Solaris 10 Security Essentials
- By Sun Microsystems Security Engineers
- Published Nov 9, 2009 by Prentice Hall. Part of the Oracle Solaris System Administration Series series.
- Copyright 2010
- Dimensions: 7 X 9-1/8
- Pages: 312
- Edition: 1st
- ISBN-10: 0-13-701233-0
- ISBN-13: 978-0-13-701233-6
Register your product to gain access to bonus material or receive a coupon.
Product Author Bios
This book is the work of the engineers, architects, and writers at Sun Microsystems who conceptualized the services, wrote the procedures, and coded the Solaris OS’s security features. These authors bring a vast range of industry and academic experience to the business of creating and deploying secure operating systems. Authors include Glenn Brunette, Hai-May Chao, Martin Englund, Glenn Faden, Mark Fenwick, Valerie Anne Fenwick, Wyllys Ingersoll, Wolfgang Ley, Darren Moffat, Pravas Kumar Panda, Jan Pechanec, Mark Phalan, Darren Reed, Scott Rotondo, Christoph Schuba, Sharon Read Veach, Joep Vesseur, and Paul Wernau.
Solaris™ 10 Security Essentials describes the various security technologies contained in the Solaris operating system. The book describes how to make installations secure and how to configure the OS to the particular needs of your environment, whether your systems are on the edge of the Internet or running a data center. The authors present the material in a straightforward way that makes a seemingly arcane subject accessible to system administrators at all levels.
The strengths of the Solaris operating system’s security model are its scalability and its adaptability. It can protect a single user with login authentication or multiple users with Internet and intranet configurations requiring user-rights management, authentication, encryption, IP security, key management, and more. This book is written for users who need to secure their laptops, network administrators who must secure an entire company, and everyone in between.
The book’s topics include
- Zones virtualization security
- System hardening
- Trusted Extensions (Multi-layered Security)
- Privileges and role-based access control (RBAC)
- Cryptographic services and key management
- Network security
- Pluggable Authentication Modules (PAM)
Solaris™ 10 Security Essentials is the first in a new series on Solaris system administration. It is a superb guide to deploying and managing secure computer environments.
1 of 1 people found the following review helpful
Solid and helpful introduction to the subject,
Amazon Verified Purchase(What's this?)
This review is from: Solaris 10 Security Essentials (Paperback)As I mentioned in my review of Solaris 10 System Administration Essentials, I bought the two books together. I read the other book first and was disappointed by the hand-waving treatment of important topics and sometimes outdated concepts. I also felt misled by the author attribution. While it was my mistake to infer Sun engineers had written the book, "Solaris System Engineers" still misrepresents many of that book's contributors. If I had written that content and dared call myself a system engineer, I'd imagine my employer would want to know what I mean by that phrase, followed by a quiet resignation.
Thankfully, this book is quite different. It is, for starters, attributed to "Sun Microsystems Security Engineers" and there's no mistaking that by the quality of the content. The first two chapters present exactly what I think... Read more
4 of 8 people found the following review helpful
This review is from: Solaris 10 Security Essentials (Paperback)Just as it says on the cover, it's essential. I've had it for a couple days and now I can't live without it. It's answered so many nagging questions. Yay Solaris!
› See both customer reviews...
Online Sample Chapter
Download the sample pages (includes Chapter 3 and Index)
Table of Contents
About the Authors xix
Chapter 1: Solaris Security Services 1
1.1 A Solaris Security Story 1
1.2 Security Services in the Solaris OS 3
1.3 Configurable Security Services in the Solaris OS 5
Chapter 2: Hardening Solaris Systems 9
2.1 Securing Network Services 9
2.2 Configuration Hardening 16
2.3 Basic Audit and Reporting Tool 20
2.4 Signed ELF Filesystem Objects 22
2.5 Solaris Fingerprint Database (sfpDB) 23
Chapter 3: System Protection with SMF 29
3.1 Service Management Facility (SMF) 29
3.2 How SMF Configuration Works 30
3.3 Modifying Solaris Services Defaults 31
Chapter 4: File System Security 41
4.1 Traditional UNIX File System Security 41
4.2 ZFS/NFSv4 ACLs 48
4.3 Maintaining File System Integrity 52
4.4 UFS and NFSv4 Mount Options 57
4.5 ZFS Mount Options 58
4.6 ZFS Delegated Administration 59
Chapter 5: Privileges and Role-Based Access Control 63
5.1 Traditional UNIX Security Model 63
5.2 Solaris Fine-Grained Privileges 66
5.3 Solaris Role-Based Access Control 72
5.4 Privileges for System Services 90
Chapter 6: Pluggable Authentication Modules (PAM) 95
6.1 The PAM Framework 96
6.2 The PAM Modules 96
6.3 The PAM Configuration File 101
6.4 PAM Consumers 106
6.5 The PAM Library 109
6.6 PAM Tasks 110
Chapter 7: Solaris Cryptographic Framework 113
7.1 PKCS #11 Standard and Library 114
7.2 User-Level Commands 119
7.3 Administration of the Solaris Cryptographic Framework 122
7.4 Hardware Acceleration 125
7.5 Examples of Using the Cryptographic Framework 127
Chapter 8: Key Management Framework (KMF) 133
8.1 Key Management Administrative Utility 134
8.2 KMF Policy-Enforcement Mechanism 139
8.3 Key Management Policy Configuration Utility 140
8.4 KMF Programming Interfaces 142
Chapter 9: Auditing 145
9.1 Introduction and Background 145
9.2 Definitions and Concepts 147
9.3 Configuring Auditing 148
9.4 Analyzing the Audit Trail 157
9.5 Managing the Audit Trail 163
9.6 Common Auditing Customizations 165
Chapter 10: Solaris Network Security 169
10.1 IP Filter 169
10.2 What Is IPsec? 179
10.3 Solaris Secure Shell (SunSSH) 192
10.4 Configuring SunSSH 194
10.5 OpenSSL 199
10.6 Kerberos 201
10.7 Kerberos in the Solaris OS 204
10.8 Kerberos Administration 207
10.9 Application Servers 215
10.10 Interoperability with Microsoft Active Directory 217
Chapter 11: Zones Virtualization Security 221
11.1 The Concept of OS Virtualization: Introduction and Motivation 221
11.2 The Architecture of Solaris Zones 222
11.3 Getting Started with Zones 226
11.4 The Security Advantages of OS Virtualization 229
11.5 Monitoring Events in Zones 236
Chapter 12: Configuring and Using Trusted Extensions 239
12.1 Why Use Trusted Extensions? 239
12.2 Enabling Trusted Extensions 240
12.3 Getting Started 241
12.4 Configuring Your Trusted Network 243
12.5 Creating Users and Roles 248
12.6 Creating Labeled Zones 251
12.7 Using the Multilevel Desktop 254
Book + eBook Bundle
Book Price $35.99
eBook Price $12.60
eBook formats included
This book includes free shipping!
This book includes free shipping!
Includes EPUB, MOBI, and PDF
About eBook Formats
This eBook includes the following formats, accessible from your Account page after purchase:
EPUBThe open industry format known for its reflowable content and usability on supported mobile devices.
MOBIThe eBook format compatible with the Amazon Kindle and Amazon Kindle applications.
PDFThe popular standard, used most often with the free Adobe® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discretely watermarking it with your name, making it uniquely yours.
Get access to thousands of books and training videos about technology, professional development and digital media from more than 40 leading publishers, including Addison-Wesley, Prentice Hall, Cisco Press, IBM Press, O'Reilly Media, Wrox, Apress, and many more. If you continue your subscription after your 30-day trial, you can receive 30% off a monthly subscription to the Safari Library for up to 12 months. That's a total savings of $199.