administrator
Click on the red underlined text to get to the source
...
This document provides guidance to system and network administrators
on how to address security issues ...
...
The audience for this document are system and network administrators,
and decision makers (typically "middle management") at sites. For
...
... and decision makers (typically "middle management") at sites. For
brevity, we will use the term "administrator" throughout this
document to refer to system and network administrators.
...
... brevity, we will use the term "administrator" throughout this
document to refer to system and network administrators.
...
...
The term "administrator" is used to cover all those people who are
responsible for the day-to-day operation of system and network
...
...
The term "security administrator" is used to cover all those people
who are responsible for the security of information and information
...
... security of information and information
technology. At some sites this function may be combined with
administrator (above); at others, this will be a separate position.
...
... People: users, administrators, hardware maintainers. ...
... The security-related decisions you make, or fail to make, as
administrator largely determines how secure or insecure your network
is, how much functionality your network ...
... services the risk outweighs the benefit of the service
and the administrator may choose to eliminate the service rather
than try to secure it.
...
... site security administrator ...
... administrators of large user groups within the organization
(e.g., business divisions, computer science ...
... It must clearly define the areas of responsibility for the
users, administrators, and management.
...
... rule. Whenever possible, the policy should spell out what exceptions
to the general policy exist. For example, under what conditions is a
system administrator allowed to go through a user's files. Also,
there may be some cases when multiple users will have access to the
same userid. For example, on systems with a "root ...
... same userid. For example, on systems with a "root" user, multiple
system administrators may know the password and use the root account.
...
... hosts
on their networks. Few administrators make any effort to protect the
networks themselves. There is some rationale to this. For example,
...
... protection against human error. When
an administrator misconfigures a host, that host may offer degraded
...
... firewalls use different terminology to describe the
various forms of firewalls. This can be confusing to system
administrators who are not familiar with firewalls. The thing to note
here is that there is no fixed terminology for the description of
...
... privileged account is compromised, there is a critical change in
personnel (especially if it is an administrator!), or when an
account has been compromised. In addition, if a privileged
account password ...
... login attempt.
Implementing this mechanism will require that legitimate users
contact their system administrator to request that their account
be reactivated.
...
... from disclosure to unauthorized entities. Operating systems often
have built-in file protection mechanisms that allow an administrator
to control who on the system can access, or "see," the contents of a
given file. A stronger way to provide confidentiality ...
... The use of encryption is sometimes controlled by governmental and
site regulations, so we encourage administrators to become informed
of laws or policies that regulate its use before employing it. It is
outside the scope of this document to discuss the various algorithms ...
...
As an administrator, you will want to make sure that information
(e.g., operating system files, company ...
... parties as soon as possible. Due to the legal implications of this
topic, it should be included in the planned procedures to avoid
further delays and uncertainties for the administrators.
...
... outside your immediate department will need to be included in the
incident handling. These additional contacts include local managers
and system administrators, administrative contacts for other sites on
the Internet, and various investigative organizations. Getting to
...
... identifying who this person will be. It should not necessarily be
the same person who has administrative responsibility for the
compromised systems since often such administrators have knowledge
only sufficient for the day to day use of the computers, and lack in
depth technical expertise.
...
... necessary. While trying to solve the problem alone, real damage
might occur due to delays or missing information. Most
administrators take the discovery of an intruder as a personal
challenge. By proceeding this way, other objectives as outlined in
the local policies may not always be considered. Trying to catch
...
... mailing lists) may potentially put a large number of
systems at risk of intrusion. It is invalid to assume that all
administrators reading a particular newsgroup have access to
operating system ...
... exist between countries. They even exist within countries, between
different social or user groups. For example, an administrator of a
university system might be very relaxed about attempts to connect to
the system via telnet ...
... university system might be very relaxed about attempts to connect to
the system via telnet, but the administrator of a military system is
likely to consider the same action as a possible attack.
...
... helps the team to act on this minimum set of information. The
response team may be able to respond to aspects of the incident of
which the local administrator is unaware. If information is given out
to someone else, the following minimum information should be
provided:
...
... removing all access while an incident is in progress obviously
notifies all users, including the alleged problem users, that the
administrators are aware of a problem; this may have a deleterious
effect on an investigation. In some cases, it is prudent to remove
...
... to develop new proactive methods. Another important facet of the
aftermath may be end user and administrator education to prevent a
reoccurrence of the security problem.
...
... expressly permitted. This may be very tempting; after a breach of
security is detected, a system administrator may have the means to
"follow it up," to ascertain what damage is being done to the remote
site. Don't do it! Instead, attempt to reach the appropriate point
...
... newsgroups to keep up to
date with the latest information being shared by fellow
administrators.
...
... Others are tools that a general user will never see or need to use,
but may be used by applications, or by administrators to troubleshoot
security problems or to guard against intruders.
...
... D. Curry, "UNIX System Security: A Guide for Users and Systems Administrators", Addision-Wesley, Reading, MA, 1992. ...