Most operating systems have little or no security enabled when initially installed. In order to provide system security, a system administrator must not only be knowledgeable of the different ways to protect a system, but it is also imperative that the administrator implement the computer security plan in a thorough and consistent manner. Section 10.1 lists many of the aspects of security that need to be considered when protecting a system, regardless of whether the system is standalone or connected to a network. Networked systems are much more vulnerable to break-ins because of their accessibility over the network and the use of inherently insecure network protocols. In addition, if one system on a network is broken into, then other systems on the network may be compromised. See [CB94] for a detailed presentation of network security threats and suggestions for improving network security addressed to the technical specialist with in-depth knowledge of network protocols.
Many network protocols are subject to abuse. Section 10.2 describes precautions that can be taken to improve security for common network access procedures. Each system using common network access procedures must take precautions to protect against the threats associated with each service used. For example, each system running the Unix ``r'' commands must take precautions to prevent the threats associated with the trusted hosts facility (see sec. 9.2.6) from being exploited. Individual systems must be responsibly administered so that all systems cooperate to achieve a secure network.
Secure gateways (see sec. 10.3) provide network security by blocking certain protocols and services from entering or exiting subnets. Secure gateways, or firewalls, have an advantage over the methods described in section 10.2 because security can be concentrated on a firewall. The firewall can be used to filter commonly exploited common network access protocols from entering a subnet while permitting those common network access protocols to be used on the inside subnet without fear of exploitation from outside systems.
Robust authentication mechanisms improve the authentication process beyond conventional authentication mechanisms such as passwords. Section 10.4 discusses robust authentication procedures.