Hack Proofing Sun Solaris 8

The Complete Guide to Hack Proofing Sun Solaris 8

"As a child, my father and I tried to design a birdfeeder that was easily accessible by birds but impossible to reach by squirrels. Our birdfeeders ranged from the simple to the absurd. Each design worked temporarily, but eventually the squirrels would figure out a way around our defenses. Our efforts were helping breed a smarter, craftier squirrel. The "Ultimate Squirrel-Proof Birdfeeder" scenario is similar to the challenges we face in computer security. How can we provide easy access to resources by the authorized users and still deny unauthorized access? Luckily, as Solaris System Administrators, we have some excellent tools available to us. Sun Microsystems has spent a great deal of effort in designing Solaris to be both stable and secure. This book is your reference guide for not only securing your Solaris systems, but also for securing the environment in which they operate."

1. Configure Default Settings on a Newly Installed Solaris 8 System
Review the basics of testing, monitoring, and documenting security procedures.

2. Learn about Third-Party Security Tools to Secure and Monitor Systems
You will find recommendations of valuable tools to have on hand, where to get them, and how to configure them.

3. Manage How Users Are Authenticated
Securely identify your users, reject those who don't belong, log failed access attempts, and revise the system as new threats arise.

4. Understand How to Secure Your Files
Configure file permissions and commonly used protocols such as FTP and NFS to transfer information safely.

5. Explore Options for Providing Secure Network Services
Provide secure access on both sides of the router.

6. Provide Secure DNS and DHCP Services to Network Clients
Harden your Solaris systems' network services so an attacker won't easily succeed with remote attacks.

7. Configure a Secure Web and E-Mail Server
Provide your network users secure and stable access to e-mail and the Internet.

8. Configure Solaris to Be a Router and Provide Firewall Services
See why Solaris is a good choice for a router. Combat Code Red! Use Perl scripts to identify the Code Red URL and counter attack.

9. Register for Your 1 Year Upgrade
The Syngress Solutions upgrade plan protects you from content obsolescence and provides monthly mailings, whitepapers, and more!

Contents

CHAPTER 1

INTRODUCING SOLARIS SECURITY: EVALUATING YOUR RISK

·     Exposing Default Solaris Security Levels

·     Evaluating Current Solaris Security Configurations

·     Monitoring Solaris systems

·     Testing Security

·     Securing Against Physical Inspections

·     Documenting Security Procedures and Configuration

·     Summary

·     Solutions Fast Track

·     Frequently Asked Questions

CHAPTER 2

SECURING SOLARIS WITH THE BUNDLED SECURITY TOOLS

·     Choosing Trusted Solaris 8

·     Using SunScreen SKIP

·     Understanding Java's Security Measures

·     Using the Solaris Security Toolkit (JASS)

·     Summary

·     Solutions Fast Track

·     Frequently Asked Questions

CHAPTER 3

SECURING SOLARIS WITH FREEWARE SECURITY TOOLS

·     Detecting Vulnerabilities with Port Scanning

·     Discovering Unauthorized Systems Using IP Scanning

·     Detecting Unusual Traffic with Network Traffic Monitoring

·     Using Sudo

·     Summary

·     Solutions Fast Track

·     Frequently Asked Questions

CHAPTER 4

SECURING YOUR USERS

·     Creating Secure Group Memberships

·     Understanding Solaris User Authentication

·     Authenticating Users with NIS and NIS+

·     Authenticating Users with Kerberos

·     Authenticating Users with the Pluggable Authentication Module (PAM)

·     Summary

·     Solutions Fast Track

·     Frequently Asked Questions

CHAPTER 5

SECURING YOUR FILES

·     Establishing Permissions and Ownership

·     Using NFS

·     Locking Down FTP Services

·     Using Samba

·     Restoring Files

·     Summary

·     Solutions Fast Track

·     Frequently Asked Questions

CHAPTER 6

SECURING YOUR NETWORK

·     Configuring Solaris as a DHCP Server

·     Securing DNS Services on Solaris

·     Configuring Solaris to Provide Printing Services

·     Using X-Server Services Securely

·     Using Remote Commands

·     Summary

·     Solutions Fast Track

·     Frequently Asked Questions

CHAPTER 7

PROVIDING SECURE WEB AND MAIL SERVICES

·     Configuring Security Features of an Apache Web Server

·     Monitoring Web Page Usage and Activity

·     Configuring Security Features of Sendmail

·     Configuring Aliases and Mailboxes on a Solaris Sendmail Server

·     Summary

·     Solutions Fast Track

·     Frequently Asked Questions

CHAPTER 8

CONFIGURING SOLARIS AS A SECURE ROUTER, GATEWAY, AND FIREWALL

·     Configuring Solaris as a Secure Router

·     Configuring Solaris as a Secure Gateway

·     Configuring Solaris as a Firewall

·     Guarding Internet Access

·     Summary

·     Solutions Fast Track

·     Frequently Asked Questions

CHAPTER 9

USING SQUID ON SOLARIS

·     The Default Settings of a Squid Installation

·     Configuring Access to Squid Services

·     Excluding Access to Restricted Web Sites

·     Summary

·     Solutions Fast Track

·     Frequently Asked Questions

CHAPTER 10

DISSECTING HACKS

·     Securing Against Denial of Service Hacks

·     Securing Against Buffer Overflow Hacks

·     Securing Against Brute Force Hacks

·     Securing Against Trojan Horse Hacks

·     Securing Against IP Spoofing

·     Summary

·     Solutions Fast Track

·     Frequently Asked Questions

CHAPTER 11

DETECTING AND DENYING HACKS

·     Monitoring for Hacking Activity

·     Using Automated E-mail and Paging to Alert System Administrators

·     What To Do Once a Hack Has Been Detected

·     Monitoring Solaris Log Files

·     Summary

·     Solutions Fast Track

·     Frequently Asked Questions