Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Sun
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Experiences using 'enhanced' Solaris features: BSM, extended ACLs, R

from [benjamin brumaire] Network Security [Permanent Link]
Subject: Re: Experiences using 'enhanced' Solaris features: BSM, extended ACLs, RBAC
Date: Mon, 21 Mar 2005 06:41:33 +0100
Regarding BSM you can start with the blueprint configuration and optimize it with some statistical works over your logfiles. For me, the real challenge is managing the logfiles and analysing it. Transforming a lot of raw data into added value is a long hard process. Solaris 10 helps in both situation with syslog integration and XML format. Companies like ISS or SRI provides some help and should be considered. Of course, if your have an accurate idea of what you are looking for, some perl scripting could do the job.

RBAC could help a lot in Solaris only environment. Management should be centralized to prevent a sysadmin and audit nightmare . Just the one you will get with sudo.

I never saw extended ACL in production environment.

To be honest, exept a handful projects where this tools were used, overall acceptance is quiet low. Ease of use and an unclear business value prohibit a wide usage. Sectools like this should be enable by default, solaris should use his own mechanisms better (autorizations, ppriv, ...) and better support for all the management issues should be provide.

regards
Benjamin

valken schrieb:

All,

I'm currently working on enhancing my company's Solaris standards. We are a
major accounting and professional services firm, and are involved in many
reviews of Solaris security from both audit and consulting perspectives.
There are many areas that I am in the process of testing and incorporating
into our methodology for these reviews, including BSM, extended ACLs and
RBAC. 

Most of the clients that I work with are not currently using any of these
functionalities in their Solaris environments.  I would be curious to hear
from anyone out there who is:

- using BSM to audit activities on their Solaris servers, including what
your experience was with tuning it to balance the detail of the audit trail
with the sheer amount of events it can generate,

- using extended ACLs to provide fine-grained access controls to files or
directories, or

- using RBAC to split up the power of the root account.



Thanks,



Valken



Valken007@yahoo.com







[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Experiences using 'enhanced' Solaris features: BSM, extended ACLs, RBAC, Darren J Moffat
Next by Date:  ipf and NIS, Kapetanakis Giannis
Previous by Thread:  Experiences using 'enhanced' Solaris features: BSM, extended ACLs, RBAC, valken
Next by Thread:  Re: Experiences using 'enhanced' Solaris features: BSM, extended ACLs, RBAC, Drew Simonis
Indexes:  [Date] [Thread] [Top] [All Lists]