Version 1.4
1/5/2004

Securing a Solaris Server

This web page is a merging of the published security suggestions of several people. These people include Lance Spitzner, Keith Watson and Alex Noordergraaf, among others. It combines, and extends, their ideas using the paranoia I've learned through 22 years of working in the computer field. More information on the source papers can be found in the bibliography.

In addition, several people at the San Diego Supercomputer Center (SDSC) assisted me with this web page. That help included: a) Pointing me to additional reference papers, b) Helping with some of the more esoteric technical issues, and c) Proofreading to find glaring technical errors.

Finally, Stephanie Gates of The Scripps Research Institute (TSRI) was of enormous assistance in the final editing.

This web page was written specifically for the initial release of Solaris 8. Most of the functions performed here will also work on other versions of Solaris, but the exact procedure (file names and variables) may change. Additionally, many of the topics covered in this web page are applicable to other versions of UNIX, and to non-Server systems.

Table of Contents:

  1. Introduction
  2. History of this Web Page
  3. Overview
  4. Network Topology
  5. System Hardware Configuration
  6. Initial Installation
  7. Minimizing Solaris
  8. Minimizing Network Services
  9. Remove the Solaris Installation Leftovers
  10. Install Necessary Third Party Packages
  11. Close the Doors
  12. Obscure the Tracks
  13. Post the Warnings
  14. Perform System Backups
  15. Watch for Changes
  16. Sources of Tools
  17. Bibliography

---------------

 
Purchase Policies Contact ACCS Aout ACCS Home Papers & Projects Services Products

1. Introduction

I have 22 years experience in the computer field. Three of these were as a computer operator, and nineteen as a programmer. The last six years, I've also had to do hardware work. I guess that makes me a programmer with a screwdriver. Scary, isn't it?

I've been employed by Cray, Inc. as a Customer Engineer for the San Diego Supercomputer Center (SDSC). I previously worked for the Atlantic Research Corporation (now a part of Computer Sciences Corporation) and Logicon (now a part of Northrop-Grumman).

I was first introduced to the concept of computer security in 1980, when I worked for the government as a computer operator. In 1983, I worked for Logicon developing a Multilevel Secure Operating System. In 1987, I worked for Atlantic Research Corporation developing a B1 secure DBMS command and data filtering system (TruData).

From 1990 to 2001, I worked for Cray. The average Cray customer pays quite a bit for their computer, and they expect to get the full capabilities of what they bought. They do not expect to have it stolen by a resource thief. As part of my job, I've been asked, on occasion, to help ensure that the systems I worked on were appropriately secure.

    Next

If you have any comments or suggestions, please E-mail webmaster@accs.com

© 2004 - Ashford Computer Consulting Service