Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Solaris auditing/hardening

from [Gideon T. Rasmussen, CISSP, CISA, CISM, CFSO, SCSA] Network Security [Permanent Link]
Subject: Solaris auditing/hardening
Date: Sun, 30 Jan 2005 14:58:08 -0500 
I just sent an e-mail to a gent I met at a UNIX auditing course. Thought it 
might be of interest...



To take a quick Solaris security audit, use the CIS Solaris bench marking tool 
(http://www.cisecurity.org/bench_solaris.html). It produces a vulnerability 
assessment report. There is a corresponding Solaris hardening standard on the 
same page.

My Solaris hardening recommendations can be found at: 
http://www.sun.com/bigadmin/content/submitted/Solaris_build_document.pdf

Additional Solaris hardening resources can be found at:

http://www.sun.com/blueprints/browsesubject.html#security
http://www.nsa.gov/snac/downloads_sunsol.cfm?MenuID=scg10.3.1.1

The usual hardening disclaimers apply here. Test in a non production 
environment and conduct thorough functionality testing...

You may also want to take a look at my INFOSEC site 
(http://www.ussecurityawareness.org). It has auditing resources you may find of 
interest.

Contact me if you have any questions or comments.

Kind regards,

Gideon

Gideon T. Rasmussen
CISSP, CISA, CISM, CFSO, SCSA
Boca Raton, FL
gideon@infostruct.net




[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Solaris auditing/hardening, Gideon T. Rasmussen, CISSP, CISA, CISM, CFSO, SCSA <=
Previous by Date:  RE: RPC over HTTP security, Shawn Wall
Next by Date:  Re: Apache attacks, miguel . dilaj
Previous by Thread:  what is the good way against reverse telnet?, Monty Ree
Next by Thread:  WASC-Articles: "The 80/20 Rule for Web Application Security", robert
Indexes:  [Date] [Thread] [Top] [All Lists]