Hey;
In case you haven't noticed yet, security arguments can get religious in nature.
The short answer for the reason for network security vs system security is the vast number of hacker incidents are internal - someone already inside your network doing things they shouldn't. Add to that, things like accidental or inadvertant changes, what not.
Network security is just one aspect of the security posture - system securit is another and physical security is a third. There is a whole branch of certifications for security that cover all of these things.
As for the direct root login: There's generally two reasons to prevent direct root login. The first is to control who logs in as root via a two step login process. The second is called repudiation. That basically means being able to point at a belly button and say "You did this as root on this date at this time".
To side-step for half a sec, there are 3 factors for authentication:
1. Something you know (password/passphrase)
2. Something you have (secure token)
3. Something you are (biometrics)
The more factors you employ, the more secure your system is. Passwords are single-factor authentication.
I generally agree that direct root login should be prevented if you're using passwords. Direct password oriented root access violates both reasons for disallowing direct root access. There is no way to be certain that the person with the root password is who he says he is. That's actually a weakness of *any* straight password based system.
Where I tend to disagree w/direct root login (get ready for the flame war :D) is if direct root login is provided via secure shell/public key authentication (pka). PKA is 2-factor authentication as it's something you have (private key) and something you know (passphrase to the private key).
There is no way to "accidentally" configure pka access. The benefits of using pka are very similar to what you get by allowing rsh access to root - but without the gross security concerns. If you're managing 100 or more systems, something like this tends to become a requirement rather than a nice to have thing.
The downside to pka is that it effectively moves the security control from the UNIX server to whatever system is housing your private key. If you're not using a passphrase, you might as well leave root open; if you leave your sytem unlocked, you might as well leave root open. If your private key system is vulnerable to attack, then your UNIX system is at risk.
As the paradigm says, the only secure system is one that's buried 50 feet underground in a concrete bunker that has no external network storage and it's own power supply, surrounded by well armed, well paid guards - and even then, the security is suspect.
UNIX security, probably more than any other aspect of UNIX system administration, is a balance of useability vs security and can be very complicated. It's very important to know and understand the impact of various configuration decisions. You may *think* you're secure, but the local hacker can prove otherwise.
HTH;
Doug O'Leary
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
