A term generally applied to UNIX systems with 'Enhanced Security' where security features allow the system to meet the standards of a C2 security rating.

The National Computer Security Center (NCSC) established a process by which software vendors can submit their security-related products for evaluation.

NCSC Security ratings range from 'A' to 'D,' where 'A' represents the highest security level. The 'C' rating is generally applied to business software. Each rating is further divided into classes. For example, in the 'C' division, software may be rated either 'C2' or 'C1,' with 'C2' representing the higher security.

Internally, UNIX identifies groups by their numeric GID (Group Identifier), rather than their group names.

Group profiles provide multiple users with the same set of access permissions and privileges. Access permissions assigned to group profiles are added to permissions that are directly assigned to Users that are members of a Group.

UNIX uses the 'passwd' file (normally found in the path /etc/passwd) to keep track of every user on the system. The file contains the username, real name, identification information and basic account information for each user. On UNIX systems with basic security the file also contains users' encrypted passwords. See also 'Shadow Passwd Files'.

The ability to access the system remotely via, for example, the telnet terminal network service. The ability to login remotely can be granted or denied to users.

Every UNIX system comes with a special account with a UID of 0. This account is known as the superuser and has a username of root. The root account is used by the operating system itself to accomplish many of it's functions. For this reason, the superuser has nearly complete control over the operating system. Most security checks are turned off for any program that is run by the root user.

The filename given by SekChek to the set of compressed Scan files extracted from UNIX platforms before encryption by SekChek. See also SEKUNF.ZIP.

The filename given by SekChek to the set of compressed and encrypted Scan files extracted from UNIX platforms. SCK files are encrypted with SekChek’s Public Key using industry-standard algorithms, such as RSA and 3-DES. They can only be decrypted at SekChek’s premises with the corresponding non-exportable Private Key.

SCK files are created when the ‘Public Key Encryption’ option is enabled in the SekChek Client software on your PC. This is the recommended option.

The filename given by SekChek to the set of compressed and encrypted files extracted from UNIX platforms.

ZIP files are created when the ‘Public Key Encryption’ option is disabled (unchecked) in the SekChek Client software on your PC. For improved security, we recommend that you enable this option. Refer to the definition of SEKUNF.SCK files for more information.

The filename given by SekChek to the set of compressed and encrypted files containing your SekChek reports. SDE files are symmetrically encrypted with industry-standard algorithms, such as DES.

In SekChek, sensitive directories include those containing files that determine the operating environment and security rules for a service.

In SekChek, sensitive files include security and system configuration files, files in the System Search Path and sensitive user files, such as 'rhosts' and 'profile'. Examples are 'Passwd Files', 'Shadow Passwd Files' and programs such as the program that changes user passwords. Many of these files contain statements that are ‘executed’ by the system when certain services are started and initialised.

A program that switches its GID (Group Identifier) when it executes.

It is sometimes necessary for a user to accomplish tasks that require privileges and permissions that his own userid does not have. One of the ways such programs achieve this is by assuming the privileges of a powerful GID (Group Identifier) when they execute. See 'SUID' also.

Systems with shadowing features store users' encrypted passwords in a 'shadow' passwd file, rather than the /etc/passwd file, which is typically world-readable. UNIX systems with C2 level security features also use shadow passwd files. See 'Passwd File' also.

Programs that SUID (Switch Userid) assume the privileges of another UID (User Identifier), such as root, rather than that of the user invoking the program.

An example is the program that changes a user's login password. While the user may not be able to edit the system's 'passwd file' directly, the passwd program can. This allows a user to perform privileged functions allowed by a special-purpose program, without assigning these privileges to the user on a permanent basis. Also see 'SGID'.

Passwords that can be easily guessed. Examples are AA, a password equal to the username, and simple words such as Monday, or January.

If one host (system) trusts another host, any user who has the same username on both hosts can log in from the trusted host to the other computer without entering a password. See also 'Trusted Users'.

If a user on another computer is designated as a trusted user for an account on the current computer, the trusted user can login to the account on the current computer without entering a password.

Internally, UNIX identifies users by their numeric UID (User Identifier), rather than their user names. This means that the system ‘sees’ usernames with the same uid as the same user, so they are granted similar access privileges.

Files and directories that can be written to by any user on the system.