Lines Matching +full:common +full:- +full:password
47 multi-user systems have some inherent security, the job of building and
60 As yesterday's mini-computers and mainframes
74 .Bl -enum -offset indent
89 Typically, DoS attacks are brute-force mechanisms that attempt
99 Brute-force network attacks are harder to deal with.
100 A spoofed-packet attack, for example, is
105 A user account compromise is even more common than a DoS attack.
114 The result is that if you have any moderate-sized user base,
116 (which is the most common and convenient way to log in to a system)
117 will have his or her password sniffed.
130 User account compromises are very common because users tend not to take the
135 The attacker may know the root password,
137 may find a bug in a root-run server and be able to break root over a network
138 connection to that server, or the attacker may know of a bug in an SUID-root
152 Security remedies should always be implemented with a multi-layered
155 .Bl -enum -offset indent
159 Securing root \(em root-run servers and SUID/SGID binaries
163 Securing the password file
174 Most systems have a password assigned to the root account.
176 first thing you do is assume that the password is
179 This does not mean that you should remove the password.
181 password is almost always necessary for console access to the machine.
182 What it does mean is that you should not make it possible to use the password
207 But we make sure these holes require additional password
224 group in their password entry.
248 intruder to break root if the intruder has gotten hold of your password
257 by using an alternative login access method and *'ing out the crypted password
259 This way an intruder may be able to steal the password
261 root has a crypted password associated with it (assuming, of course, that
277 also add an additional layer of protection to the key pair by password
279 .Xr ssh-keygen 1 .
281 to star-out the passwords for staff accounts also guarantees that staff
295 at all, and you should run a password-protected screen blanker.
299 consider the fact that the vast majority of break-ins occur remotely, over
304 change the password for a staff account in one place and have it immediately
308 password on all machines should not be underrated.
309 With discrete passwords, changing a password on N machines can be a mess.
311 re-passwording restrictions with Kerberos: not only can a Kerberos ticket
313 the user choose a new password after a certain period of time
315 .Sh SECURING ROOT \(em ROOT-RUN SERVERS AND SUID/SGID BINARIES
317 Be aware that third party servers are often the most bug-prone.
373 servers as root and rely on other mechanisms to detect break-ins that might
376 The other big potential root hole in a system are the SUID-root and SGID
385 the system-default SUID and SGID binaries can be considered reasonably safe.
401 If an intruder can break an SGID-kmem binary the
404 and thus read the crypted password
417 program or emulator with a keyboard-simulation feature, the intruder can
424 draconian access restrictions on your staff and *-out their passwords, you
433 required, but still a very good solution compared to a crypted password
435 .Sh SECURING THE PASSWORD FILE
436 The only sure fire way is to *-out as many passwords as you can and
439 crypted password file
443 attacker cannot obtain root-write access.
446 the password file
514 read-only.
516 what you attempt to protect may prevent the all-important detection of an
520 Any super-user process can raise the level, but no process
523 .Bl -tag -width flag
524 .It Ic -1
525 Permanently insecure mode \- always run the system in insecure mode.
528 Insecure mode \- immutable and append-only flags may be turned off.
531 Secure mode \- the system immutable and system append-only flags may not
554 Highly secure mode \- same as secure mode, plus disks may not be
561 while the system is multi-user.
568 Network secure mode \- same as highly secure mode, plus
610 limited-access system.
611 Writing your security scripts on the extra-secure limited-access system
614 limited-access box significant access to the other machines in the business,
615 usually either by doing a read-only NFS export of the other machines to the
616 limited-access box, or by setting up SSH keypairs to allow the limit-access
622 limited-access server is connected to the client boxes through a switch,
624 If your limited-access server
626 of routing, the NFS method may be too insecure (network-wise) and using SSH
627 may be the better choice even with the audit-trail tracks that SSH lays.
629 Once you give a limit-access box at least read access to the client systems
639 the client-box files boxes at least once a
646 information the limited-access machine knows is valid, it should scream at
689 week, since the object of this layer is to detect a break-in whether or
690 not the break-in is effective.
695 is a relatively low-overhead feature of
696 the operating system which I recommend using as a post-break-in evaluation
700 the break-in occurs.
707 break-in.
727 .Bl -enum -offset indent
736 A common DoS attack is against a forking server that attempts to cause the
754 Note that spoofed-IP attacks will circumvent
760 Some standalone servers have self-fork-limitation parameters.
787 separate from the queue-runs
789 If you still want real-time delivery you can run the queue
808 with connect-back services such as tcpwrapper's reverse-identd, which can
810 You generally do not want to use the reverse-ident
817 services from network-based root compromise.
823 ports A, B, C, D, and M-Z
830 and other internet-accessible services.
838 high-numbered port range on the firewall to allow permissive-like operation
853 internet-accessible ports, of course).
855 Another common DoS attack is called a springboard attack \(em to attack a server
858 The most common attack
869 A second common springboard attack is against the ICMP error reporting system.
902 .Xr inetd 8 Ns -internal
943 key-forwarding in the SSH configuration, or that you make use of the
959 with backwards-compatibility shims to accept the existing names.
967 .Bl -tag -width security.bsd.unprivileged_proc_debug
980 sub-jails.
990 Controls availability of the process debugging facilities to non-root users.
996 Tunable, amd64-only.
998 tables are sanitized to prevent so-called Meltdown information leak on
1009 cross-process ret2spec attacks.
1026 Controls force-flush of L1D cache on return from syscalls which report
1037 The error codes exclusion list is composed of the most common errors which
1041 Controls force-flush of L1D cache on NMI;
1060 and do not serialize off-core memory accesses.
1062 Controls system-global Address Space Layout Randomization (ASLR) for
1063 normal non-PIE (Position Independent Executable) 32-bit ELF binaries.
1067 mode, also affected by the per-image control note flag.
1069 Controls system-global Address Space Layout Randomization for
1070 position-independent (PIE) 32-bit binaries.
1075 Enable randomization of the stack for 32-bit binaries.
1079 ASLR control for 64-bit ELF binaries.
1081 ASLR control for 64-bit ELF PIEs.
1083 ASLR sbrk compatibility control for 64-bit binaries.
1085 Controls stack address randomization for 64-bit binaries.
1087 Enables non-executable stack for 32-bit processes.
1090 Enables non-executable stack for 64-bit processes.
1093 32-bit processes.
1096 64-bit processes.
1107 .Xr xdm 1 Pq Pa ports/x11/xorg-clients ,