• Skip to main content
  • Skip to primary navigation
  • Skip to primary sidebar
  • UC Berkeley
  • Berkeley Engineering
  • EECS
Header Search Widget
IRIS

Instructional & Research Information Systems

  • About Us
  • Get Started
  • Get Help
  • FAQ
    • FAQ: Accounts
    • FAQ: EECS Slack
    • FAQ: File Storage
    • FAQ: Hardware
    • FAQ: MacOS
    • FAQ: Mail
    • FAQ: Mailing Lists
    • FAQ: Network
    • FAQ: Security
    • FAQ: Unix
    • FAQ: Web
    • FAQ: Windows
  • Services
    • Accounts
    • Backups
    • E-mail
    • EECS Login Servers
    • File Storage
    • Infrastructure
    • Mailing Lists
    • Network
    • Printing
    • Room Reservations
    • Security
    • Software
    • Unix
    • Web
  • Policies
  • Forms
    • System Registration/Update
    • Account Request Form
    • Network Problem Report
    • Project Storage Request
    • SSL Certificate Request
    • All Other Forms
  • Rates

Please Check That Your X Window System Is Secure

February 7, 2007 by Mark Kraitchman

Please check that your X Window system is secure.

X Windows is a networking and display protocol environment using a GUI
(graphical user interface). Common X Window servers include XFree86
and Xorg in UNIX style systems and Exceed, WinAXE, Cygwin’s Xwin on
Microsoft Windows systems.

In January 2007, it was discovered that there were keystroke logs on a
system at another University containing data from nine systems in
EECS. Eight of the systems were running various versions of the
Microsoft Windows operating system and one was running linux. We must
assume these keystroke logs contained all passwords used on these
hosts as well as all passwords used to connect to other hosts. It is
suspected that all 9 of the systems had insecure X Window Systems.

IRIS advises usng a layered approach to securing your X Window
System. Access to the X server should be controlled. Typically UNIX
style systems by default do control access to the X server, but a user
can overide the default. Typically Exceed on Windows by default allows
any remote host access to the X server; this is a bad thing.

In addition to controlling access to the X server by utilizing proper
configuration of the X Window system and using the related tools
properly, another layer of security can be added. A properly
configured host based firewall blocking unauthorized remote
access to the X server, typically 6000/tcp, is also recommended.

John Kim from the campus SNS (System and Network Security) group has
written a good knowledge base article concerning securing X Window
systems. The article contains details about configuring Exceed, the
Microsoft Windows firewall and the Symantec Client Security firewall at

https://security.berkeley.edu/node/373

It is also recommended that X traffic be encrypted for
example through an encrypted ssh tunnel.

If you need further help with securing your X Windows system please
contact your computer support person(s) or the EECS Helpdesk
(help@eecs, 395 Cory 9am-5pm, 313 Soda 10am-5pm, 642-7777).

Filed Under: News

Primary Sidebar

IRIS Service Status

Green
We have 0 Active Incidents, and 0 Scheduled Maintenances noted.

IST Service Status

Outages to campus services are listed at berkeley.statusdashboard.com.
  • About
  • Contact
  • Privacy
  • Accessibility
  • Nondiscrimination

© 2022–2025 UC Regents  |  Log in