Hack Proofing Sun Solaris 8

1. Configure Default Settings on a Newly Installed Solaris 8 System
Review the basics of testing, monitoring, and documenting security procedures.

2. Learn about Third-Party Security Tools to Secure and Monitor Systems
You will find recommendations of valuable tools to have on hand, where to get them, and how to configure them.

3. Manage How Users Are Authenticated
Securely identify your users, reject those who don't belong, log failed access attempts, and revise the system as new threats arise.

4. Understand How to Secure Your Files
Configure file permissions and commonly used protocols such as FTP and NFS to transfer information safely.

5. Explore Options for Providing Secure Network Services
Provide secure access on both sides of the router.

6. Provide Secure DNS and DHCP Services to Network Clients
Harden your Solaris systems' network services so an attacker won't easily succeed with remote attacks.

7. Configure a Secure Web and E-Mail Server
Provide your network users secure and stable access to e-mail and the Internet.

8. Configure Solaris to Be a Router and Provide Firewall Services
See why Solaris is a good choice for a router. Combat Code Red! Use Perl scripts to identify the Code Red URL and counter attack.

9. Register for Your 1 Year Upgrade
The Syngress Solutions upgrade plan protects you from content obsolescence and provides monthly mailings, whitepapers, and more!

• Foreword xxi

• Introduction 2
• Exposing Default Solaris Security Levels 2
• Altering Default Permissions 2
• Making Services Available after Installation 4
• Working with Default Environmental Settings 7
• Evaluating Current Solaris Security Configurations 9
• Evaluating Network Services 9
• Evaluating Network Processes 11
• Monitoring Solaris Systems 14
• Using the sdtprocess and sdtperfmeter Applications 14
• Monitoring Solaris Logfiles 16
• Testing Security 18
• Testing Passwords 18
• Testing File Permissions 20
• Securing against Physical Inspections 21
• Securing OpenBoot 21
• Documenting Security Procedures and Configurations 22
• Documenting Security Procedures 22
• Documenting System Configurations 24

• Introduction 34
• The Orange Book 35
• Choosing Solaris 8 C2 Security 38
• Configuring Auditing 40
• Managing the Audit Log 42
• Understanding Auditing Classifications 43
• Configuring Auditing 44
• Extracting and Analyzing Auditing Data 45
• Choosing Trusted Solaris 8 47
• Using Trusted Solaris 8's B1-Level Security 48
• Understanding the Concept of Mandatory Access Control 50
• Administrative Labels 53
• Auditing and Analyzing Trusted Solaris 8 54
• Solaris 8 Security Enhancements 55
• Using SunScreen Secure Net 55
• Utilizing SunScreen SKIP 56
• Using the Solaris Security Toolkit Working with the Solaris Security 58
• Using OpenSSH 59

• Introduction 68
• Detecting Vulnerabilities with Portscanning 71
• Advanced Portscanning 76
• Discovering Unauthorized Systems Using IP Scanning 77
• Using the arp Command on Solaris 79
• Detecting Unusual Traffic with Network Traffic Monitoring 81
• Using Snoop 82
• Using Snort 83
• Using a Dedicated Sniffer 86
• Using Sudo 88

• Introduction 100
• Creating Secure Group Memberships 101
• Role-Based Access Control 103
• Understanding Solaris User Authentication 104
• Authenticating Users with NIS and NIS+ 107
• Authenticating Users with Kerberos 109
• Authenticating Users with the Pluggable Authentication Modules 115

• Introduction 128
• Establishing Permissions and Ownership 129
• Access Control Lists 132
• Role-Based Access Control 135
• Changing Default Settings 138
• Using NFS 142
• Locking Down FTP Services 145
• Using Samba 147
• Monitoring and Auditing File Systems 151

• Introduction 160
• Configuring Solaris as a DHCP Server 160
• Using the dhcpmgr GUI Configuration Tool 161
• Using the dhcpconfig Command-Line Tool 170
• Securing DNS Services on Solaris 173
• Using BIND 174
• Configuring Solaris to Provide Anonymous FTP Services 181
• Using X-Server Services Securely 182
• Using Host-Based Authentication 183
• Using User-Based Authentication 183
• Using X-Windows Securely with SSH 186
• Using Remote Commands 187
• Using Built-In Remote Access Methods 187
• Using SSH for Remote Access Enabling Password Free Logins with 189

• Introduction 200
• Configuring the Security Features of an Apache Web Server 201
• Limiting CGI Threats 203
• Using Virtual Hosts 206
• Monitoring Web Page Usage and Activity 206
• Configuring the Security Features of Sendmail 209
• Stopping the Relay-Host Threat 213
• Tracking Attachments 215

• Introduction 224
• Configuring Solaris as a Secure Router 224
• Reasoning and Rationale 225
• Routing Conditions 225
• Configuring for Routing 229
• Security Optimization 233
• Security Implications 233
• Unconfiguring Solaris Routing 236
• Routing IP Version 6 237
• Configuration Files 238
• IPv6 Programs 242
• IPv6 Router Procedure 245
• Stopping IPv6 Routing 246
• IP Version 6 Hosts 247
• Automatic Configuration 247
• Manual Configuration 248
• Configuring Solaris as a Secure Gateway 250
• Configuring Solaris as a Firewall 250
• General Firewall Theory 251
• General Firewall Design 252
• SunScreen Lite 253
• IP Filter 254
• Using NAT 254
• Guarding Internet Access with Snort 255
• Snort Configuration File 256
• Snort Log Analysis 257

• Introduction 266
• The Default Settings of a Squid Installation 266
• Configuring Squid 266
• The http_port Tag 267
• The cache_dir Tag 267
• Access Control Lists 269
• Configuring SNMP 271
• Configuring the cachemgr.cgi Utility 272
• New in Squid 2.4--Help for IE Users! 274
• Configuring Access to Squid Services 274
• The Basics of Basic-Auth 274
• Access Control for Users 275
• Access Control Lifetime 276
• Configuring Proxy Clients 277
• Excluding Access to Restricted Web Sites 281
• Filtering Content by URL 281
• Filtering by Destination Domain 282
• Filtering by MIME Type 282
• Filtering by Content-Length Header 283

• Introduction 288
• Securing against Denial of Service Hacks 288
• Ping of Death 289
• Syn Flood 290
• E-Mail Flood 294
• Securing against Buffer Overflow Hacks 295
• Buffer Overflow against a Web Server 302
• Buffer Overflow against an FTP Server 305
• Securing against Brute Force Hacks 306
• Defending against Password Crackers 308
• Securing against Trojan Horse Hacks 309
• Defending against Rootkits 309
• Defusing Logic Bombs 311
• Defending against PATH and Command Substitution 313
• Securing against IP Spoofing 314
• Securing Your rhosts File 316
• MAC Address Spoofing 316

• Introduction 326
• Monitoring for Hacker Activity 326
• Using Tripwire 326
• Using Shell Scripts to Alert Systems Administrators 335
• What to Do Once You've Detected a Hack 340
• What's a Honeypot? 340
• Monitoring Solaris Log Files 346
• Solaris Log Files to Review 347
• Creating Daily Reports 350
• A State-of-the-System Report 350
• Hack Proofing Sun Solaris 8 Fast Track 361
• Index 381