Laptop and Data Security 24/7/365
 |
Home | Testimonials | Buy | Screenshots | About Us | Support | Login |
|
|
|
|
|
|
|
|
Table of Contents
FOREWORD |
.................................................................................. |
1 |
INTRODUCTION |
.................................................................................. |
2 |
CHAPTER 1: INSTALLATION SECURITY |
.................................................................................. |
4 |
1.1. Planning a Secure Installation |
.................................................................................. |
4 |
1.2. Installing the Operating System |
.................................................................................. |
6 |
1.3. Preparing for Secure JumpStart Installation |
.................................................................................. |
7 |
1.4. Applying the Latest Security Patches |
.................................................................................. |
11 |
CHAPTER 2: PHYSICAL ACCESS SECURITY |
.................................................................................. |
15 |
2.1. Preventing Hardware Command Execution at the OpenBoot PROM Level |
.................................................................................. |
15 |
2.2. Preventing Systems from Booting the OS without the Correct OpenBoot PROM Password |
.................................................................................. |
17 |
2.3. Preventing EEPROM Password Guessing |
.................................................................................. |
18 |
2.4. Displaying a Legal Power-On Banner |
.................................................................................. |
18 |
2.5. Unplugging a Keyboard from a Running Machine |
.................................................................................. |
19 |
2.6. Disabling Stop-A or L1-A on the Console Keyboard or Changing a Default Abort Sequence |
.................................................................................. |
20 |
2.7. Turning Off Floppy and CD-ROM Eject Capabilities |
.................................................................................. |
23 |
2.8. Preventing the Operating System from Automatically Mounting a CD-ROM or Floppy |
.................................................................................. |
23 |
CHAPTER 3: USER ACCOUNT AND GROUP SECURITY |
.................................................................................. |
25 |
3.1. Restricting Use of the su Command |
.................................................................................. |
25 |
3.2. Restricting Use of the chown Command |
.................................................................................. |
26 |
3.3. Locking User Accounts |
.................................................................................. |
26 |
3.4. Setting User Account Expiry Dates |
.................................................................................. |
27 |
3.5. Changing Minimum and Maximum Password Lengths |
.................................................................................. |
28 |
3.6. Preventing Password Changes |
.................................................................................. |
29 |
3.7. Limiting CPU and Memory Usage |
.................................................................................. |
30 |
3.8. Controlling Use of the cron and at Utilities |
.................................................................................. |
31 |
3.9. Restricting Logins for a Specific User |
.................................................................................. |
32 |
3.10. Restricting Logins for a Specific Group of Users |
.................................................................................. |
34 |
3.11. Restricting Login by Day of the Week or Time of Day |
.................................................................................. |
35 |
3.12. Restricting Specific Users from Accessing a Particular Machine |
.................................................................................. |
37 |
3.13. Temporarily Disabling User Logins |
.................................................................................. |
38 |
3.14. Monitoring Who Is Using the su Command |
.................................................................................. |
39 |
3.15. Displaying Users' Login Status |
.................................................................................. |
40 |
3.16. Displaying Users With Missing Passwords |
.................................................................................. |
41 |
CHAPTER 4: FILES, PERMISSIONS, AND ACCESS CONTROL |
.................................................................................. |
43 |
4.1. Understanding Permissions Inheritance |
.................................................................................. |
44 |
4.2. Using Permissions Inheritance to Protect Files in Directories |
.................................................................................. |
45 |
4.3. Restricting Users from the Same Group from Accessing Certain Files and Directories |
.................................................................................. |
46 |
4.4. Understanding Access Control Lists |
.................................................................................. |
47 |
4.5. Using ACL to Allow Only One Person in My Group to Write/Execute My File |
.................................................................................. |
49 |
4.6. Understanding Role-Based Access Control (RBAC) |
.................................................................................. |
51 |
4.7. Using RBAC to Allow Help Desk Personnel to Change User Passwords |
.................................................................................. |
60 |
4.8. Mounting File Systems as Read-Only |
.................................................................................. |
63 |
4.9. Protecting File Systems from DoS (Denial-of-Service) Attacks |
.................................................................................. |
64 |
4.10. Finding SUID/SGID Files on the System |
.................................................................................. |
66 |
4.11. Purging Temporary Files in /usr/tmp, /var/tmp, and /tmp Directories |
.................................................................................. |
66 |
4.12. Safely Editing Another User's Crontab File as Root |
.................................................................................. |
67 |
4.13. Backing Up Files with ACL |
.................................................................................. |
68 |
4.14. Recursively Setting ACL on Files in Subdirectories |
.................................................................................. |
70 |
4.15. Setting the Same ACL on Two Files |
.................................................................................. |
70 |
4.16. Finding all Files with ACL Set Up for a Specific User |
.................................................................................. |
70 |
4.17. Making all Newly Created Files Inherit a Directory's ACL |
.................................................................................. |
72 |
4.18. Ensuring that the Sticky Bit Mode is Set for the /tmp Directory |
.................................................................................. |
73 |
4.19. Setting the Default umask to Exclude World Access |
.................................................................................. |
74 |
CHAPTER 5: SYSTEM MONITORING AND AUDITING |
.................................................................................. |
76 |
5.1. Using snoop for LAN Monitoring |
.................................................................................. |
77 |
5.2. Monitoring FTP Sessions |
.................................................................................. |
83 |
5.3. Logging All Password Change Attempts |
.................................................................................. |
86 |
5.4. Logging All Authentication Messages |
.................................................................................. |
87 |
5.5. Saving Failed Login Attempts |
.................................................................................. |
88 |
5.6. Logging All TCP Connections |
.................................................................................. |
89 |
5.7. Displaying Superuser (root) Access Attempts to the Console |
.................................................................................. |
90 |
5.8. Setting the Timeout for FTP Connection |
.................................................................................. |
90 |
5.9. Changing the Default umask for FTP Files |
.................................................................................. |
91 |
5.10. Configuring syslogd to Prevent DoS Attacks |
.................................................................................. |
92 |
5.11. Reading Binary wtmpx and utmpx Files |
.................................................................................. |
93 |
5.12. Logging Command Execution |
.................................................................................. |
96 |
5.13. Sending all Logging to a Remote Host |
.................................................................................. |
98 |
5.14. Sending all Logging to a Printer |
.................................................................................. |
101 |
5.15. Rotating Log Files |
.................................................................................. |
102 |
5.16. General System Auditing |
.................................................................................. |
106 |
5.17. Working with Basic Security Module (BSM) |
.................................................................................. |
113 |
5.18. Using BSM for Auditing Login Events |
.................................................................................. |
117 |
5.19. Using BSM for Logging All Commands |
.................................................................................. |
118 |
5.20. Using BSM to Configure Auditing On a Per User Basis |
.................................................................................. |
119 |
5.21. Analysing Audit Trails in BSM |
.................................................................................. |
120 |
5.22. Managing the Audit Trails in BSM |
.................................................................................. |
122 |
5.23. Working with Automated Security Enhancement Tool (ASET) |
.................................................................................. |
125 |
5.24. Working with Solaris Security Toolkit (JASS) |
.................................................................................. |
135 |
5.25. Using Solaris Fingerprint Database (sfpDB) |
.................................................................................. |
142 |
5.26. Using the System Accounting Mechanism for Auditing |
.................................................................................. |
144 |
CHAPTER 6: NETWORK SECURITY |
.................................................................................. |
152 |
6.1. Improving Network Security |
.................................................................................. |
152 |
6.2. Protecting Against Sequence Number Attacks |
.................................................................................. |
161 |
6.3 Blocking Users from Accessing Restricted IP Addresses |
.................................................................................. |
161 |
6.4. Blocking Foreign IP Packets from Accessing your Internal Network |
.................................................................................. |
163 |
6.5. Preventing ARP Poisoning, Man-in-the-Middle, DoS, Sniffing, Session Hijacking and Other Attacks |
.................................................................................. |
168 |
6.6. Denying Services Executed by inetd from Creating Core Files |
.................................................................................. |
170 |
6.7. Securing Traffic between Two Systems Using IPSec |
.................................................................................. |
170 |
6.8. Securing Web Servers Using IPSec |
.................................................................................. |
177 |
6.9. Setting Virtual Private Network (VPN) Using IPsec |
.................................................................................. |
177 |
CHAPTER 7: REMOTE ACCESS |
.................................................................................. |
178 |
7.1. Aborting Telnet Connectivity if User's Home Directory is Missing |
.................................................................................. |
178 |
7.2. Printing /etc/issue or Other Messages at a Login Prompt for FTP Users |
.................................................................................. |
180 |
7.3. Setting Remote User Account for FTP Only |
.................................................................................. |
182 |
7.4. Limiting the Number of User Logins |
.................................................................................. |
182 |
7.5. Disabling ~/.rhosts for rlogin and rsh Commands |
.................................................................................. |
183 |
7.6. Enforcing Dial-Up and Terminal Passwords |
.................................................................................. |
185 |
7.7. Temporarily Disabling Dial-up Logins |
.................................................................................. |
189 |
7.8. Mounting a File System to Prevent Execution of Set-UID Programs |
.................................................................................. |
189 |
7.9. Configuring NFS to Allow Only Certain Clients to Mount File Systems Stored on the Client |
.................................................................................. |
190 |
7.10. Securing NFS to Prevent Filehandle Guessing Attacks |
.................................................................................. |
191 |
7.11. Denying Access for Unknown Users and Attempts by Root Users of Other Machines from Mounting a File System |
.................................................................................. |
196 |
7.12. Logging NFS Activities |
.................................................................................. |
196 |
7.13. Configuring NFS Servers to Accept Client NFS Requests from a Privileged Port Number |
.................................................................................. |
198 |
7.14. Setting Up a Secure NFS Environment with Diffie-Hellman or Kerberos Authentication |
.................................................................................. |
199 |
7.15. Accessing NFS File Systems Mounted with Kerberos Authentication |
.................................................................................. |
202 |
7.16. Restricting the Mounting of Subdirectories Below a Shared Directory |
.................................................................................. |
203 |
7.17. Setting FTP Files that No One Can Retrieve |
.................................................................................. |
204 |
7.18. Limiting the Number of Concurrent FTP Connections |
.................................................................................. |
205 |
7.19. Limiting FTP Access by Time of Day/Day of Week |
.................................................................................. |
206 |
7.20. Enabling FTP Logging |
.................................................................................. |
207 |
7.21. Allowing or Denying Individual FTP Commands |
.................................................................................. |
210 |
7.22. Preventing Users from Creating and Using .netrc Files |
.................................................................................. |
210 |
7.23. Restricting FTP User Access |
.................................................................................. |
212 |
7.24. Setting Up Remote Logging |
.................................................................................. |
213 |
7.25. Setting Up Anonymous FTP |
.................................................................................. |
215 |
CHAPTER 8: X WINDOW SECURITY |
.................................................................................. |
219 |
8.1. Verifying X Window Security |
.................................................................................. |
219 |
8.2. Using xhost Authentication |
.................................................................................. |
221 |
8.3. Using Magic Cookies |
.................................................................................. |
222 |
8.4. Using the xauth Utility |
.................................................................................. |
223 |
8.5. Using Secure RPC Authentication |
.................................................................................. |
225 |
8.6. Disabling the "Remote Login" Option from the CDE Login Menu |
.................................................................................. |
226 |
8.7. Modifying the Time delay before Automatic Screen Lock |
.................................................................................. |
227 |
8.8. Controlling Access to Your X Window Server |
.................................................................................. |
228 |
CHAPTER 9: OPERATIONS SECURITY |
.................................................................................. |
229 |
9.1. Preventing ps -ef from Displaying Command Line Arguments of the Running Program |
.................................................................................. |
229 |
9.2. Delegating Superuser Privileges without Using RBAC |
.................................................................................. |
231 |
9.3. Assigning the Home Directory of root to Something other than "/" |
.................................................................................. |
233 |
9.4. Encrypting Data Backup |
.................................................................................. |
234 |
9.5. Restricting Execute Permissions on Stacks |
.................................................................................. |
235 |
9.6. Preventing DoS Attacks Caused by Creating Large Core Dump Files |
.................................................................................. |
237 |
9.7. Using Disk Quotas Against Mail Attacks |
.................................................................................. |
239 |
9.8. Disabling Unused Services from Starting at the Boot Time |
.................................................................................. |
244 |
9.9. Ensuring All Startup Scripts Run with the Proper umask |
.................................................................................. |
244 |
9.10. Configuring the Restricted Shell Properly |
.................................................................................. |
245 |
9.11. Removing Unneeded Pseudo-Accounts |
.................................................................................. |
247 |
9.12. Configuring DNS on a Bastion Host |
.................................................................................. |
248 |
9.13. Disabling RPC services |
.................................................................................. |
248 |
9.14. Restricting Access to Local and Remote Printers |
.................................................................................. |
248 |
9.15. Preventing sendmail Username Guessing Attacks |
.................................................................................. |
249 |
9.16. Securing Start Applications from Login Files |
.................................................................................. |
250 |
9.17. Configuring sendmail against Spam |
.................................................................................. |
252 |
9.18. Disabling finger Service |
.................................................................................. |
252 |
9.19. Preventing sendmail Forward Attacks |
.................................................................................. |
254 |
9.20. Clearing Your Screen Remotely |
.................................................................................. |
254 |
9.21. Securing Files in the /etc Directory |
.................................................................................. |
255 |
CHAPTER 10: INTERNET SECURITY |
.................................................................................. |
256 |
10.1. Checking What Kind of Information Your Browser "Leaks" to the Internet |
.................................................................................. |
257 |
10.2. Protecting Yourself from Cookies and Web Bugs |
.................................................................................. |
258 |
10.3. Blocking Banner Ads and Web Sites |
.................................................................................. |
261 |
10.4. Clearing History Lists |
.................................................................................. |
261 |
10.5. Staying Anonymous on the Internet |
.................................................................................. |
262 |
CHAPTER 11: UNIX SECURITY FORENSICS |
.................................................................................. |
264 |
11.1. Synchronizing Time for Security Forensics |
.................................................................................. |
264 |
11.2. Determining if a File has been Read or Copied since the Last Time |
.................................................................................. |
266 |
11.3. Recovering Deleted Text Files or Files that have been Altered |
.................................................................................. |
269 |
11.4. Determining which Files have been Deleted from your System |
.................................................................................. |
271 |
11.5. Alternative Ways to List Files in a Directory if the ls Command is Trojanized |
.................................................................................. |
278 |
11.6. Finding Trojans |
.................................................................................. |
279 |
11.7. Analyzing Suspicious Binary Files |
.................................................................................. |
281 |
11.8. Analyzing Strange Processes |
.................................................................................. |
287 |
11.9. Capturing, Viewing and Analyzing Suspicious Network Traffic |
.................................................................................. |
297 |
11.10. Determining Which Processes Have Particular Files Open |
.................................................................................. |
302 |
11.11. Finding Hidden Files and Directories |
.................................................................................. |
303 |
11.12. Analyzing Suspicious Network Connections |
.................................................................................. |
303 |
11.13. Creating a Memory Snapshot as Evidence |
.................................................................................. |
304 |
11.14. Checking if ls and ps Commands have been Replaced by Trojans |
.................................................................................. |
307 |
11.15. Backing up Evidence Locally |
.................................................................................. |
310 |
11.16. Backing up Evidence on Remote Computer |
.................................................................................. |
314 |
11.17. Ensuring Evidence Integrity |
.................................................................................. |
315 |
11.18. Encrypting the Evidence |
.................................................................................. |
318 |
11.19. Encrypting a Backup of Evidence |
.................................................................................. |
319 |
11.20. Hiding Investigation Activities form Hackers |
.................................................................................. |
320 |
11.21. Security Forensics using DTrace |
.................................................................................. |
322 |