Solaris 8 security

Solaris 8 Security covers all the concepts and issues Solaris 8 administrators need to know in order to make and keep their Solaris 8 systems secure. This includes not only Solaris 8 security tools and features, but such subjects as cryptography and defenses against known attacks and vulnerabilities. Readers learn practical, command-level defenses, such as: How to configure a secure DNS server What to do with /etc/inet/inetd.conf How to make IPsec work Why DES fails How to identify and prevent system compromises How not to configure sendmail How to automate security checkups The book provides a proactive approach to security. Coverage includes intrusion detection systems, network-level filtering, firewalls and other network-level systems.

1. Enterprise Security Framework. Security Principles. The Security Process. Risk Management. Calculating Risk. Defining Security Policy. Design Vulnerabilities. Implementation Vulnerabilities. Ascertaining Your Security Requirements. Management Issues. Justifying Investing in Security. Security Training. Security Perimeter Problems. Access Control Models. Low-Cost But Effective Security Measures. Handling Security Incidents. Evaluating the Efficiency of Security _Measures. Human Factors. Social Engineering. Remote-Access Control. UNIX and Security. Password Selection and Use. Security for Business. Summary. 2. Security and Cryptography. Types of Algorithms. Digital Certificates and Certifying _Authorities (CAs). Keys. Cryptanalysis. Random and Pseudo-Random Number Generators. Applications of Cryptography. Sun Crypto Accelerator I Board. Summary. 3. System Security. Installation. Patches and Maintenance Updates. Configuring for Security. Network Information Service Plus (NIS+) Security. System Identification. System Logs. /etc/issue. Automated Security Enhancement Tool (_ASET). Solaris Fingerprint Database (sfpDB). www.sun.com/BigAdmin. Summary. 4. Authentication and Authorization. /etc/passwd and /etc/shadow. /etc/logindevperm. /etc/default/login. /etc/default/su. Secure Shell (SSH). Name Services. RBAC. Pluggable Authentication Modules (PAM). Service Access Facility (SAF). Open Card Framework (OCF). Kerberos. Point-to-Point Protocol (PPP) Security. Dial-Up Passwords. Summary. 5. Kerberos. What Does Kerberos Mean? A Brief History of Kerberos. Kerberos and Solaris 8. Kerberos Limitations. Do You Need Kerberos? Planning Kerberos Deployment. The Differences Between Kerberos 4 and 5. How Does Kerberos Work? Configuring Kerberos. Kerberos and the Network File System _(NFS). Troubleshooting Kerberos. Alternatives to Kerberos. Summary. 6. Auditing and Accounting. Auditing. Accounting. Summary. 7. Open Source Security Tools. OpenSSH: Open Secure Shell. OpenSSL: Open Secure Sockets Layer Library and Tool. Nessus: Remote System Security Scanner. nmap: Network-Mapping and Port-Scanning _Tool. sudo: Controlled su. lsof: List Open Files. ntop: Network Usage and Protocol Analyzer. npasswd: New passwd. top: Advanced ps. TCP Wrappers: Advanced TCP Superdaemon. chrootuid: Advanced chroot with the setuid Feature. rpcbind: More Secure rpcbind. logdaemon: Secure rlogind, rshd, login, rexecd, and ftpd Replacements. argus: Audit Record Generation and Utilization System. tcpdump: Network Monitoring and Data Acquisition Tool. libpcap: Portable Packet-Capture Library. genpass: Random-Password Generator. xinetd: Extended Internet Superdaemon. Summary. 8. Network Security. Minimization for Network Security. Fine-Tuning the Solaris 8 TCP/IP Stack. Types of Firewalls. Solaris Firewalls. Router-Based Firewalls. Network Intrusion Detection Systems. Network/Port Address Translation _(NAT/PAT). Network Troubleshooting. Remote Vulnerability Testing: Nessus. A Sample ndd(1M) Setup. Summary. 9. IP Security Architecture (IPsec). Security Associations (SAs). IPsec Transport Mode. IPsec Tunneling. Configuring IPsec on Solaris 8. IPsec Virtual Private Networks (VPNs). Monitoring and Troubleshooting Ipsec. Summary. 10. Securing Network Services. Securing BIND 9. Securing E-Mail. Securing FTP. Securing X Windows (X11). Securing the Network File System (NFS). Securing the World Wide Web (WWW) _Service. Summary. A. Internet Protocols. For More Information. B. TCP and UDP Port Numbers. C. Solaris 8 Standards Conformance. D. Types of Attacks and Vulnerabilities. Attacks. Vulnerabilities. E. System and Network Security _Checklist. System Security Checklist. /etc. Network Security Checklist. F. Security Resources. Web Sites. Mailing Lists. Usenet Newsgroups. Publications. Books. Incident Response Centers. G. Trusted Solaris 8. Internal and External Threats. Mandatory Access Control. Role-Based Access Control. Profiles. Privileges. Labels. Device Access. Administration. Trusted Common Desktop Environment. Trusted Paths. Summary. H. SunScreen 3.1 Lite. Installation. Administration. Rules. Policies. Objects. Summary. Glossary. Index.