Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Sun
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Securing Solaris 10

from [roescue] Network Security [Permanent Link]
Subject: Re: Securing Solaris 10
Date: Thu, 19 Oct 2006 13:00:15 -0400 

---- Glenn Brunette <Glenn.Brunette@Sun.COM> wrote: 


Jeff,

Sun has been working with the Center for Internet Security for
nearly four years on their Solaris guides to align them with
Sun's recommended practices and to ensure that the settings
recommended could be supported by Sun.  In fact, we are working
with CIS right now to update the Solaris 10 guide to account for
the changes made in the upcoming Solaris 10 11/06 release.

The only other guide which does cover some aspects of Solaris
10 is the current version of the DISA UNIX STIG.

Of course to automate the implementation and/or assessment of the
changes, you can use the Solaris Security Toolkit which is tool
developed and supported by Sun.  It can be found at:

    http://www.sun.com/security/jass/

I believe that there are a few settings recommended by CIS that
are not accounted for today in the Solaris Security Toolkit, but
the vast majority are.

All of the other documents and/or checklists of which I am aware
have not been updated for Solaris 10.

Glenn


jeffnjillian@gmail.com wrote:

All,

Has anyone out there found a good checklist or tool for securing Solaris 
10? I found the CISecurity benchmark, but I didn't know if there was 
anything else out there? I'm not very well versed on Solaris, but I have 
the task of double checking the admins to ensure it was locked down.  I 
haven't seen very many checklists posted for this version of Solaris yet.

Any suggestions?

Thanks in Advance,
Jeff



-- 
Glenn Brunette
Distinguished Engineer
Director, GSS Security Office
Sun Microsystems, Inc.


Glenn,

As someone who has to use the DISA STIG to secure systems Solaris and Linux 
systems, I would not recommend the current DISA STIG as guidance for anyone 
trying to secure a Solaris 10 system. From what I have read of DISA's current 
STIG (5.1) mentions Solaris 10 in 11 instances but does not go into any deatil 
on how to use the security features of the OS or any recommendations. Further, 
I just used the September release of the DISA SRR scripts (generally not 
available to the public) and found that some of them support Solaris 10, while 
other scripts do not.

If I was going to recommend documentation from the Government, I would 
recommend the NSA guides. The NSA has not released a guide for Solaris 10 
(yet), but I find their guides straightforward and cover securing the OS (and 
why) far better than anything DISA produces.


Robert Escue
System Administrator
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: LDAP in Unix, Mike Siedelberg
Next by Date:  Dealing with BSM Audit Logs, Crist J. Clark
Previous by Thread:  RE: Securing Solaris 10, Christian Lete Viesca
Next by Thread:  Dealing with BSM Audit Logs, Crist J. Clark
Indexes:  [Date] [Thread] [Top] [All Lists]