A basic rule of working with any operating system is that only tasks that require system administrator (root) rights must be performed using a system administrator's account. All other tasks must be performed as a normal, non-privileged user. This is especially true for security-sensitive environments, such as a firewall.
Therefore, for every administrator of the firewall who needs local access, a normal user account must be created. Even if a firewall is managed by a team of administrators, typically only senior–level staff must be provided local logon rights. To preserve accountability and to maintain an adequate level of security, a separate account must be created for each administrator. These accounts are normal user accounts with no special privileges. However, to perform administrative tasks, special, root level access is needed to the services involved in the administrative action.
Linux provides the sudo tool to grant root level access to dedicated normal users. sudo allows the users to run only certain commands (specified by the root user) as root.
The sudo utility provides a secure method of having root level access to parts of the system. It is especially useful if there is more than one user who is potentially local administrator. To use sudo, all users who need root access must be listed in the file /etc/sudoers
. The sudo command then allows these users to run only certain commands (specified by the root user) as root. This selective method is more secure than providing full root level access for a user to all parts of the system. It also allows for a more granular control over user activities on the system. sudo has configurable options as well as default settings; more information on these can be found in its manual pages (man sudo).
Tip |
---|
You can access Linux/Unix manual pages easily from Windows environment as well. If you have a Mozilla or Firefox browser, type man sudo in the address line and the browser opens immediately the sudo project's homepage. |
Local administration of the firewall can be accomplished through either the local console itself, that is, physically sitting in front of the machine, or through a terminal session over the network. This network session obviously needs to be encrypted. PNS uses the industry–standard SSH protocol to accomplish this. SSH is a client–server protocol that provides an encrypted communication channel between the parties. PNS contains a native SSH server implementation, and SSH clients are freely available for most major operating systems. If you do not have one already installed on your system, visit http://www.freessh.org for a list of both free and payware SSH clients.
To establish an SSH session, the client must first authenticate itself to the server. A number of different authentication methods are defined in the SSH protocol standard. Currently, SSH version 2 is the latest standard version.
The simplest authentication method is password authentication: the user logging in to the SSH server provides a username/password pair that is a valid user in the server machine. The advantage of this method is its simplicity: no special configuration is needed and the user must know the username and password on the server anyway.
A more secure method of SSH login is the public key-based authentication: in this case the user possesses a public/private key pair and the server has a copy of the user's public key. The logon procedure using public keys is the following:
Using the private key, the user initiates a logon to the server with the help of a session identifier.
The server checks whether it has the matching public key for the user and grants access if both the key is found and the signature is correct.
The advantage of this method is enhanced security. No username and password have to be provided and the entire authentication session is secured with public key cryptographic procedures. The disadvantage is the extra setup needed: you have to generate user key pairs, place public keys of users on the server and the user has to carry the private keys to all client computers the user wishing to log on from, and upon leaving the client, the user has to make sure to remove the private key from the computer. Although, the more complicated it is to set up this method of authentication, the more preferred it is, due to the enhanced security it provides.
By default, PNS allows password-based SSH logins, too. During the setup it has to be decided whether the root user can log in to the system through SSH connection. It is recommended not to allow roots to login through SSH for security reasons. First an SSH session has to be established as a normal user and then perform a sudo action to gain special access permission for accomplishing administrative tasks.
For more information on SSH and its configuration, see Appendix B, Further readings.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu