topic Re: Disadvantages of Trusted Systems anymore ? in Operating System - HP-UX

Disadvantages of Trusted Systems anymore ?

Hakki Aydin Ucar — Mon, 14 Sep 2009 10:27:47 GMT

As far as I know following disadvantages of Trusted System, and I am trying to find vulnerable and incompatible issue before go to Trusted Systems for my customer:

1-Incompatible with NIS
2-Incompatible with that need directly modify /etc/passwd

is there any other issue that anybody experienced ,please let me know.
Regards.

Re: Disadvantages of Trusted Systems anymore ?

James R. Ferguson — Mon, 14 Sep 2009 10:36:26 GMT

Hi Hakki:

In my mind, the biggest disadvantage is that Trusted Systems are deprecated in 11.31 and will not be supported in a subsequent release.

The '/etc/shadow' password implementation is more consistent with other UNIX/LINUX and is the foundation for a number of evolving security enhancements.

Regards!

...JRF...

Re: Disadvantages of Trusted Systems anymore ?

Hakki Aydin Ucar — Mon, 14 Sep 2009 10:58:47 GMT

So , can I say that Orange Book (it used to referencing to measure) is about to obsoleting now ?

Re: Disadvantages of Trusted Systems anymore ?

Duncan Edmonstone — Mon, 14 Sep 2009 11:00:19 GMT

Agree with JRF - most of what needed Trusted Mode in 11.11 can be done in standard mode on 11.31. Even on 11.23 there are optional products to do most of this:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=StdModSecExt

Setting up new systems with Trusted Mode makes little sense now unless there is something very specific that only Trusted Mode can offer.

HTH

Duncan

Re: Disadvantages of Trusted Systems anymore ?

Hakki Aydin Ucar — Mon, 14 Sep 2009 11:13:27 GMT

So it seems , if somebody like my customer use 11i v1, then it can be considered. But after that not important.

Re: Disadvantages of Trusted Systems anymore ?

Duncan Edmonstone — Mon, 14 Sep 2009 11:13:32 GMT

The replacement for TCSEC "orange book" security is Common Criteria Certification:

http://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria

HP-UX Certifications against this are here:

http://h20338.www2.hp.com/hpux11i/cache/532758-0-0-0-121.html

HTH

Duncan

Re: Disadvantages of Trusted Systems anymore ?

Duncan Edmonstone — Mon, 14 Sep 2009 11:16:07 GMT

And if passwords in /etc/passwd are all you are concerned about, even 11.11 can offer a shadow password file in standard mode:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ShadowPassword

HTH

Duncan

Re: Disadvantages of Trusted Systems anymore ?

VK2COT — Mon, 14 Sep 2009 20:28:48 GMT

Hello,

TCB is going away. Better prepare for it.
It is much better to use Shadow Passwords
(especially on HP-UX 11.31, which has lot
of additional features).

One of the bad sides of TCB is that /tcb
directory structure is root-read only, and
there are numerous applications that cannot
get authenticated.

On the other hand, the biggest disadvantage
of Shadow Passwords on is that it does not
support passwords longer than eight
characters.

The new bundles for much longer Shadow
Password support on HP-UX 11.31 (up to 255
characters) is in testing now.

Some parts of HP-UX 11.31 0909 release
have already been made aware of longer
password support.

Cheers,

VK2COT

Re: Disadvantages of Trusted Systems anymore ?

KathyL1 — Thu, 24 Sep 2009 00:30:06 GMT

> Setting up new systems with Trusted Mode makes little sense now
> unless there is something very specific that only Trusted Mode can offer.

Trusted mode does indeed offer very specific protection that is *NOT* available with Shadow passwords on 11.31 servers. Trusted Mode is the *ONLY* system that enforces password length, complexity, ageing, history, etc policies for the root user account.

With Shadow passwords the password length, complexity, ageing, history policies specified in the /etc/default/security file do *NOT* apply to the root user account - they only apply when a non-root user changes a password. As a result the root user can bypass these policies when changing the password for itself *AND* for other users - the root user can even set passwords to null!!

Due to our security requirements we'll be sticking with Trusted Mode for the foreseeable future!!

Kathy

Re: Disadvantages of Trusted Systems anymore ?

Bill Hassell — Thu, 01 Oct 2009 01:22:08 GMT

> 1-Incompatible with NIS

For good reason. NIS is an archaic password system that broadcasts the passwords all over the network. It was probably useful in the days before the Internet but no auditor would allow NIS in a secure environment. NIS+ is a better choice but not many OS's can use it. LDAP is the more common method for multi-platform authentication.

> 2-Incompatible with that need directly modify /etc/passwd

Also a very good feature. No program should ever, ever be allowed to modify the passwd file that is not part of the OS.

> One of the bad sides of TCB is that /tcb
directory structure is root-read only, and
there are numerous applications that cannot
get authenticated.

Actually, I consider /tcb root-read only is a very great benefit. The numerous applications are dinosaurs that were written before industry standard PAM interfaces became available, or worse, these are new programs written by programmers that need to go back to changing tapes.

Trusted is still a supported security method for all current versions of HP-UX and I'll be recommending it for 11.31 systems. Since 11.31 will be around for a few years, I'll be waiting for a replacement that actually improves on Trusted features.

Re: Disadvantages of Trusted Systems anymore ?

Steven E. Protter — Thu, 01 Oct 2009 02:25:30 GMT

Shalom,

Shadow passwords, available on http://software.hp.com are probably the way to go.

I've noticed an underlying trend to be a little more Linux like and this would make HP-UX easier to work with with the larger, Linux crowd.

SEP

Re: Disadvantages of Trusted Systems anymore ?

VK2COT — Thu, 01 Oct 2009 04:41:18 GMT

Hello,

While there is no doubt that TCB has excellent
features and works well, it is a fact that
HP, for better or worse, decided to retire
it in the future release.

As an alternative, many enhancements to
Shadow passwords were added.

Just recently, I tested the new bundles for
much longer Shadow Password support on HP-UX 11.31.

There is also an enhancement request
QXCR1000970986 to apply password policies on
the root user.

Overall, whether we liked TCB or not (personally, I was very fond of it),
we need to move on :)

As far as "old" applications that had
problems with TCB due to permissions -
sadly, that is still the case. I have number
of customers who use weird applications
and TCB is making it very difficult.
Telling them to change the application design
did not help much because when a customer is,
say, a Fortune-500 company, they do not care
what the technical people say most of the
time. Quite a few companies typically
learn only when a disaster strikes and
the IT best practices are meaningless
in that case.

If only shareholders knew what kind of companies they support sometimes!

Regards,

VK2COT