Hack Proofing Sun Solaris 8

Foreword
Chapter 1 Introducing Solaris Security: Evaluating Your Risk
Introduction
Exposing Default Solaris Security Levels
Altering Default Permissions
Making Services Available after Installation
Working with Default Environmental Settings
Evaluating Current Solaris Security Configurations
Evaluating Network Services
Evaluating Network Processes
Monitoring Solaris Systems
Using the sdtprocess and sdtperfmeter Applications
Monitoring Solaris Logfiles
Testing Security
Testing Passwords
Testing File Permissions
Securing against Physical Inspections
Securing OpenBoot
Documenting Security Procedures and Configurations
Documenting Security Procedures
Documenting System Configurations
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2 Securing Solaris with the Bundled Security Tools
Introduction
The Orange Book
Choosing Solaris 8 C2 Security
Configuring Auditing
Managing the Audit Log
Understanding Auditing Classifications
Configuring Auditing
Extracting and Analyzing Auditing Data
Choosing Trusted Solaris 8
Using Trusted Solaris 8’s B1-Level Security
Understanding the Concept of Mandatory Access Control
Administrative Labels
Auditing and Analyzing Trusted Solaris 8
Solaris 8 Security Enhancements
Using SunScreen Secure Net
Utilizing SunScreen SKIP
Using the Solaris Security Toolkit
Using OpenSSH
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3 Securing Solaris with Freeware Security Tools
Introduction
Detecting Vulnerabilities with Portscanning
Advanced Portscanning
Discovering Unauthorized Systems Using IP Scanning
Using the arp Command on Solaris
Detecting Unusual Traffic with Network Traffic Monitoring
Using Snoop
Using Snort
Using a Dedicated Sniffer
Using Sudo
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 Securing Your Users
Introduction
Creating Secure Group Memberships
Role-Based Access Control
Understanding Solaris User Authentication
Authenticating Users with NIS and NIS+
Authenticating Users with Kerberos
Authenticating Users with the Pluggable Authentication Modules
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 Securing Your Files
Introduction
Establishing Permissions and Ownership
Access Control Lists
Role-Based Access Control
Changing Default Settings
Using NFS
Share and Share Alike
Locking Down FTP Services
Using Samba
Monitoring and Auditing File Systems
Summary 1
Solutions Fast Track
Frequently Asked Questions
Chapter 6 Securing Your Network
Introduction
Configuring Solaris as a DHCP Server
Using the dhcpmgr GUI Configuration Tool
Using the dhcpconfig Command-Line Tool
Securing DNS Services on Solaris
Using BIND
Configuring Solaris to Provide Anonymous FTP Services
Using X-Server Services Securely
Using Host-Based Authentication
Using User-Based Authentication
Using X-Windows Securely with SSH
Using Remote Commands
Using Built-In Remote Access Methods
Using SSH for Remote Access
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7 Providing Secure Web and Mail Services
Introduction
Configuring the Security Features of an Apache Web Server
Limiting CGI Threats
Using Virtual Hosts
Monitoring Web Page Usage and Activity
Configuring the Security Features of Sendmail
Stopping the Relay-Host Threat
Tracking Attachments
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8 Configuring Solaris as a Secure Router and Firewall
Introduction
Configuring Solaris as a Secure Router
Reasoning and Rationale
Routing Conditions
Configuring for Routing
Security Optimization
Security Implications
Unconfiguring Solaris Routing
Routing IP Version 6
Configuration Files
IPv6 Programs
IPv6 Router Procedure
Stopping IPv6 Routing
IP Version 6 Hosts
Automatic Configuration
Manual Configuration
Configuring Solaris as a Secure Gateway
Configuring Solaris as a Firewall
General Firewall Theory
General Firewall Design
SunScreen Lite
IP Filter
Using NAT
Guarding Internet Access with Snort
Snort Configuration File
Snort Log Analysis
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9 Using Squid on Solaris
Introduction
The Default Settings of a Squid Installation
Configuring Squid
The http_port Tag
The cache_dir Tag
Access Control Lists
Configuring SNMP
Configuring the cachemgr.cgi Utility
New in Squid 2.4—Help for IE Users
Configuring Access to Squid Services
The Basics of Basic-Auth
Access Control for Users
Access Control Lifetime
Configuring Proxy Clients
Excluding Access to Restricted Web Sites
Filtering Content by URL
Filtering by Destination Domain
Filtering by MIME Type
Filtering by Content-Length Header
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 10 Dissecting Hacks
Introduction
Securing against Denial of Service Hacks
Ping of Death
Syn Flood
E-Mail Flood
Securing against Buffer Overflow Hacks
Buffer Overflow against a Web Server
Buffer Overflow against an FTP Server
Securing against Brute Force Hacks
Defending against Password Crackers
Securing against Trojan Horse Hacks
Defending against Rootkits
Defusing Logic Bombs
Defending against PATH and Command Substitution
Securing against IP Spoofing
Securing Your .rhosts File
MAC Address Spoofing
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 11 Detecting and Denying Hacks
Introduction
Monitoring for Hacker Activity
Using Tripwire
Using Shell Scripts to Alert Systems Administrators
Monitoring Running Processes
Monitoring CPU Activity
Putting It All Together
What to Do Once You’ve Detected a Hack
What’s a Honeypot
Monitoring Solaris Log Files
Solaris Log Files to Review
Creating Daily Reports
A State-of-the-System Report
Summary
Solutions Fast Track
Frequently Asked Questions
Hack Proofing Sun Solaris 8 Fast Track
Index 381