Thanks to :
Fletcher, Joe
Stan Horwitz
Guerette, Michael
John Tan
Mark B
Ram Rao
They sent me a good variety of web pages to look at:
http://www.usatoday.com/life/cyber/tech/cth950.htm
http://www.cert.org/
http://www.mono.org/~arny/
http://www.cotse.com/
http://www.astalavista.com/
Ram Rou also sent a very good statement that gets to the meat of it for most
customers. I include it here with his permission:
Here is a note I put together for a customer of mine who asked a
similar question to yours. It is of course my opinion and not
necessarily Compaq's.
Attacks on computer systems come in two major categories: direct attacks
over the network, and trojan horse/virus attacks via self-propagating
modified executables. I will discuss each of these in the context of Tru64
Unix
Direct attacks typically look for security vulnerabilities in the operating
system and communcation utilties and exploit them to compromise the system
security. Vulnerabilities that allow such attacks have been found in Tru64
and undoubtedly will be found in the future because of the complexity of
operating system software. Compaq actively responds to security
vulnerabilities by assuing customer advisories and patches, and it is
important that customers be on our notification mailing lists, so they are
not caught unprepared. The incidence of such vulnerabilities in Tru64 is
far less than in the typical Windows environment because of the greater
maturity of the IP communications infrastructure in Tru64.
Trojan Horse/Virus attacks typically introduce a modified executable on a
system that propagates itself to other systems. The introduction typically
happens when an unsuspecting user, executes an e-mail attachment or an
executable that they have brought on to the system via
a download or floppy file transfer.
Trojan Horse/Virus attacks on UNIX systems are extremely rare for the
following reasons.
* Unix systems are heterogenous, meaning they utilize different CPU
architectures and operating system variants, making it a couple of
orders of magnitude more technically difficult to develop a
self-propogating virus, as compared to commodity Windows
platforms.
* The tighter user security model in Unix systems, make it
impossible for an unpriviliged user to unknowingly corrupt system
files, unlike in Windows. The worst damage that such a user could
do is corrupt their own files.
In 17 years of work with Compaq's UNIX systems, I do not know of one
case of such a system being harmed by a Trojan Horse/Virus attack.
Having said that, it is prudent for customers to use practices that
minimize the likelihood of damage in case of an attack:
* limit the privilige of users to the lowest privilige needed to
accomplish their task. The less you run as root (superuser) the
safer you are.
* eliminate if possible the usage of PC file shares on the Tru64
system. Files on the shares could be infected by PC viruses if
PCs accessing them over the network are compromised. Even if such
file shares are compromised by viruses, the Tru64 Unix operating
system itself is unaffected in term of its non-PC file share
behavior. If PC file shares must be used, standard PC virus
checking programs must be run against these files shares
regularly.
* read, understand and implement security guidelines in the Security
book in the documentation set.
* keep abreast of security related notifications and patches.
* consider implementing security detection mechanisms such as
TripWire which will notify you when a system file has been
possibly compromised.
While I am not a security consultant, my remarks above are result of
years of experience with Compaq's UNIX systems. I hope these are
helpful to you in planning security for your systems.
Regards,
Ram Rao, Ph.D.
Compaq
/>
// Tim Baird
(///////[0]=============================================-
\\ bairdtimothy_at_hotmail.com
\>
_________________________________________________________________
Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp
Received on Tue Dec 11 2001 - 17:50:54 NZDT