next time you start a session.
Therefore, check your file permissions. Your home directory should deny read, write, and execute access to other, and write access to group. The permissions on the .Xdefaults file should deny all access to group and other. Use the chmod command to change the permissions:
$
chmod 750 $HOME
$
chmod 600 .Xdefaults
The xauth program allows you to run client applications on other workstations that do not share their home directory. You use the xauth program to edit and display the authorization information used in connecting to the X server. You usually use this program to extract authorization records from one machine and merge them in on another (as is the case when using remote logins or granting access to other users). Note that this program does not contact the X server.
Using X authority file utility is the recommended method of securing your workstation. For more information, see the xauth(1X) reference page and the X Window System Environment manual.
DECwindows includes a secure keyboard mode that directs everything you type on the workstation keyboard to a single, secure window. All keyboard input is directed to the secure window, even if you have selected another window for input focus. In secure keyboard mode, keyboard input is read only by the application that created the window.
Secure keyboard mode is useful for protecting sensitive information, like your password, because it prevents users from running applications that might capture your keystrokes. Setting secure keyboard mode in a window prevents users on hosts that are authorized to access your workstation display from reading any keyboard input from that window. For example, if you have a root account on your workstation, always set secure keyboard mode before using su and typing your root password. You can set secure keyboard mode by selecting the Secure Keyboard item from the Commands menu in a DECterm window.
If hosts are authorized to access your workstation display, users on those hosts can still copy the contents of your display at any time. When you use the su or passwd command and type your password, the password does not appear on the screen. Therefore, a static copy of your display will not reveal your password. A static copy could, however, reveal the contents of a sensitive file displayed on your screen. If you are working on sensitive files, do not authorize any host to access your display.
After you select the Secure Keyboard item, the window appears in reverse video, and the toggle button next to the Secure Keyboard item appears highlighted to indicate that security mode has been set.
When you change a secure window to an icon, the secure keyboard mode is turned off. If you want security to be on, you must turn it on again when you change your icon back to a window.
You can create only one secure window at a time. If you try to create a second secure window, you will hear a beep, reminding you that secure keyboard mode has been set for another window. If you hear a beep when you try to set secure keyboard mode, but have not set that mode in any other window on your screen, some other application must have set the mode. If this happens, check with your security administrator to find out which application may have set this mode.
By default, DECterm windows block keyboard and mouse information sent from another computer. This means that users on another system cannot send simulated keystrokes or mouse clicks to your workstation. This security feature prevents unauthorized users from sending potentially destructive commands to your workstation when it is idle.
The ability of a DECterm window to block information sent from another host is set by a resource called allowSendEvents, which is set to FALSE in the .Xdefaults file. Each time you begin a session, DECwindows uses the values in this file to control the appearance and other characteristics of window displays on your workstation.
The following example shows a line in the .Xdefaults file that sets the allowSendEvents resource FALSE, thus blocking users logged in to other host systems from sending keyboard or mouse information to any window that you create.
Dxterm*allowSendEvents: false
Leave the allowSendEvents value set to FALSE to prevent unauthorized users from sending input into your DECterm window and executing commands under your user name.
An application that opens its own window (not a DECterm window) might not block simulated keystrokes from your display. Therefore, if you are running such an application, check your ACL and remove any hosts that are authorized to access your display before working on sensitive files. If you must authorize a host to access your display (for example, to run a remote application), remember to set secure keyboard mode before using the passwd or su commands and typing your password.
In a DECwindows environment, you can pause your current session. This locks your workstation without ending your session. Your screen is cleared, and the system displays the Pause screen. You can resume your session any time without recreating your screen environment.
To put your current session on hold, choose the Pause menu item from the Session menu. Your screen is cleared and the Continue Session box is displayed. To continue your session,: type your password then click on the OK button or press Return.
Once your password is verified, your session resumes.
Workstations present security problems because they are typically found in ordinary offices, rather than the more easily protected environment of the computer room.
It is possible for someone who gains access to a workstation to get superuser status on that system and consequently on other systems. One method is to boot the system into single user mode.
If your office has a locking door, lock the door when you are away from your system.
You must also protect your removable media, such as tape cartridges and floppy disks by locking up all floppy disks and tape cartridges when they are not in use.