Solaris 10 Security Essentials (Solaris System Administration Series)
Solaris™ 10 Security Essentials describes the various security technologies contained in the Solaris operating system. The book describes how to make installations secure and how to configure the OS to the particular needs of your environment, whether your systems are on the edge of the Internet or running a data center. The authors present the material in a straightforward way that makes a seemingly arcane subject accessible to system administrators at all levels.\ The strengths of the...
Search in google:
Solaris™ 10 Security Essentials describes the various security technologies contained in the Solaris operating system. The book describes how to make installations secure and how to configure the OS to the particular needs of your environment, whether your systems are on the edge of the Internet or running a data center. The authors present the material in a straightforward way that makes a seemingly arcane subject accessible to system administrators at all levels.The strengths of the Solaris operating system’s security model are its scalability and its adaptability. It can protect a single user with login authentication or multiple users with Internet and intranet configurations requiring user-rights management, authentication, encryption, IP security, key management, and more. This book is written for users who need to secure their laptops, network administrators who must secure an entire company, and everyone in between.The book’s topics include Zones virtualization security System hardening Trusted Extensions (Multi-layered Security) Privileges and role-based access control (RBAC) Cryptographic services and key management Auditing Network security Pluggable Authentication Modules (PAM)Solaris™ 10 Security Essentials is the first in a new series on Solaris system administration. It is a superb guide to deploying and managing secure computer environments.
Preface xvAbout the Authors xixChapter 1: Solaris Security Services 11.1 A Solaris Security Story 11.2 Security Services in the Solaris OS 31.3 Configurable Security Services in the Solaris OS 5Chapter 2: Hardening Solaris Systems 92.1 Securing Network Services 92.2 Configuration Hardening 162.3 Basic Audit and Reporting Tool 202.4 Signed ELF Filesystem Objects 222.5 Solaris Fingerprint Database (sfpDB) 23Chapter 3: System Protection with SMF 293.1 Service Management Facility (SMF) 293.2 How SMF Configuration Works 303.3 Modifying Solaris Services Defaults 31Chapter 4: File System Security 414.1 Traditional UNIX File System Security 414.2 ZFS/NFSv4 ACLs 484.3 Maintaining File System Integrity 524.4 UFS and NFSv4 Mount Options 574.5 ZFS Mount Options 584.6 ZFS Delegated Administration 59Chapter 5: Privileges and Role-Based Access Control 635.1 Traditional UNIX Security Model 635.2 Solaris Fine-Grained Privileges 665.3 Solaris Role-Based Access Control 725.4 Privileges for System Services 90Chapter 6: Pluggable Authentication Modules (PAM) 956.1 The PAM Framework 966.2 The PAM Modules 966.3 The PAM Configuration File 1016.4 PAM Consumers 1066.5 The PAM Library 1096.6 PAM Tasks 110Chapter 7: Solaris Cryptographic Framework 1137.1 PKCS #11 Standard and Library 1147.2 User-Level Commands 1197.3 Administration of the Solaris Cryptographic Framework 1227.4 Hardware Acceleration 1257.5 Examples of Using the Cryptographic Framework 127Chapter 8: Key Management Framework (KMF) 1338.1 Key Management Administrative Utility 1348.2 KMF Policy-Enforcement Mechanism 1398.3 Key Management Policy Configuration Utility 1408.4 KMF Programming Interfaces 142Chapter 9: Auditing 1459.1 Introduction and Background 1459.2 Definitions and Concepts 1479.3 Configuring Auditing 1489.4 Analyzing the Audit Trail 1579.5 Managing the Audit Trail 1639.6 Common Auditing Customizations 165Chapter 10: Solaris Network Security 16910.1 IP Filter 16910.2 What Is IPsec? 17910.3 Solaris Secure Shell (SunSSH) 19210.4 Configuring SunSSH 19410.5 OpenSSL 19910.6 Kerberos 20110.7 Kerberos in the Solaris OS 20410.8 Kerberos Administration 20710.9 Application Servers 21510.10 Interoperability with Microsoft Active Directory 217Chapter 11: Zones Virtualization Security 22111.1 The Concept of OS Virtualization: Introduction and Motivation 22111.2 The Architecture of Solaris Zones 22211.3 Getting Started with Zones 22611.4 The Security Advantages of OS Virtualization 22911.5 Monitoring Events in Zones 236Chapter 12: Configuring and Using Trusted Extensions 23912.1 Why Use Trusted Extensions? 23912.2 Enabling Trusted Extensions 24012.3 Getting Started 24112.4 Configuring Your Trusted Network 24312.5 Creating Users and Roles 24812.6 Creating Labeled Zones 25112.7 Using the Multilevel Desktop 254Index 261
