Network Security - Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual

them. Viruses are a typical sign that the administrator or the user lacks the required se-
curity awareness, putting at risk even a system that should be highly secure by its very
design.
Viruses should not be confused with worms, which belong to the world of networks
entirely. Worms do not need a host to spread.

49.1.7 Network Security

Network security is important for protecting from an attack that is started outside. The
typical login procedure requiring a username and a password for user authentication is
still a local security issue. In the particular case of logging in over a network, differen-
tiate between the two security aspects. What happens until the actual authentication is
network security and anything that happens afterwards is local security.
49.1.8 X Window System and X
Authentication
As mentioned at the beginning, network transparency is one of the central characteristics
of a UNIX system. X, the windowing system of UNIX operating systems, can make
use of this feature in an impressive way. With X, it is basically no problem to log in at
a remote host and start a graphical program that is then sent over the network to be
displayed on your computer.
When an X client should be displayed remotely using an X server, the latter should
protect the resource managed by it (the display) from unauthorized access. In more
concrete terms, certain permissions must be given to the client program. With the X
Window System, there are two ways to do this, called host-based access control and
cookie-based access control. The former relies on the IP address of the host where the
client should run. The program to control this is xhost. xhost enters the IP address of a
legitimate client into a tiny database belonging to the X server. However, relying on
IP addresses for authentication is not very secure. For example, if there were a second
user working on the host sending the client program, that user would have access to
the X server as well—just like someone stealing the IP address. Because of these
shortcomings, this authentication method is not described in more detail here, but you
can learn about it with man xhost.
Security and Confidentiality 885