Understanding system security
Because there is no such thing as a computer system that is completely
free from risk, systems are
referred to as ``trusted'' rather than ``secure''.
A trusted system is one that achieves a greater level of
control over access to information, providing mechanisms to
prevent (or at least detect) unauthorized access, along with additional
means to confirm that these mechanisms are functioning properly.
The C2 level of trust means that the system is designed to meet
specific criteria in its security policy: accountability, assurance,
testing, and documentation.
The security features of SCO systems are an extension of features present on most UNIX systems. Full compatibility with existing UNIX system mechanisms is maintained while expanding the protection of user and system information. A large part of system administration involves maintaining and protecting system information as described in this chapter.
At installation time, you were asked to select the security defaults to be used on your system. In addition, you can customize any of the defaults to the needs at your site.
As administrator, your actions are crucial to maintaining a trusted system. You should understand the system's security policy, how it is controlled by system information databases, and how changes you make affect user and administrator actions.