By:Frank W. Lyons
President of Entellus Technology Group, Inc.
I. Preliminary Steps
A. Obtain an organizational chart of the group responsible for the operating environment.
B. Obtain any existing security and control procedures
C. Obtain a description of the network configuration
D. Obtain a listing of the various systems (applications) supported by the operating system
E. Obtain a job description of the System Administrator
II. Installation Audit Steps
A. Review any design criteria for system security.
B. Determine whether the user access is controlled through the operating system, the database management system, or the application front-end menu system.
C. Determine what documentation standards exist and whether they are being followed.
D. Determine who acts as the Security Administrator for the operating environment.
E. Determine the standards for password management and construction.
F. Review any existing security guidelines for users, groups, and functions.
III. Physical Security
A. Review the network configuration to ensure that all network components are physically secured.
These include File Servers, Bridges, Routers, Hubs/Concentrators, Gateways, Terminal Servers, and Modems.
B. Determine who is responsible and what documentation is required for configuration changes to the physical network.
Are these procedures effective?
Are the changes to the network documented?
Are users and other impacted parties properly notified?
C. Ensure that only the System Administrator or other authorized personnel have physical access to the file server console as the system can be rebooted from the ‘A’ drive and a new root password can be supplied.
IV. System Administration
A. Identify all the System Administrators.
$grep :0: /etc/passwd
B. Determine that each administrator requires this level of authority.
C. Determine the change control procedures over changes to users, programs, menus, authorities, user scripts, hardware and system software.
D. Determine that the proper person or group is responsible for monitoring the network that support the file server.
E. Determine that the proper person or group is responsible for system shutdown and backups.
F. Determine if the System Administrator is supported by a backup or at a minimum their userid/password are kept in a secured location in case of an emergency.
G. Determine who is responsible for maintaining license agreements and if all agreements are being met.
V. System Security
The System Administrator’s interface for the AIX system is the System Management Interface Tool (smit). You can invoke smit by keying smit at the operating system prompt.
A. During the initial installation did the System Administrator create audit check sum files. These files will allow the Security Administrator to verify that no changes have been made since the installation of the system.
The audit check sum files should contain a single-line entry for each file having the following information: (See /etc/security/sysck.cfg)
aclcontains both base and extended access control list data for the file classa logical group to which this file belongs pathname Absolute pathname
owner Ether symbolic or numeric ID group Either symbolic or numeric ID mode Symbolic representation as displayed by the ls -l command size Size of the file in bytes. Major and minor numbers are listed for devices links Number of hard links to pathname version Numeric value,...