Solaris 8 Security

Edgar Danielyan is a highly respected Solaris guru whose passion for Solaris is evident in the popular column he writes for Inside Solaris magazine. He is a Cisco Certified Security Specialist and veteran member of USENIX, SAGE, ACM and the Computer Society. He co-founded a national ISP and worked for the Ministry of Defense, Computer Center of the Council of Ministers, and a major bank. He has more than seven years of "UNIX on Internet" experience (technical, consulting, and managerial positions), including the last four years working exclusively on Solaris. He has written and lectured on network and UNIX security for the past two years.

1. Enterprise Security Framework.


Security Principles. The Security Process. Risk Management. Calculating Risk. Defining Security Policy. Design Vulnerabilities. Implementation Vulnerabilities. Ascertaining Your Security Requirements. Management Issues. Justifying Investing in Security. Security Training. Security Perimeter Problems. Access Control Models. Low-Cost But Effective Security Measures. Handling Security Incidents. Evaluating the Efficiency of Security _Measures. Human Factors. Social Engineering. Remote-Access Control. UNIX and Security. Password Selection and Use. Security for Business. Summary.



2. Security and Cryptography.


Types of Algorithms. Digital Certificates and Certifying _Authorities (CAs). Keys. Cryptanalysis. Random and Pseudo-Random Number Generators. Applications of Cryptography. Sun Crypto Accelerator I Board. Summary.



3. System Security.


Installation. Patches and Maintenance Updates. Configuring for Security. Network Information Service Plus (NIS+) Security. System Identification. System Logs. /etc/issue. Automated Security Enhancement Tool (_ASET). Solaris Fingerprint Database (sfpDB). www.sun.com/BigAdmin. Summary.



4. Authentication and Authorization.


/etc/passwd and /etc/shadow. /etc/logindevperm. /etc/default/login. /etc/default/su. Secure Shell (SSH). Name Services. RBAC. Pluggable Authentication Modules (PAM). Service Access Facility (SAF). Open Card Framework (OCF). Kerberos. Point-to-Point Protocol (PPP) Security. Dial-Up Passwords. Summary.



5. Kerberos.


What Does Kerberos Mean? A Brief History of Kerberos. Kerberos and Solaris 8. Kerberos Limitations. Do You Need Kerberos? Planning Kerberos Deployment. The Differences Between Kerberos 4 and 5. How Does Kerberos Work? Configuring Kerberos. Kerberos and the Network File System _(NFS). Troubleshooting Kerberos. Alternatives to Kerberos. Summary.



6. Auditing and Accounting.


Auditing. Accounting. Summary.



7. Open Source Security Tools.


OpenSSH: Open Secure Shell. OpenSSL: Open Secure Sockets Layer Library and Tool. Nessus: Remote System Security Scanner. nmap: Network-Mapping and Port-Scanning _Tool. sudo: Controlled su. lsof: List Open Files. ntop: Network Usage and Protocol Analyzer. npasswd: New passwd. top: Advanced ps. TCP Wrappers: Advanced TCP Superdaemon. chrootuid: Advanced chroot with the setuid Feature. rpcbind: More Secure rpcbind. logdaemon: Secure rlogind, rshd, login, rexecd, and ftpd Replacements. argus: Audit Record Generation and Utilization System. tcpdump: Network Monitoring and Data Acquisition Tool. libpcap: Portable Packet-Capture Library. genpass: Random-Password Generator. xinetd: Extended Internet Superdaemon. Summary.



8. Network Security.


Minimization for Network Security. Fine-Tuning the Solaris 8 TCP/IP Stack. Types of Firewalls. Solaris Firewalls. Router-Based Firewalls. Network Intrusion Detection Systems. Network/Port Address Translation _(NAT/PAT). Network Troubleshooting. Remote Vulnerability Testing: Nessus. A Sample ndd(1M) Setup. Summary.



9. IP Security Architecture (IPsec).


Security Associations (SAs). IPsec Transport Mode. IPsec Tunneling. Configuring IPsec on Solaris 8. IPsec Virtual Private Networks (VPNs). Monitoring and Troubleshooting Ipsec. Summary.



10. Securing Network Services.


Securing BIND 9. Securing E-Mail. Securing FTP. Securing X Windows (X11). Securing the Network File System (NFS). Securing the World Wide Web (WWW) _Service. Summary.



A. Internet Protocols.


For More Information.



B. TCP and UDP Port Numbers.


C. Solaris 8 Standards Conformance.


D. Types of Attacks and Vulnerabilities.


Attacks. Vulnerabilities.



E. System and Network Security _Checklist.


System Security Checklist. /etc. Network Security Checklist.



F. Security Resources.


Web Sites. Mailing Lists. Usenet Newsgroups. Publications. Books. Incident Response Centers.



G. Trusted Solaris 8.


Internal and External Threats. Mandatory Access Control. Role-Based Access Control. Profiles. Privileges. Labels. Device Access. Administration. Trusted Common Desktop Environment. Trusted Paths. Summary.



H. SunScreen 3.1 Lite.


Installation. Administration. Rules. Policies. Objects. Summary.



Glossary.


Index.