Solaris 10 Security Essentials (Solaris System Administration Series)

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $21.95
Usually ships in 1-2 business days
(Save 51%)
Other sellers (Paperback)
  • All (13) from $21.95   
  • New (8) from $28.60   
  • Used (5) from $21.95   


Solaris10 Security Essentials describes the various security technologies contained in the Solaris operating system. The book describes how to make installations secure and how to configure the OS to the particular needs of your environment, whether your systems are on the edge of the Internet or running a data center. The authors present the material in a straightforward way that makes a seemingly arcane subject accessible to system administrators at all levels.

The strengths of the Solaris operating system’s security model are its scalability and its adaptability. It can protect a single user with login authentication or multiple users with Internet and intranet configurations requiring user-rights management, authentication, encryption, IP security, key management, and more. This book is written for users who need to secure their laptops, network administrators who must secure an entire company, and everyone in between.

The book’s topics include

  • Zones virtualization security
  • System hardening
  • Trusted Extensions (Multi-layered Security)
  • Privileges and role-based access control (RBAC)
  • Cryptographic services and key management
  • Auditing
  • Network security
  • Pluggable Authentication Modules (PAM)

Solaris10 Security Essentials is the first in a new series on Solaris system administration. It is a superb guide to deploying and managing secure computer environments.

Read More Show Less

Product Details

Meet the Author

This book is the work of the engineers, architects, and writers at Sun Microsystems who conceptualized the services, wrote the procedures, and coded the Solaris OS’s security features. These authors bring a vast range of industry and academic experience to the business of creating and deploying secure operating systems. Authors include Glenn Brunette, Hai-May Chao, Martin Englund, Glenn Faden, Mark Fenwick, Valerie Anne Fenwick, Wyllys Ingersoll, Wolfgang Ley, Darren Moffat, Pravas Kumar Panda, Jan Pechanec, Mark Phalan, Darren Reed, Scott Rotondo, Christoph Schuba, Sharon Read Veach, Joep Vesseur, and Paul Wernau.

Read More Show Less

Table of Contents

Preface xv

About the Authors xix

Chapter 1: Solaris Security Services 1

1.1 A Solaris Security Story 1

1.2 Security Services in the Solaris OS 3

1.3 Configurable Security Services in the Solaris OS 5

Chapter 2: Hardening Solaris Systems 9

2.1 Securing Network Services 9

2.2 Configuration Hardening 16

2.3 Basic Audit and Reporting Tool 20

2.4 Signed ELF Filesystem Objects 22

2.5 Solaris Fingerprint Database (sfpDB) 23

Chapter 3: System Protection with SMF 29

3.1 Service Management Facility (SMF) 29

3.2 How SMF Configuration Works 30

3.3 Modifying Solaris Services Defaults 31

Chapter 4: File System Security 41

4.1 Traditional UNIX File System Security 41

4.2 ZFS/NFSv4 ACLs 48

4.3 Maintaining File System Integrity 52

4.4 UFS and NFSv4 Mount Options 57

4.5 ZFS Mount Options 58

4.6 ZFS Delegated Administration 59

Chapter 5: Privileges and Role-Based Access Control 63

5.1 Traditional UNIX Security Model 63

5.2 Solaris Fine-Grained Privileges 66

5.3 Solaris Role-Based Access Control 72

5.4 Privileges for System Services 90

Chapter 6: Pluggable Authentication Modules (PAM) 95

6.1 The PAM Framework 96

6.2 The PAM Modules 96

6.3 The PAM Configuration File 101

6.4 PAM Consumers 106

6.5 The PAM Library 109

6.6 PAM Tasks 110

Chapter 7: Solaris Cryptographic Framework 113

7.1 PKCS #11 Standard and Library 114

7.2 User-Level Commands 119

7.3 Administration of the Solaris Cryptographic Framework 122

7.4 Hardware Acceleration 125

7.5 Examples of Using the Cryptographic Framework 127

Chapter 8: Key Management Framework (KMF) 133

8.1 Key Management Administrative Utility 134

8.2 KMF Policy-Enforcement Mechanism 139

8.3 Key Management Policy Configuration Utility 140

8.4 KMF Programming Interfaces 142

Chapter 9: Auditing 145

9.1 Introduction and Background 145

9.2 Definitions and Concepts 147

9.3 Configuring Auditing 148

9.4 Analyzing the Audit Trail 157

9.5 Managing the Audit Trail 163

9.6 Common Auditing Customizations 165

Chapter 10: Solaris Network Security 169

10.1 IP Filter 169

10.2 What Is IPsec? 179

10.3 Solaris Secure Shell (SunSSH) 192

10.4 Configuring SunSSH 194

10.5 OpenSSL 199

10.6 Kerberos 201

10.7 Kerberos in the Solaris OS 204

10.8 Kerberos Administration 207

10.9 Application Servers 215

10.10 Interoperability with Microsoft Active Directory 217

Chapter 11: Zones Virtualization Security 221

11.1 The Concept of OS Virtualization: Introduction and Motivation 221

11.2 The Architecture of Solaris Zones 222

11.3 Getting Started with Zones 226

11.4 The Security Advantages of OS Virtualization 229

11.5 Monitoring Events in Zones 236

Chapter 12: Configuring and Using Trusted Extensions 239

12.1 Why Use Trusted Extensions? 239

12.2 Enabling Trusted Extensions 240

12.3 Getting Started 241

12.4 Configuring Your Trusted Network 243

12.5 Creating Users and Roles 248

12.6 Creating Labeled Zones 251

12.7 Using the Multilevel Desktop 254

Index 261

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)