Presentation is loading. Please wait.

Presentation is loading. Please wait.

Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.

Published byConstance Ray Modified over 8 years ago

Similar presentations

Presentation on theme: "Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany."— Presentation transcript:

1 va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany

2 va-scanCopyright 2002, Marchany General Strategy  Most Solaris security checklists recommend installing the minimum set of software needed to run the system.  Most sysadmins don’t do this.  General strategy – Remove all privilege and access and grant or enable only what is needed. – Enable as much system logging as possible!

3 va-scanCopyright 2002, Marchany Two Strategies  Use the SANS Securing Solaris checklist  Use the Center for Internet Security Securing Solaris Benchmark  Use the CERT Securing Solaris Server checklist. – Use the SANS or CIS checklists when the CERT checklist recommends it.

4 va-scanCopyright 2002, Marchany Solaris Installation  Disconnect the system from the net? – Optional  Download patches, other software to another machine if possible.  Obtain the following information – IP name, IP address, subnet mask, default gateway, DNS server, Domain name, Time Zone

5 va-scanCopyright 2002, Marchany Solaris Installation  Boot time configuration – SANS Guide steps 1.1.1-1.1.8, Basic OS Installation – Step 1.1.5, select ‘other’.  Minimal OS installation (optional) – SANS Guide steps 1.2.1-1.2.7, select “system accounting”.

6 va-scanCopyright 2002, Marchany Solaris Hardening  Remove all packages not needed for the operation of the server.  Verify /etc/hostname. contains only the machine name.  Verify /etc/inet/hosts (aka /etc/hosts) contains the following entries: – 127.0.0.1 localhost – FQDN UQHN loghost – central syslog server (optional)

7 va-scanCopyright 2002, Marchany Solaris Hardening  Verify /etc/nsswitch.conf contains the following entry: – hosts: files dns  Verify /etc/netmasks contains: – – SANS guide steps 1.3.1 – 1.35, Post Install/networking configuration – Pick a secure password for the root account – SANS guide steps 1.4.2-1.4.7, Installing Patches

8 va-scanCopyright 2002, Marchany Solaris Hardening  Installing patches takes time, about 1 hour.  It’s CRITICAL that you install the most current set of patches. Check security patches at least once a month. Use tools like patchdiag or GASP to make installation easier.  Install Tripwire.  Install SSH

9 va-scanCopyright 2002, Marchany Solaris Hardening  SANS Guide step 2.1.1, purging boot directories of Unnecessary Services  SANS Guide step 2.1.2-2.1.5, 2.1.7, 2.1.8, 2.1.9, 2.1.10 – Set umask to 027  Remove all services from /etc/inet.conf  SANS Guide 2.2.1-2.2.5, Cleaning House

10 va-scanCopyright 2002, Marchany Solaris Hardening  Install TCP Wrappers  SANS Guide 2.3.1-2.3.3, file system configuration  Set enhanced syslog logging – Set debug level for kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, local0-7  SANS Guide 2.4.3-2.4.4, Additional Logging

11 va-scanCopyright 2002, Marchany Solaris Hardening  Sendmail – Obtain updated sendmail kit via anonymous ftp. One such site is: ftp.vt.edu/pub/cc/Solaris/sendmail*2.8*  SANS guide 2.6.1-2.6.5  SANS guide 2.7.1-2.7.9, Miscellaneous

Download ppt "Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany."

Similar presentations

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Va-scanCopyright 2002, Marchany Securing Solaris – Using syslogs during an Intrusion Randy Marchany.

Va-scanCopyright 2002, Marchany Securing Solaris – Using syslogs during an Intrusion Randy Marchany.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Syslogd Tracking system events. Log servers Applications are constantly encountering events which should be recorded –users attempt to login with bad.

Syslogd Tracking system events. Log servers Applications are constantly encountering events which should be recorded –users attempt to login with bad.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.

Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost 127.0.0.1 (loopback address)  Internal networks 

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Voyager Server Security and Monitoring Best practices and tools.

Voyager Server Security and Monitoring Best practices and tools.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
WebReport/400 TCP/IP Configuration Presented by Kisco Information Systems.

WebReport/400 TCP/IP Configuration Presented by Kisco Information Systems.
Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.

Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.
PacNOG 6: Nadi, Fiji Installing Ubuntu Server 9.04 Hervey Allen Network Startup Resource Center.

PacNOG 6: Nadi, Fiji Installing Ubuntu Server 9.04 Hervey Allen Network Startup Resource Center.
Technical Overview Qube 2. Presentation I. Solutions –A Gateway to the World –A Business Server –An Internet Server –An Email Server II. Concept –Server.

Technical Overview Qube 2. Presentation I. Solutions –A Gateway to the World –A Business Server –An Internet Server –An Server II. Concept –Server.
Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.

Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.
Va-scanCopyright 2002, Marchany Unit 3 – Installing Solaris Randy Marchany VA Tech Computing Center.

Va-scanCopyright 2002, Marchany Unit 3 – Installing Solaris Randy Marchany VA Tech Computing Center.
Ch 8-3 Working with domains and Active Directory.

Ch 8-3 Working with domains and Active Directory.
1 Linux Networking and Security Chapter 3. 2 Configuring Client Services Configure DNS name resolution Configure dial-up network access using PPP Understand.

1 Linux Networking and Security Chapter 3. 2 Configuring Client Services Configure DNS name resolution Configure dial-up network access using PPP Understand.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Similar presentations

Ads by Google