Solaris Security

Solaris Security
by Peter H. Gregory
Paperback: 290 pages

Publisher: Prentice Hall PTR; 1st edition (August 17, 1999)

Language: English

ISBN-10: 0130960535
ISBN-13: 978-0130960535

Product Description

Provides a concise guide to maintaining secure systems in the Solaris environment. Covers standalone and networked systems running Solaris and presents a special section on disaster preparation and recovery operations. Softcover. DLC: Computer security.

From the Inside Flap
PrefaceWho Should Read This BookSolaris Security has two audiences — IS/IT and security managers and UNIX administrators.The content for IS/IT and security managers appears primarily inChapter 1, “The Security Problem”Chapter 2, “The Security Paradigm”Chapter 10, “Network/System Architecture”Chapter 16, “System Recovery Preparation”The remaining chapters in the book are primarily technical and written for the UNIX administrator. However, any IS/IT or security manager who needs to learn more about UNIX technology (in the security context) will find all of the technical chapters easy to read. Most chapters open with “What’s in this chapter” and “Why this is important” sections. This allows you to choose whether any particular chapter needs immediate attention or whether it can or should be considered in the future.A Quick Look at the ContentsThis book discusses the physical, logical, and human-factor aspects of computer and network security in the specific context of Solaris 2.x and Solaris 7 running on Sun Microsystems computers. There are five parts.Introduction. The computer security problem is dramatically illustrated in chapter 1, “The Security Problem.” Chapter 2, “The Security Paradigm,” is a principle-based prescription recommended for use by all UNIX administrators, but also applicable to those managing computers of other vintages.The standalone system. This part focuses on the computer itself and covers all aspects of security. Regardless of whether or not it is connected to a network, every system is also a standalone system. Chapter 3, “PROM, OpenBoot, and Physical Security,” covers one of the least-known vulnerabilities of a Solaris system, as well as practical means for securing a Sun on a desktop or in a data center. Chapter 4, “The Filesystem,” is a comprehensive review of file and directory security, and includes sections on filesystem auditing tools and suggestions for UNIX administrators. Everything about user accounts is discussed in chapter 5, “User Accounts and Environments.” The intricacies of system booting are covered in Chapter 6, “System Startup and Shutdown.” Chapter 7, “cron and at,” and chapter 8, “System Logs,” provide a thorough look at those respective areas.The network-connected system. This part of the book is dedicated to the role and place of a Sun system on a network. Most severe vulnerabilities of a system are related to its being connected to a network. Chapter 9, “Network Interfaces and Services,” discusses the logical attachment of Sun systems to the network and its vulnerable services. The principles of network and system architecture are covered in chapter 10, “Network/System Architecture.” “Electronic Mail” is the topic of chapter 11. Chapter 12 reveals vulnerabilities with printing. Chapter 13, “Network Access Control,” describes the best means for controlling access to a system via the network. DNS, NIS, and NIS+ are discussed in chapter 14, “Name Services.” Chapter 15, “NFS and the Automounter,” dissects these services and offers ways of improving their security.Disaster and recovery. Disasters, whether caused by human error, malice, or natural events, will occur. Chapter 16, “System Recovery Preparation,” gives a detailed look at the measures to be taken before a disaster strikes to ensure a rapid, accurate, and complete recovery.Appendices. Appendix A, “Online Sources for Security Information,” is a thorough review of web sites, FTP sites, and mailing lists. Likewise, a comprehensive list of security tool sources is found in appendix B, “Online Sources for Public-Domain Security Tools.” Complete information on Solaris patches is found in appendix C, “Obtaining and Applying Solaris Patches.” Appendix D, “Suggested Reading,” refers the reader to online and in-print publications of further interest. Sun’s Solaris security products are discussed in appendix E. The steps required to implement and manage C2 security are found in appendix F. Appendix G explains how to verify the integrity of public-domain software. A glossary of attacks appears in appendix H. Appendix I is a secure system checklist.Technical Prerequisites for the PractitionerSolaris Security is written for the intermediate to advanced UNIX administrator who needs a thorough understanding of the Solaris operating system from a security perspective. If you are a technical reader, you should have the following tools and experience:A C compiler — either one furnished by Sun or the Gnu C compiler. This is because most public-domain tools are packaged in source form only and require compilation.Some experience with building public-domain tools on a UNIX system. This is not as critical a requirement as it was during UNIX’s first decade, when public-domain tools were not as portable, where they required a lot of modification before they would compile (much less work properly). Further, advances in the configuration tools that accompany most public-domain packages permit those with little or no experience with the C language to get even the most complex public-domain tools up and running.Conventions Used in This BookCommands and FilenamesI emphasize commands and filenames within paragraphs with italics. For example, the file /etc/passwd contains system password information. The trap command is used to prevent premature exit.Commands and filenames outside of paragraphs are set in Courier font; for exampleshare -F NFS -o rw=homeusers -d “Home Directories” /export/homePortions of commands indicating syntax (vs. the actual intended content) are set in italics, as follows.share -F FStype -o options -d description pathIn the example above, FStype, options, description, and path are to be replaced with actual values appropriate in practice (I will always point this out in the text where such examples occur in the book).File Contents and ScriptsShell scripts and the contents of computer files are set apart from paragraphs and are set in Courier font. The following example user’s .profile file illustrates.# .profile file for application userstrap exit 1 2 3 15PATH=/export/app/binexec /export/app/bin/applicationexitA sample /etc/default/passwd file appears as follows.#ident “@(#)passwd.dfl 1.3 92/07/14 SMI”MAXWEEKS=4MINWEEKS=1WARNWEEKS=3PASSLENGTH=6Computer SessionsExamples of sessions with the computer are set apart from paragraphs and set in Courier font. Input from the user is underlined to distinguish it from computer output. An example session follows.% iduid=1001(jim) gid=101(users)% su bobPassword: ********% iduid=1004(bob) gid=102(cust)% lp -d localprinter /home/bob/eom.prtrequest-id is localprinter-87 (1 file(s))% Also note from this example that the user-entered password is represented by a string of underlined asterisks. In reality, Solaris does not echo any actual characters typed when a user enters a password; the underlined asterisks signify a user entering non-echoed text.Note: Some commands include the underscore (_) character, which is obscured in underlined text. Commands with underscores are not underlined in this book, and all such examples are footnoted. An example command with an underscore follows.# ndd -set /dev/ip ip_forwarding 0Cautions and WarningsSpecial notes and cautions are set apart, like this.Caution: /usr/bin/su has the SetUID bit turned on. Su will no longer work if this bit is turned off.Sources for InformationThis book references several information sources. Each chapter ends with a section entitled “Where to Go for Additional Information” in which one or more of the following types of references are cited.AnswerBook. This is an online reference provided by Sun and included with the Solaris 2.x release media. AnswerBook employs hyperlinks to give you the ability to quickly retrieve documents referenced within other documents. Any user can start a local AnswerBook session with the answerbook (Sun’s proprietary browser that predates Web technology) or answerbook2 (Web browser interface) command.Man pages. This is the original UNIX command reference, useful if you know the command or file name you wish to learn more about.Note: Man page references in this book contain the man page section number to help differentiate those instances where an entry appears in more than one section. For example, when the passwd man page is cited, it may appear as “passwd(1M)” (the passwd command) or “passwd(4)” (the passwd file). To call up the “passwd(1M)” man page, enter the command man -s 1M passwd. To call up the “passwd(4)” man page, enter the command man -s 4 passwd.docs.sun.SunSolve. This is an information service made available to Sun customers on current maintenance or support contracts.A userid and password are required to use this site.Web sites. These are organizations or collections of information useful for the security specialist.Publications. This ranges from paper to electronic magazines, books, and articles.Security Remedies and Public-Domain SoftwareThis book illustrates security weaknesses in the Solaris operating system and proposes remedies for those weaknesses. Remedies take the form ofSyste

See all Editorial s
(read more about this book…)

Popularity: 1% [?]

Note: We do not host these ebook files. If you have any complaint of copyright, please comment or contact us. We'll remove the download link immediatly!

• The CPA Technology Advisor
• Restaurants & Institutions
• Major Logistics Company Previene la Caida del Sistema IBM i(i5/OS) durante la Temporada de Huracanes

We are pleased to offer you this exciting, new, and entirely free professional resource. Visit our Free Industry resource center today to browse our selection of 600+ complimentary Industry magazines, white papers, webinars, podcasts, and more.
Download Links:
Link1
Depositfiles
Tools to Download Faster
TweetBucks, Linkbee

Related eBooks - Up | Down