Siebel Security Hardening Guide > Securing the Operating System >
Protecting Files and Resources
Protect files and resources in your operating system environment as follows:
- Set up access restrictions to executable files, data files, Web pages, directories, and administrative tools as follows:
- Audit file permissions, file ownership, and file access.
- Restrict access to accounts and services.
Controlling access is an important element in maintaining security. The most secure environments follow the least-privilege principle, which grants users the least amount of access that still enables them to complete their required work. Set up hosts to allow only those services (ports) that are necessary and run only with the fewest possible services. Eliminate services with known vulnerabilities.
- Run the checksum utility on system files when installed and check for Trojan malware frequently. (A Trojan is software that appears legitimate but which contains malicious code that is used to cause damage to your computer.) Check user file systems for vulnerabilities and improper access controls.
- Verify operating system accounts and make sure they have passwords that are difficult to guess.
- Automatically disable accounts after several failed login attempts.
- (UNIX) Limit root access.
- Manage user accounts:
- Do not share user accounts.
- Remove or disable user accounts upon termination.
- Require strong passwords.
- (Windows) Disable automatic logon.
- (UNIX) Use a restricted shell.
- (UNIX) Disable login for well-known accounts that do not need direct login access (bin, daemon, sys, uucp, lp, adm).
- Restrict guest accounts:
- As with any account, create a guest account only for the time required and remove the account when it is no longer required.
- Use a non-standard account name for the account; avoid the name guest.
- Use a strong password.
- (UNIX) Use a restricted shell. If reasonable, give the account an 077 unmask.
|