S 5.18 Use of the NIS security mechanisms

Initiation responsibility: IT Security Management; administrator

Implementation responsibility: Administrator

NIS (Network Information Service) cannot be operated without serious security shortcomings and should therefore be used only in a secure environment.

The following requirements apply to a NIS server:

• The password file /etc/passwd must not contain the entry +::0:0::: since otherwise access with the name ´+´ without a password is possible. Should the entry be necessary, the password must be replaced by ´*´ (you must check whether access has actually been blocked!). Nevertheless, there still will be the risk that, in case of inadvertent deletion of the first column (i.e. ´+´), privileged access will be possible without a password and without a user name!
• The situation is similar as regards the group file /etc/group and all other security-relevant files which are to be made accessible network-wide through the NIS, e.g. /etc/hosts, /etc/group or /etc/bootparams.
• The ypserv server process should respond only to queries made by computers which have been designated in advance.

• The entry +:*:0:0::: in the password file /etc/passwd should be documented (cf. S 2.31 Documentation of authorised users and authorisation parameters), and in any case there should be an entry in the password field so that access with the user name ´+´ without a password will not be inadvertently provided in case of (intentional or unintentional) failure to use the NIS.
• Similar provisions apply to the group file /etc/group and all other security-relevant files to be made accessible network-wide through the NIS.
• The ypbind client process should only accept data coming from a privileged port since otherwise it might obtain data (including passwords!) from any process whatsoever claiming to be a server.
• In order to prevent the NIS system administrator from having root rights on all NIS clients, a local user with the UID 0 should be established on each NIS client.
• It must be borne in mind that NIS will, as a first step, search the local files for matching entries so that, for instance, the entries

root::0:0::::

+:*:0:0:::

in the /etc/passwd file have the effect that the first entry without a password, instead of the root password from the NIS map, will be used.

© Copyright by Bundesamt für Sicherheit in der Informationstechnik 1998.