login security software recommendations wanted

login security software recommendations wanted

Post by boomer9.. » Wed, 16 Feb 2000 04:00:00



We'd really appreciate any recommendations anyone could give as to how
we could best accomplish our goals listed below. If we need to purchase
software that's OK too. Our system is Solaris 7, we have about 15-20
user accounts, the machine is behind a firewall, the users are barely
computer literate, and these requirements are coming from "on high"
from people who don't have any familiarity with Unix.

1) log failed login violations
2) password requirements: >= 5 chars., not same as name, not same as
previous passwords, lockout after 3 attempts, 60 day expiration, disable
after 30 days inactivity
3) limit one login per user (nice to have, they say)
4) screen saver locks > 15 mins.
6) Unix virus scan software

I've looked at PAM and NIS+. What do you think? Which do you prefer
and why?

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

login security software recommendations wanted

Post by Hmmm » Wed, 16 Feb 2000 04:00:00


1) are you supposed to engage audit logging?  if you do, then you can get
this info out of an auditreduce (I think that's the command) command (see
man page on audit)
2) setting the length can be done (I can't think of where you do it off the
top of my head but we set ours to something strange, too).  use admintool to
do the expiration date stuff.
X failed attempts and acct is disabled -- don't know that one, I have this
problem myself and would like to know the answer
Not same as previous password (If we're talking not being able to reset the
password to the last one used)...this is standard.  To check back to not use
the password before last --- don't know

3) Training issue

4) Screen saver lock -- haven't done this.  my problem is how can I do an
auto logout if nobody has hit a key in the last 20 minutes or so?  User
Manager (Solstice admin suite) has something like this but -- my question
is -- is the admin suite standard with the OS or do I have to buy it
separately?  I've just started working on this problem in the last day, so I
don't have the answer.

5) Like the other person that answered you...most folks aren't as concerned
about viruses on Unix boxes..??

As far as PAM or NIS+ -- I'd go NIS+.  I like it pretty well although I'm
still pretty new to it.  But...I haven't used PAM, so I really can't tell
you much about it.

AC


>We'd really appreciate any recommendations anyone could give as to how
>we could best accomplish our goals listed below. If we need to purchase
>software that's OK too. Our system is Solaris 7, we have about 15-20
>user accounts, the machine is behind a firewall, the users are barely
>computer literate, and these requirements are coming from "on high"
>from people who don't have any familiarity with Unix.

>1) log failed login violations
>2) password requirements: >= 5 chars., not same as name, not same as
>previous passwords, lockout after 3 attempts, 60 day expiration, disable
>after 30 days inactivity
>3) limit one login per user (nice to have, they say)
>4) screen saver locks > 15 mins.
>6) Unix virus scan software

>I've looked at PAM and NIS+. What do you think? Which do you prefer
>and why?

>Sent via Deja.com http://www.deja.com/
>Before you buy.


 
 
 

login security software recommendations wanted

Post by Martin Hepwort » Thu, 17 Feb 2000 04:00:00


Hi
NIS+ will help with 1-2 (get the NIS+ book by Rick Ramsey ISBM
0133095762). PAM is used as part of the authentication procedure - its
say how to authenticate, not any rules.

 1- 4 can be done by software such as Keon Unix Security Manager from
RSA-Security (www.rsasecurity.com).

5 No such product. Unix virus' are rare. More appropriate is the run
programs like tripwire to check any changes to sensistive files (which I
suppose can be thought of as a virus scan).

Anti-virus vendors who do produce AV products for Unix (Sophos and
others) just scan the Unix files for PC virii and this is only useful if
you PC fileserver is a unix box.

See the Solaris Security FAQ on www.sunworld.com for more details on
locking down your system.

martin


> We'd really appreciate any recommendations anyone could give as to how
> we could best accomplish our goals listed below. If we need to purchase
> software that's OK too. Our system is Solaris 7, we have about 15-20
> user accounts, the machine is behind a firewall, the users are barely
> computer literate, and these requirements are coming from "on high"
> from people who don't have any familiarity with Unix.

> 1) log failed login violations
> 2) password requirements: >= 5 chars., not same as name, not same as
> previous passwords, lockout after 3 attempts, 60 day expiration, disable
> after 30 days inactivity
> 3) limit one login per user (nice to have, they say)
> 4) screen saver locks > 15 mins.
> 6) Unix virus scan software

> I've looked at PAM and NIS+. What do you think? Which do you prefer
> and why?

> Sent via Deja.com http://www.deja.com/
> Before you buy.

 
 
 

login security software recommendations wanted

Post by Doug Atkinso » Sat, 19 Feb 2000 04:00:00



> 5 No such product. Unix virus' are rare. More appropriate is the run
> programs like tripwire to check any changes to sensistive files (which I
> suppose can be thought of as a virus scan).

Such a product does exist: *soft's VFIND is a UNIX scanner and
integrity tools are also available. One area that can use attention in
the UNIX virus area is the boot sector for systems running on Intel
hardware. A DOS Boot sector virus can still load and cause havoc. Check
out *soft's page at www.*.com.

Doug Atkinson

 
 
 

login security software recommendations wanted

Post by Bernard Chandle » Wed, 23 Feb 2000 04:00:00



> We'd really appreciate any recommendations anyone could give as to how
> we could best accomplish our goals listed below. If we need to purchase
> software that's OK too. Our system is Solaris 7, we have about 15-20
> user accounts, the machine is behind a firewall, the users are barely
> computer literate, and these requirements are coming from "on high"
> from people who don't have any familiarity with Unix.

> 1) log failed login violations
> 2) password requirements: >= 5 chars., not same as name, not same as
> previous passwords, lockout after 3 attempts, 60 day expiration, disable
> after 30 days inactivity
> 3) limit one login per user (nice to have, they say)
> 4) screen saver locks > 15 mins.
> 6) Unix virus scan software

> I've looked at PAM and NIS+. What do you think? Which do you prefer
> and why?

> Sent via Deja.com http://www.deja.com/
> Before you buy.

Before inventing your own security you may want to look at what is already
built in.
Most unix's have a trusted system option from c2 to b1.
http://www.amazon.com/exec/obidos/ASIN/0672313413/o/qid=951247566/sr=...

http://www.amazon.com/exec/obidos/ASIN/1565921488/o/qid=951247831/sr=...

--
Bernie Chandler
http://www.nationwide.net/~bernie

 
 
 

1. login security software recommendations wanted

We'd really appreciate any recommendations anyone could give as to how
we could best accomplish our goals listed below. If we need to purchase
software that's OK too. Our system is Solaris 7, we have about 15-20
user accounts, the machine is behind a firewall, the users are barely
computer literate, and these requirements are coming from "on high"
from people who don't have any familiarity with Unix.

1) log failed login violations
2) password requirements: >= 5 chars., not same as name, not same as
previous passwords, lockout after 3 attempts, 60 day expiration, disable
after 30 days inactivity
3) limit one login per user (nice to have, they say)
4) screen saver locks > 15 mins.
6) Unix virus scan software

I've looked at PAM and NIS+. What do you think? Which do you prefer
and why?

Sent via Deja.com http://www.deja.com/
Before you buy.

2. SCSI and AT

3. Modem callback software wanted (login security)

4. help, init and ttys all messed up ....

5. Software recommendation wanted for Alpha XL 266

6. Installation

7. Solaris Security Software Recommendation Needed

8. Problem with Tarring while installing StarOffice

9. Recommendations for (non-internet) Security checking software for HP

10. WANTED - user account security software

11. Wanted: Scheduler software wanted