Solaris™ 9 Operating Environment Security Tips
Mark Thacker
The launch of Solaris 9™ Operating Environment (OE) brings a new level
of default security to Sun systems administrators. In this article, I will explore
a few of these new features with the goal of helping you create a more secured
system as soon as possible. Because the features covered here are part of the
standard Solaris distribution, they are fully supported and will be enhanced over
time. The reference material provided in this article has been borrowed heavily
from the existing Solaris 9 OE System Administration documentation as well as
public whitepapers and BluePrints to which you can refer for more in-depth information.
Network Security
The following technologies will help protect your system from network-based attacks. This list is certainly not exhaustive, but it is a beginning.
The Solaris™ Secure Shell Software
The Solaris 9 OE includes a full implementation of the Solaris Secure Shell remote access protocol that is integrated with kernel (Basic Security Module — BSM) auditing, internationalization, pluggable authentication modules (PAM), and TCP Wrappers. Secure Shell provides encryption, privacy and public key authentication of hosts and userid as a replacement for the less secure commands, such as telnet, rsh, rcp, etc. Sun’s product is based on OpenSSH, but all updates and patches will be released by Sun.
So, how do you use Secure Shell software in the Solaris 9 OE? Many of the basics are already done for you. For example, the /etc/rc2.d/S89sshd creates host key for you automatically, and 128-bit encryption is already built-in using the AES, 3DES, and Blowfish cryptography algorithms. Essentially, all you need to do is to generate your own personal keys and start using the /usr/bin/ssh command.
|
