S 5.18 Use of the NIS security mechanisms

Initiation responsibility: Administrator, IT Security Officer

Implementation responsibility: Administrator

NIS (Network Information Service) cannot be operated without serious security gaps and should therefore be used only in a secure environment.

The following requirements apply to a NIS server:

• The password file /etc/passwd must not contain the entry +::0:0::: since otherwise access with the name "+" without a password is possible. Should the entry be necessary, the password must be replaced by "*" (you must check whether access has actually been blocked!). Nevertheless, there will still be the risk that, in case of inadvertent deletion of the first column (i.e. "+"), privileged access will be possible without a password and without a user name!
• The situation is similar with regard to the group file /etc/group and all other security-related files which are to be made accessible network-wide through the NIS, e.g. /etc/hosts, /etc/group or /etc/bootparams.
• The ypserv server process should respond only to queries made by computers which have been designated in advance.

The following requirements apply to a NIS client:

• The entry +:*:0:0::: in the password file /etc/passwd should be documented (see S 2.31 Documentation of the authorised users and rights profiles), and there must be an entry in the password field so that access with the user name "+" without a password will not be inadvertently provided in case of (intentional or unintentional) failure to use the NIS.
• Similar provisions apply to the group file /etc/group and all other security-related files to be made accessible network-wide through the NIS.
• The ypbind client process should only accept data coming from a privileged port, since otherwise it might obtain data (including passwords!) from any process whatsoever claiming to be a server.
• In order to prevent the NIS administrator from having root rights on all NIS clients, a local user with the UID 0 should be established on each client.
• It must be borne in mind that NIS will, as a first step, search the local files for matching entries so that, for instance, the entries
  
  root::0:0::: +:*:0:0:::
  
  
  in the /etc/passwd file have the effect that the first entry without a password, instead of the root password from the NIS map, will be used.

Review questions:

• Is NIS (Network Information Service) used only in a secure environment?
• Are the NIS security mechanisms used both for servers and clients?