Improving the Security of NIS

The Network Information Service (NIS) is a distributed database system that simplifies the task of system administration by storing account and configuration files on a single system. NIS is capable of storing a master password file so that users can use the same password for all accounts through out the network. Section 9.2.9 presented a list of known security problems with NIS. The following is a list of remedies for security problems associated with NIS.

• The /etc/hosts.equiv file should not consist a single line containing a `+' because trusted access should never be granted to all hosts on the network. If the /etc/hosts.equiv file is used, it should contain entries for specific host names. Specific user names may also be specified.

• Netgroups, which group various users and hosts together, can be defined in the file /etc/netgroup and maintained as an NIS map. Using netgroups can simplify the task of granting or denying access to users. Netgroups can also be used in the password file.

• When NIS password or group file information is to be accessed, a line of the format `+:' should be used to indicate NIS server access. The format `+::0:0:::' should not be used because if the leading `+' is accidentally deleted, unintended access can be granted.

• NIS map files should be writeable only to the super-user.

• The program ypbind should not be started with options that allow ypbind to listen to locally-issued ypset commands. This prevents an cracker from using ypset to obtain information from an unauthorized NIS server. It also prevents a cracker from obtaining unauthorized copies of databases by guessing the name of a NIS domain, binding to the NIS server using the ypset command, and requesting a database.

• Password aging can be used to force users to change their passwords periodically. Although password aging cannot be centralized using NIS, password aging can be individually implemented on each system a user can log in to.

• Do not run NIS on a secure gateway (see sec. 10.3).

• To prevent unintended disclosure of information contained in the NIS databases, the ypserv program can be modified to only respond to requests from authorized NIS clients. This modification requires access to NIS source code.

• Patches for bugs in ypserv, ypxfrd, and portmap utilities are available from Sun Microsystems.

• A site can migrate from using NIS to NIS+. Security is an integral part of NIS+. When properly configured, NIS+ prevents unauthorized sources from reading, changing, or destroying naming service information [JS92].