Home > Articles

  • Print
  • + Share This
Like this article? We recommend

Verifying SSP Hardening

After performing the procedures in this article to harden a Sun Enterprise 10000 SSP, test the configuration and hardening.

For the example configuration, our testing resulted in the following:

  • TCP IPv4 services listed by netstat went from 31 to 6

  • UDP IPv4 services listed by netstat went from 57 to 5

By reducing the number of services available, we reduced exposure points significantly.

NOTE

We recommend that you disable the failover mechanism before hardening the SSPs. Re-enable failover only after you harden and test both SSPs.

Testing the Main SSP

To implement the hardening procedures you completed for the main SSP, do the following.

  1. Disable the failover mechanism.

  2. Reboot the SSP.

  3. Place the hardened SSP in the main SSP role.

  4. Verify that the SSP takes control of the frame.

  5. Verify that the SSP controls the platform and functions properly.

  6. Validate that the number of daemons and services running on the SSP are significantly lower than before hardening.

  7. After verifying that the main SSP is hardened and functioning properly, perform all of the same procedures in this article (all software installation and hardening processes) on the spare SSP.

  8. Manually define the newly hardened and tested main SSP as the default main SSP.

Testing the Spare SSP

After hardening the main SSP, testing it, and manually defining it as the main, harden and test the spare SSP.

CAUTION

Do not harden the spare SSP until you verify that the hardened main SSP functions properly in your environment.

  1. Disable the failover mechanism.

  2. Reboot the SSP.

  3. Place the hardened SSP in the spare SSP role.

  4. Verify that the spare SSP takes control of the frame by becoming the main SSP, and that the spare SSP controls the platform and functions properly.

  5. Validate that the number of daemons and services running on the SSP are significantly lower than before hardening.

  6. Enable failover.

    Enable failover only after you harden and test both SSPs.

  • + Share This
  • 🔖 Save To Your Account