You are previewing Solaris 8 Security.
O'Reilly logo
Solaris 8 Security

Book Description

Solaris 8 Security covers all the concepts and issues Solaris 8 administrators need to know in order to make and keep their Solaris 8 systems secure. This includes not only Solaris 8 security tools and features, but such subjects as cryptography and defenses against known attacks and vulnerabilities.

Readers learn practical, command-level defenses, such as:

  • How to configure a secure DNS server

  • What to do with /etc/inet/inetd.conf

  • How to make IPsec work

  • Why DES fails

  • How to identify and prevent system compromises

  • How not to configure sendmail

  • How to automate security checkups

  • The book provides a proactive approach to security. Coverage includes intrusion detection systems, network-level filtering, firewalls and other network-level systems.

    Table of Contents

    1. Copyright
    2. About the Author
    3. About the Technical Reviewers
    4. Acknowledgments
    5. Tell Us What You Think
    6. Preface
    7. Enterprise Security Framework
      1. Chapter 2: Security and Cryptography
      2. Chapter 3: System Security
      3. Chapter 4: Authentication and Authorization
      4. Chapter 5: Kerberos
      5. Chapter 6: Auditing and Accounting
      6. Chapter 7: Open Source Security Tools
      7. Chapter 8: Network Security
      8. Chapter 9: IP Security Architecture (IPsec)
      9. Chapter 10: Securing Network Services
      10. Appendixes
      11. Security Principles
      12. The Security Process
      13. Risk Management
      14. Calculating Risk
      15. Defining Security Policy
      16. Design Vulnerabilities
      17. Implementation Vulnerabilities
      18. Ascertaining Your Security Requirements
      19. Management Issues
      20. Justifying Investing in Security
      21. Security Training
      22. Security Perimeter Problems
      23. Access Control Models
      24. Low-Cost But Effective Security Measures
      25. Handling Security Incidents
      26. Evaluating the Efficiency of Security Measures
      27. Human Factors
      28. Social Engineering
      29. Remote-Access Control
      30. UNIX and Security
      31. Password Selection and Use
      32. Security for Business
      33. Summary
    8. Security and Cryptography
      1. Types of Algorithms
      2. Digital Certificates and Certifying Authorities (CAs)
      3. Keys
      4. Cryptanalysis
      5. Random and Pseudo-Random Number Generators
      6. Applications of Cryptography
      7. Sun Crypto Accelerator I Board
      8. Summary
    9. System Security
      1. Installation
      2. Patches and Maintenance Updates
      3. Configuring for Security
      4. Network Information Service Plus (NIS+) Security
      5. System Identification
      6. System Logs
      7. /etc/issue
      8. Automated Security Enhancement Tool (ASET)
      9. Solaris Fingerprint Database (sfpDB)
      10. www.sun.com/BigAdmin
      11. Summary
    10. Authentication and Authorization
      1. /etc/passwd and /etc/shadow
      2. /etc/logindevperm
      3. /etc/default/login
      4. /etc/default/su
      5. Secure Shell (SSH)
      6. Name Services
      7. RBAC
      8. Pluggable Authentication Modules (PAM)
      9. Service Access Facility (SAF)
      10. Open Card Framework (OCF)
      11. Kerberos
      12. Point-to-Point Protocol (PPP) Security
      13. Dial-Up Passwords
      14. Summary
    11. Kerberos
      1. What Does Kerberos Mean?
      2. A Brief History of Kerberos
      3. Kerberos and Solaris 8
      4. Kerberos Limitations
      5. Do You Need Kerberos?
      6. Planning Kerberos Deployment
      7. The Differences Between Kerberos 4 and 5
      8. How Does Kerberos Work?
      9. Configuring Kerberos
      10. Kerberos and the Network File System (NFS)
      11. Troubleshooting Kerberos
      12. Alternatives to Kerberos
      13. Summary
    12. Auditing and Accounting
      1. Auditing
      2. Accounting
      3. Summary
    13. Open Source Security Tools
      1. OpenSSH: Open Secure Shell
      2. OpenSSL: Open Secure Sockets Layer Library and Tool
      3. Nessus: Remote System Security Scanner
      4. nmap: Network-Mapping and Port-Scanning Tool
      5. sudo: Controlled su
      6. lsof: List Open Files
      7. ntop: Network Usage and Protocol Analyzer
      8. npasswd: New passwd
      9. top: Advanced ps
      10. TCP Wrappers: Advanced TCP Superdaemon
      11. chrootuid: Advanced chroot with the setuid Feature
      12. rpcbind: More Secure rpcbind
      13. logdaemon: Secure rlogind, rshd, login, rexecd, and ftpd Replacements
      14. argus: Audit Record Generation and Utilization System
      15. tcpdump: Network Monitoring and Data Acquisition Tool
      16. libpcap: Portable Packet-Capture Library
      17. genpass: Random-Password Generator
      18. xinetd: Extended Internet Superdaemon
      19. Summary
    14. Network Security
      1. Minimization for Network Security
      2. Fine-Tuning the Solaris 8 TCP/IP Stack
      3. Types of Firewalls
      4. Solaris Firewalls
      5. Router-Based Firewalls
      6. Network Intrusion Detection Systems
      7. Network/Port Address Translation (NAT/PAT)
      8. Network Troubleshooting
      9. Remote Vulnerability Testing: Nessus
      10. A Sample ndd(1M) Setup
      11. Summary
    15. IP Security Architecture (IPsec)
      1. Authentication Header (AH)
      2. Encapsulating Security Payload (ESP)
      3. IPsec Algorithms
      4. Security Associations (SAs)
      5. IPsec Transport Mode
      6. IPsec Tunneling
      7. Configuring IPsec on Solaris 8
      8. IPsec Virtual Private Networks (VPNs)
      9. Monitoring and Troubleshooting IPsec
      10. Summary
    16. Securing Network Services
      1. Securing BIND 9
      2. Securing E-Mail
      3. Securing FTP
      4. Securing X Windows (X11)
      5. Securing the Network File System (NFS)
      6. Securing the World Wide Web (WWW) Service
      7. Summary
    17. Internet Protocols
      1. For More Information
    18. TCP and UDP Port Numbers
    19. Solaris 8 Standards Conformance
    20. Types of Attacks and Vulnerabilities
      1. Attacks
      2. Vulnerabilities
    21. System and Network Security Checklist
      1. System Security Checklist
      2. /etc
      3. Network Security Checklist
    22. Security Resources
      1. Web Sites
      2. Mailing Lists
      3. Usenet Newsgroups
      4. Publications
        1. Books
      5. Incident Response Centers
    23. Trusted Solaris 8
      1. Internal and External Threats
      2. Mandatory Access Control
      3. Role-Based Access Control
      4. Profiles
      5. Privileges
      6. Labels
      7. Device Access
      8. Administration
      9. Trusted Common Desktop Environment
      10. Trusted Paths
      11. Summary
    24. SunScreen 3.1 Lite
      1. Installation
      2. Administration
      3. Rules
      4. Policies
      5. Objects
      6. Summary
    25. Glossary