An estimated $59 billion is lost each year in proprietary information and intellectual property, according to Trends in Proprietary Information Loss Survey, by ASIS International (September 2002). The collective basis for these losses is a low level of priority for information security—especially at the user level—and lack of management support. With the rapid release of new software and hardware and the progression of technology and processing power, the threat of further loss is imminent. We simply must equally integrate security throughout the infrastructure and should not depend so much on robust perimeter security such as firewalls.
In any organization, the need for appropriate levels of security—both physical security (that is, employees and facilities) as well as information security (system and application level access)—is easily recognized. However, when it comes to practice, complacency may often take center stage, thereby introducing additional exposures, risks, threats, and vulnerabilities into the organization. These security-related issues, if unaddressed, can seriously undermine an organization and adversely impact its ability to continue its stated mission successfully.
This chapter presents discussions on identifying, monitoring, and disabling user- level logins. Furthermore, we'll look at how to configure and customize the syslog logging facility and ways to monitor and restrict remote superuser access using the switch user (su) program. Most of the techniques in this chapter are essential for the Sun Certified Security Administrator's arsenal and mandated by many enterprise information security policies.