- Shopping Bag ( 0 items )
Ships from: Zephyrhills, FL
Usually ships in 1-2 business days
Ships from: Chatham, NJ
Usually ships in 1-2 business days
Ships from: acton, MA
Usually ships in 1-2 business days
|Pt. I||Solaris Operating Environment Security|
|1||Solaris Operating Environment Security||3|
|2||Network Settings for Security||41|
|Pt. II||Architecture Security|
|5||Building Secure N-Tier Environments||111|
|Pt. III||Justification for Security|
|6||How Hackers Do It: Tricks, Tools, and Techniques||129|
|Pt. IV||Tools Security|
|7||Solaris Fingerprint Database||151|
|Pt. V||Hardware and Software Security|
|8||Securing the Sun Fire 15K System Controller||163|
|9||Securing Sun Fire 15K Domains||191|
|10||Securing Sun Enterprise 10000 System Service Processors||215|
|11||Sun Cluster 3.0 (12/01) Security with the Apache and iPlanet Web and Messaging Agents||255|
|12||Securing the Sun Fire Midframe System Controller||283|
|Pt. VI||Solaris Security Toolkit Documentation|
|14||Installation, Configuration, and User Guide||337|
This book is one of an ongoing series of books collectively known as the SunBluePrints program. This book provides a compilation of best practices andrecommendations, previously published as Sun BluePrints Online articles, forsecuring Solaris Operating Environment (Solaris OE).
This book applies to Solaris OE Versions 2.5.1, 2.6, 7, and 8.About This Book
Securing computer systems against unauthorized access is one of the most pressingissues facing today's datacenter administrators. Recent studies suggest that thenumber of unauthorized access continues to rise, as do the monetary lossesassociated with these security breaches.
As with any security decisions, a balance must be attained between systemmanageability and security.
Many attacks have preventative solutions available; however, every day, hackerscompromise systems using well-known attack methods. Being aware of how theseattacks are performed, you can raise awareness within your organization for theimportance of building and maintaining secure systems. Many organizations makethe mistake of addressing security only during installation, then never revisit it.Maintaining security is an ongoing process and is something that must be reviewedand revisited periodically.Sun BluePrints Program
The mission of the Sun BluePrints Program is to empower Sun's customers with thetechnical knowledge required to implement reliable, extensible, and secureinformation systems within the datacenter using Sun products. This programprovides a framework to identify, develop, and distribute best practices informationthat applies across the Sun product lines. Experts in technical subjects in variousareas contribute tothe program and focus on the scope and usefulness of theinformation.
The Sun BluePrints Program includes books, guides, and online articles. Throughthese vehicles, Sun can provide guidance, installation and implementationexperiences, real-life scenarios, and late-breaking technical information.
The monthly electronic magazine, Sun BluePrints OnLine, is located on the Web at:
To be notified about updates to the Sun BluePrints Program, please register yourselfon this site.Who Should Use This Book
This book is primarily intended for the busy system administrator (SA) who needshelp handling nonsecure systems. Secondary audiences include individuals whoarchitect and implement systems—for example, architects, consultants, andengineers.Before You Read This Book
You should be familiar with the basic administration and maintenance functions ofthe Solaris OE. You should also have an understanding of standard networkprotocols and topologies.
Because this book is designed to be useful to people with varying degrees ofexperience or knowledge of security, your experience and knowledge are thedetermining factors of the path you choose through this book.How This Book Is Organized
This book is organized into six parts that organize security best practices andrecommendations as follows:Part I—Solaris Operating Environment Security
Chapter 1 "Solaris Operating Environment Security" by Alex Noordergraaf and KeithWatson describes the Solaris OE subsystems and the security issues surroundingthose subsystems. This chapter provides recommendations on how to secure SolarisOE subsystems.
Chapter 2 "Network Settings for Security" by Keith Watson and Alex Noordergraafdescribes known attack methods so that administrators become aware of the need toset or change network settings. The application of most of these network securitysettings requires planning and testing and should be applicable to most computingenvironments.
Chapter 3 "Minimization" by Alex Noordergraaf focuses on practices andmethodology (processes) that improve overall system security by minimizing andautomating Solaris OE installation.
Chapter 4 "Auditing" by Will Osser and Alex Noordergraaf was derived from anauditing case study and includes a set of audit events and classes usable on Solaris 8OE.Part II—Architecture Security
Chapter 5 "Building Secure N-Tier Environments" by Alex Noordergraaf providesrecommendations for architecting and securing N-Tier environments.Part III—Justification for Security
Chapter 6 "How Hackers Do It: Tricks, Tools, and Techniques" by Alex Noordergraafdescribes the tricks, tools, and techniques that hackers use to gain unauthorizedaccess to Solaris OE systems.Part IV—Tools for Security
Chapter 7 "Solaris Fingerprint Database" by Vasanthan Dasan, Alex Noordergraaf, andLou Ordorica provides an introduction to the Solaris Fingerprint Database (sfpDB).Part V—Hardware and Software Security
Chapter 8 "Securing the Sun Fire 15K System Controller" by Alex Noordergraaf andDina Kurktchi provides recommendations on how to enhance the security of a SunFire 15K system controller (SC).
Chapter 9 "Securing Sun Fire 15K Domains" by Alex Noordergraaf and Dina Kurktchidocuments all of the security modifications that can be performed on a Sun Fire 15Kdomain without negatively affecting its behavior.
Chapter 10 "Securing Sun Enterprise 10000 System Service Processors" by AlexNoordergraaf describes a secure Sun Enterprise 10000 configuration that is fully Sunsupported. It provides tips, instructions, and guidance for creating a more secureSun Enterprise 10000 system.
Chapter 11 "Sun Cluster 3.0 (12/01) Security with the Apache and iPlanet Web andMessaging Agents" by Alex Noordergraaf, Mark Hashimoto, and Richard Lau describesa supported procedure by which certain Sun Cluster 3.0 (12/01) software agents canbe run on secured and hardened Solaris OE systems.
Chapter 12 "Securing the Sun Fire Midframe System Controller" by AlexNoordergraaf and Tony M. Benson provides recommendations on how to securelydeploy the Sun Fire System Controller (SC).Part VI—Solaris Security Toolkit Documentation
Chapter 13 "Quick Start" by Alex Noordergraaf and Glenn Brunette is for individualswho want to get started with the Solaris Security Toolkit software as quickly aspossible. Only the bare essentials in getting the Solaris Security Toolkit softwaredownloaded and installed are addressed.
Chapter 14 "Installation, Configuration, and User Guide" by Alex Noordergraaf andGlenn Brunette describes the advanced configuration and user options available inversion 0.3 of the Solaris Security Toolkit software.
Chapter 15 "Internals" by Alex Noordergraaf and Glenn Brunette describes all of thedirectories and scripts used by the Solaris Security Toolkit software to harden andminimize Solaris OE systems.
Chapter 16 "Release Notes" by Alex Noordergraaf and Glenn Brunette describes thechanges made to the Solaris Security Toolkit since the release of version 0.2 inNovember of 2000.
Note - This book does not contain an Index.Ordering Sun Documents
The SunDocs SM program provides more than 250 manuals from Sun Microsystems,Inc. If you live in the United States, Canada, Europe, or Japan, you can purchasedocumentation sets or individual manuals through this program.Accessing Sun Documentation Online
docs.sun.com web site enables you to access Sun technical documentationonline. You can browse the docs.sun.com archive or search for a specific book titleor subject. The URL is as follows:
At the end of each chapter in this book is a "Related Resources" section, whichprovides references to publications and web sites applicable to the information ineach chapter.Sun Welcomes Your Comments
We are interested in improving our documentation and welcome your commentsand suggestions. You can email your comments to us at:
email@example.comAbout the Authors
Alex Noordergraaf authored or worked with other authors on the chapters in thisbook. In some cases, he was the primary author, and in other cases, he was a co-author.Refer to "How This Book Is Organized" on page xxiii for the names ofauthors for each chapter. The following provides biographical information for allauthors, in alphabetical order by last name.Tony M. Benson
Tony Benson has over twenty years of experience of developing software solutionsin the areas of military, aerospace, and financial applications. As a Staff Engineer inthe Enterprise Server Products group of Sun Microsystems, he is developing systemmanagement solutions for the Enterprise Server Product line. Prior to his role in theEnterprise Server Products group, he developed secure, distributed revenuecollection systems for a worldwide base of customers in the transit industry.Glenn Brunette
Glenn Brunette has more than eight years of experience in the areas of computer andnetwork security. Glenn currently works with in the Sun Professional Services SMorganization where he is the Lead Security Architect for the Northeastern USAregion. In this role, he works with many Fortune 500 companies to deliver tailoredsecurity solutions such as assessments, architecture design and implementation, aswell as policy and procedure review and development. His customers have includedmajor financial institutions, ISP, New Media, and government organizations.
In addition to billable services, Glenn works with the Sun Professional ServicesGlobal Security Practice and Enterprise Engineering group on the development andreview of new security methodologies, best practices, and tools.Vasanthan Dasan
Vasanthan Dasan is an ES Principal Engineer, one of five high-ranked engineers inSun's Enterprise Services. Vasanthan joined Sun Microsystems in 1992 and iscurrently a Technology Strategist in the Support Services Global Strategy BusinessDevelopment group. He is responsible for architecting application availabilityservices and for providing technical expertise on merger and acquisition activities.
Vasanthan was the Chief Architect for Support Services Engineering, responsible fordeveloping online support services for Sun's customer support engineers andexternal customers. Prior to that, he worked on Solaris products such as CacheFS,AutoClient, Solstice PC Products, and JumpStart as part of the Solaris engineeringteam. Vasanthan co-authored Hands-On Intranet, published by Prentice Hall, andhas written numerous Sun whitepapers. He was largely responsible for Sun's earlyadoption of the Web in 1994, and holds one of the industry's first Web patents,awarded for the invention of web-based personal newspapers.Mark Hashimoto
Mark Hashimoto has been with Sun Microsystems in Menlo Park, California, for thepast three years. Currently, he is developing the user interface components for theSun Cluster Products group. Mark was also one of the originators of the SunPlexManager GUI tool. Mark holds a Master's degree in Computer Science from theUniversity of Arizona.Dina Kurktchi
Dina Kurktchi is a senior software engineer with 15 years of experience in manyareas from device drivers to databases. Her last four years have been focused insecure software development and deployment of security system solutions such asvulnerability assessment tools, intrusion detection systems, and public keyinfrastructures. Currently, she works with the Enterprise Systems Group at SunMicrosystems.Richard Lau
Richard Lau has three years of working experience. As part of the Sun Cluster QAgroup of Sun Microsystems, his duties include Sun Cluster 2.2 patch testing, testingnew features, and performing regression tests for Sun Cluster 3.0 products.Alex Noordergraaf
Alex Noordergraaf has over 10 years of experience in the areas of computer andnetwork security. As the Security Architect of the Enterprise Server Products (ESP)group at Sun Microsystems, he is responsible for the security of Sun servers. He isthe driving force behind the very popular freeware Solaris Security Toolkit. Prior tohis role in ESP, he was a Senior Staff Engineer in the Enterprise Engineering (EE)group of Sun Microsystems, where he developed, documented, and publishedsecurity best practices through the Sun BluePrints program. Published topicsinclude: Sun Fire Midframe 15K system security, secure N-tier environments, SolarisOE minimization, Solaris OE network settings, and Solaris OE security. He co-authoredJumpStart Technology: Effective Use in the Solaris Operating Environment.
Prior to his role in EE, he was a Senior Security Architect with Sun ProfessionalServices where he worked with many Fortune 500 companies on projects thatincluded security assessments, architecture development, architectural reviews, andpolicy/procedure review and development. He developed and delivered anenterprise security assessment methodology and training curriculum to be usedworldwide by Sun Professional Services. His customers included majortelecommunication firms, financial institutions, ISPs, and ASPs. Before joining Sun,Alex was an independent contractor specializing in network security. His clientsincluded BTG, Inc. and Thinking Machines Corporation.Lou Ordorica
Lou Ordorica worked for several years as a system administrator at SunMicrosystems. He went on to teach and write about system administration for Sun'semployees and customers, and is currently providing online support to customersusing the Web.Will Osser
Will Osser has over eight years of experience in the area of Computer and NetworkSecurity. He has worked extensively with B-1 secure UNIX(R) systems in a variety ofroles including developing, sustaining, pre- and post-sales support, as well astraining. He has also worked as a security consultant designing system and softwarearchitecture. Will is currently a software engineer working for Sun Microsystems inthe Solaris Secure Technology Group.
Will joined Sun directly after completing his Master's Thesis in ComputerEngineering at the University of California.Keith Watson
Keith Watson has spent nearly four years at Sun working in the area of computerand network security. He is currently the product manager for core Solaris security.Previously, Keith was a member of the Global Enterprise Security Service (GESS)team in Sun Professional Services. He is also a co-developer of an enterprise networksecurity auditing tool named the Sun Enterprise Network Security Service (SENSS).Prior to joining Sun, Keith was part of the Computer Operations, Audit, andSecurity Technologies (COAST) laboratory (now part of the CERIAS research center)at Purdue University.