Subject: Re: NetBSD for shell acct. services
To: Claudio Leite <claudio@tux.org>
From: Perry E. Metzger <perry@piermont.com>
List: port-i386
Date: 08/17/1998 17:33:53
Claudio Leite writes:
> A friend and I are starting a new Internet services company, and
> one of our planned services are shell accounts. I would like to know a few
> things which I haven't seen anywhere: does NetBSD support DES or Blowfish
> encryption? A good encryption system is definately a plus.
The question is somewhat meaningless. All computers can run
cryptographic algorithms. What do you want these algorithms applied *to*?
> Also, is NetBSD secure against root attacks? Shell service providers
> are popular targets for root attacks. If anyone runs NetBSD on a
> shell server, please tell me how its been doing in terms of
> security.
It is reasonably resilient, but not perfect. No OS that I know of is
perfect, so the advice I'm about to give you is advice I would give
you regardless of what flavor of Unix you are using.
If you wish to use NetBSD accessable to possibly hostile shell users,
I would make some alterations to the system to make it more
resilient. In particular, I would eliminate user access to all suid
programs, and make those programs available only to staff members. I
would implement the provided "quota" system in order to keep users
from exhausting disk space, and I would tighten the limit system that
prevents users from creating too many processes or using too much
memory. I would also remove "dangerous" things from the system, like
the C compiler and the system sources (including kernel sources). I'd
also make sure my kernel could not do "dangerous" things like running
BPF, and I would run it at a high secure level (like secure level 2)
while operating multiuser.
I would also make sure that tight monitoring systems could detect
system attack -- in particular, I would operate tripwire off of read
only media at very frequent intervals to assure that nothing dangerous
had been done to the system.
Again, I would do this for ANY Unix system exposed to potentially
hostile users -- not just NetBSD.
Doing this sort of thing right is a bit of an art, but it is easily
feasible.
Perry