The Network Trusted Computing Base (NTCB) consists of hardware
and software for ensuring network security. This section defines the components
of the NTCB as they relate to TCP/IP.
The hardware security features for the network are provided
by the network adapters used with TCP/IP. These adapters control incoming
data by receiving only data destined for the local system and broadcast data
receivable by all systems.
The software component of the NTCB consists of only those programs that
are considered as trusted. The programs and associated files that are part
of a secure system are listed in the following tables on a directory-by-directory
basis.
/etc directory
| Name |
Owner |
Group |
Mode |
Permissions |
| gated.conf |
root |
system |
0664 |
rw-rw-r— |
| gateways |
root |
system |
0664 |
rw-rw-r— |
| hosts |
root |
system |
0664 |
rw-rw-r— |
| hosts.equiv |
root |
system |
0664 |
rw-rw-r— |
| inetd.conf |
root |
system |
0644 |
rw-r—r— |
| named.conf |
root |
system |
0644 |
rw-r—r— |
| named.data |
root |
system |
0664 |
rw-rw-r— |
| networks |
root |
system |
0664 |
rw-rw-r— |
| protocols |
root |
system |
0644 |
rw-r—r— |
| rc.tcpip |
root |
system |
0774 |
rwxrwxr— |
| resolv.conf |
root |
system |
0644 |
rw-rw-r— |
| services |
root |
system |
0644 |
rw-r—r— |
| 3270.keys |
root |
system |
0664 |
rw-rw-r— |
| 3270keys.rt |
root |
system |
0664 |
rw-rw-r— |
/usr/bin directory
| Name |
Owner |
Group |
Mode |
Permissions |
| host |
root |
system |
4555 |
r-sr-xr-x |
| hostid |
bin |
bin |
0555 |
r-xr-xr-x |
| hostname |
bin |
bin |
0555 |
r-xr-xr-x |
| finger |
root |
system |
0755 |
rwxr-xr-x |
| ftp |
root |
system |
4555 |
r-sr-xr-x |
| netstat |
root |
bin |
4555 |
r-sr-xr-x |
| rexec |
root |
bin |
4555 |
r-sr-xr-x |
| ruptime |
root |
system |
4555 |
r-sr-xr-x |
| rwho |
root |
system |
4555 |
r-sr-xr-x |
| talk |
bin |
bin |
0555 |
r-xr-xr-x |
| telnet |
root |
system |
4555 |
r-sr-xr-x |
/usr/sbin directory
| Name |
Owner |
Group |
Mode |
Permissions |
| arp |
root |
system |
4555 |
r-sr-xr-x |
| fingerd |
root |
system |
0554 |
r-xr-xr— |
| ftpd |
root |
system |
4554 |
r-sr-xr— |
| gated |
root |
system |
4554 |
r-sr-xr— |
| ifconfig |
bin |
bin |
0555 |
r-xr-xr-x |
| inetd |
root |
system |
4554 |
r-sr-xr— |
| named |
root |
system |
4554 |
r-sr-x— |
| ping |
root |
system |
4555 |
r-sr-xr-x |
| rexecd |
root |
system |
4554 |
r-sr-xr— |
| route |
root |
system |
4554 |
r-sr-xr— |
| routed |
root |
system |
0554 |
r-xr-x—- |
| rwhod |
root |
system |
4554 |
r-sr-xr— |
| securetcpip |
root |
system |
0554 |
r-xr-xr— |
| setclock |
root |
system |
4555 |
r-sr-xr-x |
| syslogd |
root |
system |
0554 |
r-xr-xr— |
| talkd |
root |
system |
4554 |
r-sr-xr— |
| telnetd |
root |
system |
4554 |
r-sr-xr— |
/usr/ucb directory
| Name |
Owner |
Group |
Mode |
Permissions |
| tn |
root |
system |
4555 |
r-sr-xr-x |
/var/spool/rwho directory
| Name |
Owner |
Group |
Mode |
Permissions |
| rwho (directory) |
root |
system |
0755 |
drwxr-xr-x |