a cryptographic signature as a digital label that the necessary care was taken to build
them. Viruses are a typical sign that the administrator or the user lacks the required se-
curity awareness, putting at risk even a system that should be highly secure by its very
design.
Viruses should not be confused with worms, which belong to the world of networks
entirely. Worms do not need a host to spread.
1.1.7 Network Security
Network security is important for protecting from an attack that is started outside. The
typical login procedure requiring a username and a password for user authentication is
still a local security issue. In the particular case of logging in over a network, differen-
tiate between the two security aspects. What happens until the actual authentication is
network security and anything that happens afterwards is local security.
1.1.8 X Window System and X
Authentication
As mentioned at the beginning, network transparency is one of the central characteristics
of a UNIX system. X, the windowing system of UNIX operating systems, can make
use of this feature in an impressive way. With X, it is basically no problem to log in at
a remote host and start a graphical program that is then sent over the network to be
displayed on your computer.
When an X client should be displayed remotely using an X server, the latter should
protect the resource managed by it (the display) from unauthorized access. In more
concrete terms, certain permissions must be given to the client program. With the X
Window System, there are two ways to do this, called host-based access control and
cookie-based access control. The former relies on the IP address of the host where the
client should run. The program to control this is xhost. xhost enters the IP address of a
legitimate client into a tiny database belonging to the X server. However, relying on
IP addresses for authentication is not very secure. For example, if there were a second
user working on the host sending the client program, that user would have access to
the X server as well—just like someone stealing the IP address. Because of these
shortcomings, this authentication method is not described in more detail here, but you
can learn about it with
man xhost
.
Security and Confidentiality
7
Содержание LINUX ENTERPRISE DESKTOP 11
Страница 1: ...SUSE Linux Enterprise Server www novell com 11 March 17 2009 Security Guide...
Страница 9: ...32 7 Managing Audit Event Records Using Keys 433 33 Useful Resources 435...
Страница 10: ......
Страница 29: ...Part I Authentication...
Страница 30: ......
Страница 55: ...Figure 4 2 YaST LDAP Server Configuration LDAP A Directory Service 41...
Страница 126: ......
Страница 127: ...Part II Local Security...
Страница 128: ......
Страница 158: ......
Страница 173: ...Part III Network Security...
Страница 174: ......
Страница 194: ......
Страница 197: ...Figure 16 2 Scenario 2 Figure 16 3 Scenario 3 Configuring VPN Server 183...
Страница 210: ......
Страница 228: ......
Страница 229: ...Part IV Confining Privileges with Novell AppArmor...
Страница 230: ......
Страница 274: ......
Страница 300: ......
Страница 328: ......
Страница 340: ......
Страница 342: ......
Страница 386: ......
Страница 387: ...Part V The Linux Audit Framework...
Страница 388: ......