Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.

Slides:



Advertisements
Similar presentations
1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Advertisements

Va-scanCopyright 2002, Marchany Securing Solaris – Using syslogs during an Intrusion Randy Marchany.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Syslogd Tracking system events. Log servers Applications are constantly encountering events which should be recorded –users attempt to login with bad.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.
Installing and Configuring a Secure Web Server COEN 351 David Papay.
Voyager Server Security and Monitoring Best practices and tools.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
WebReport/400 TCP/IP Configuration Presented by Kisco Information Systems.
Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.
PacNOG 6: Nadi, Fiji Installing Ubuntu Server 9.04 Hervey Allen Network Startup Resource Center.
Technical Overview Qube 2. Presentation I. Solutions –A Gateway to the World –A Business Server –An Internet Server –An Server II. Concept –Server.
Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.
Va-scanCopyright 2002, Marchany Unit 3 – Installing Solaris Randy Marchany VA Tech Computing Center.
Ch 8-3 Working with domains and Active Directory.
1 Linux Networking and Security Chapter 3. 2 Configuring Client Services Configure DNS name resolution Configure dial-up network access using PPP Understand.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Name Resolution Domain Name System.
LANDesk Management Gateway
Chapter 10 Networking and the Internet ITSC 1458.
CIS 218 Advanced UNIX 1 User and System Information CIS 218.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Nicholas A. Hay Technology Director Jefferson Schools KEY MANAGEMENT SERVICES.
ITI-481: Unix Administration Meeting 5. Today’s Agenda Network Information Service (NIS) The Cron Program Syslogd and Logging.
Microsoft Internet Information Services 5.0 (IIS) By: Edik Magardomyan Fozi Abdurhman Bassem Albaiady Vince Serobyan.
IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.
The Microsoft Baseline Security Analyzer A practical look….
ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
TELE 301 Lecture 10: Scheduled … 1 Overview Last Lecture –Post installation This Lecture –Scheduled tasks and log management Next Lecture –DNS –Readings:
Internet Information Server Name : Yao Gu Date : 10-June-2000 COSC : 573.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
CIS 192B – Lesson 3 Network Information Services.
CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
Networking in Linux: a brief overview. TCP/IP  TCP/IP concepts we have seen are applicable to Linux (a version of UNIX, where TCP/IP started)  Some.
TCOM Information Assurance Management System Hacking.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Linux Services Configuration
Host Security Overview Onion concept of security Defense in depth How secure do you need to be? You can only reduce risk Tradeoffs - more security means:
CIS 192B – Lesson 2 Domain Name System. CIS 192B – Lesson 2 Types of Services Infrastructure –DHCP, DNS, NIS, AD, TIME Intranet –SSH, NFS, SAMBA Internet.
Unix network Services. Configuring a network interface In Unix there are essentially two commands that are used to enable TCP/IP. ifconfig route.
VIRTUAL HOSTING WITH PureFTPd And MYSQL (Quota And Bandwidth Management) BY Odoh Kenneth Emeka Sun Yu Patrick Appiah.
Website Design:. Once you have created a website on your hard drive you need to get it up on to the Web. This is called "uploading“ or “publishing” or.
Unit – 5 FTP Server. FTP Introduction One of the oldest and most commonly used protocols The original specification for the File Transfer Protocol was.
Installing VERITAS Cluster Server. Topic 1: Using the VERITAS Product Installer After completing this topic, you will be able to install VCS using the.
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
Operating Environment. Installation and Upgrade Options Solaris suninstall program Solaris Web Start Installation Custom Jumpstart procedure Standard.
Vmware 2V0-621D Vmware Exam Questions & Answers VMware Certified Professional 6 Presents
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Pass Microsoft Installing and Configuring Windows Server 2012 exam in just 24 HOURS! 100% REAL EXAM QUESTIONS ANSWERS Microsoft Installing.
1 E-Site - FTP Services Setup / install guide. 2 About FTP services can run on any desired port(s) Runs as a windows service Works for all sites installed.
PRESENTED BY ALI NASIR BITF13M040 AMMAR HAIDER BITF13M016 SHOIAB BAJWA BITF13M040 AKHTAR YOUNAS BITF13M019.
Enumeration.
COP 4343 Unix System Administration
COP 4343 Unix System Administration
APRICOT 2008 Network Management Taipei, Taiwan February 20-24, 2008
LINUX ADMINISTRATION 1
MCSA VCE
Log management AfNOG 2008 Rabat, Morocco.
Welcome To : Group 1 VC Presentation
IS3440 Linux Security Unit 6 Using Layered Security for Access Control
Chapter 27: System Security
Configuration Of A Pull Network.
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany

va-scanCopyright 2002, Marchany General Strategy  Most Solaris security checklists recommend installing the minimum set of software needed to run the system.  Most sysadmins don’t do this.  General strategy – Remove all privilege and access and grant or enable only what is needed. – Enable as much system logging as possible!

va-scanCopyright 2002, Marchany Two Strategies  Use the SANS Securing Solaris checklist  Use the Center for Internet Security Securing Solaris Benchmark  Use the CERT Securing Solaris Server checklist. – Use the SANS or CIS checklists when the CERT checklist recommends it.

va-scanCopyright 2002, Marchany Solaris Installation  Disconnect the system from the net? – Optional  Download patches, other software to another machine if possible.  Obtain the following information – IP name, IP address, subnet mask, default gateway, DNS server, Domain name, Time Zone

va-scanCopyright 2002, Marchany Solaris Installation  Boot time configuration – SANS Guide steps , Basic OS Installation – Step 1.1.5, select ‘other’.  Minimal OS installation (optional) – SANS Guide steps , select “system accounting”.

va-scanCopyright 2002, Marchany Solaris Hardening  Remove all packages not needed for the operation of the server.  Verify /etc/hostname. contains only the machine name.  Verify /etc/inet/hosts (aka /etc/hosts) contains the following entries: – localhost – FQDN UQHN loghost – central syslog server (optional)

va-scanCopyright 2002, Marchany Solaris Hardening  Verify /etc/nsswitch.conf contains the following entry: – hosts: files dns  Verify /etc/netmasks contains: – – SANS guide steps – 1.35, Post Install/networking configuration – Pick a secure password for the root account – SANS guide steps , Installing Patches

va-scanCopyright 2002, Marchany Solaris Hardening  Installing patches takes time, about 1 hour.  It’s CRITICAL that you install the most current set of patches. Check security patches at least once a month. Use tools like patchdiag or GASP to make installation easier.  Install Tripwire.  Install SSH

va-scanCopyright 2002, Marchany Solaris Hardening  SANS Guide step 2.1.1, purging boot directories of Unnecessary Services  SANS Guide step , 2.1.7, 2.1.8, 2.1.9, – Set umask to 027  Remove all services from /etc/inet.conf  SANS Guide , Cleaning House

va-scanCopyright 2002, Marchany Solaris Hardening  Install TCP Wrappers  SANS Guide , file system configuration  Set enhanced syslog logging – Set debug level for kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, local0-7  SANS Guide , Additional Logging

va-scanCopyright 2002, Marchany Solaris Hardening  Sendmail – Obtain updated sendmail kit via anonymous ftp. One such site is: ftp.vt.edu/pub/cc/Solaris/sendmail*2.8*  SANS guide  SANS guide , Miscellaneous

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.