The problem of malicious users has been hightened in recent years by the growth

The problem of malicious users has been hightened in

This preview shows page 87 - 89 out of 102 pages.

The problem of malicious users has been hightened in recent years by the growth of international networks. Anyone connected to a network can try to log on to almost any machine. If a machine is very insecure, they may succeed. In other words - we are not only looking at out local environment anymore, we must consider potential threats to system security to come from any source. The final point can be controlled by enforcing quotas on how much disk each user is allowed to use. 8.1 Who is responsible? System security lies with The user. The system administrator. The system designer. Many would prefer to write this list upside down - but we must be practical. Usually we are not in a position to ring to the system designer and say `Hey, that system modeule you wrote is not secure, fix it!'. The response would at any rate take some time. Rather, we have to learn to take the system as it comes (pending improvements in later releases) and make the best of it. All users of the system should be aware of security issues. Ideally, if all users were friendly and thoughtful, everyone would think about the welfare of the system and try to behave in a system-friendly way. Unfortunately some users are not friendly, and accidents can happen even to friendly users. 8.2 Passwords and encryption The first barrier to malicious users is the password. Every user on a multiuser system must have a password in order to log on. Passwords are stored in a coded or encrypted form so that other users cannot read them directly. Nevertheless, on very many systems, the coded passwords are readable to all users. Moreover, the algorithm which encrypts passwords is usable by all users. This means that anyone can try to crack the passwords by guessing. 8.2.1 UNIX passwords In most UNIX systems, passwords and login information are stored in the file /etc/passwd . This files looks something like this: root:99UaPHtxon3uk:0:1:Operator:/:/bin/csh sundiag:*:0:1:System Diagnostic:/usr/diag/sundiag:/usr/diag/sundiag/sundiag sysdiag:*:0:1:Old System Diagnostic:/usr/diag/sysdiag:/usr/diag/sysdiag/sysdiag daemon:*:1:1::/: sys:*:2:2::/:/bin/csh bin:*:3:3::/bin: uucp:*:4:8::/var/spool/uucppublic: news:*:6:6::/var/spool/news:/bin/csh audit:*:9:9::/etc/security/audit:/bin/csh
Image of page 87
nobody:*:65534:65534::: [email protected]::0:0::: The fields of the file are: login name : password : user id: group id : full name : directory : shell i.e. the encrypted password is readable as the second field. The UNIX standard library command crypt() converts a text string into this coded form. When a user types in his or her password, the system does not try to decrypt the password, but rather en crypts the password and compares the coded forms. The reason for this is that there is no (publicly) known algorithm for decoding passwords encrypted using crypt() . Just to reverse the process would take hundreds of thousands of years of CPU time.
Image of page 88
Image of page 89

You've reached the end of your free preview.

Want to read all 102 pages?

  • One '20

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes