Version 1.4
1/5/2004

Securing a Solaris Server - Overview

  1. Introduction
  2. History of this Web Page
  3. Overview
  4. Network Topology
  5. System Hardware Configuration
  6. Initial Installation
  7. Minimizing Solaris
  8. Minimizing Network Services
  9. Remove the Solaris Installation Leftovers
  10. Install Necessary Third Party Packages
  11. Close the Doors
  12. Obscure the Tracks
  13. Post the Warnings
  14. Perform System Backups
  15. Watch for Changes
  16. Sources of Tools
  17. Bibliography

---------------

 
Purchase Policies Contact ACCS Aout ACCS Home Papers & Projects Services Products

3. Overview

The goal of this web page is to demonstrate how to secure a Solaris Server. This demonstration is based on actual experience, not just on theory.

Before going any further, I think I should describe what I mean when I say that a system needs to be secured, and why it needs to be done.

When we secure a server, we take measures to ensure that only those people with a legitimate reason to be on a computer, actually have access to it. We also make sure that those users that do have access to the computer, only have access to their information, and have the ability to allow, or restrict, such access for others.

We are interested in securing servers to keep one user's information from being improperly available to another. We also secure servers to ensure that the disk space, network bandwidth, and CPU resources are available for the intended users.

There are three general classes of people that we're securing the server against. The one thing that people in these classes all have in common is that they're criminals.

"Children" Playing
This class of person compromises more computers than any of the other classes discussed here. Often, it's just a game, to see who can break into the most computers. The most common forms this game takes are Denial Of Service (DOS) attacks, web page defacement, and general vandalism. Sometimes the participants are too young to know that what they're doing is unlawful, but not always.

Resource Thieves
These people want to use the server's resources without paying for it. This use includes using the computer to break into other computers, using it to store information, or using it to send large amounts of E-mail to people who would rather not see it.

Data Thieves
These people are looking for information. Sometimes, they're looking for specific information; other times, they're looking for anything that they find interesting. These people will often use the information they get for their own personal gain, which may include selling it to a competitor.

An extreme version of this type of person might modify the data on your server. This might be done to discredit a person or organization, or to cause incorrect/invalid results or conclusions.

These people are separate and distinct from the commonly found web page defacers and vandals, due to their motivation. The motivation of this group is usually either money or revenge. This motivation tends to create a determination that is not normally found in the other groups.

Here is a list of the various security philosophies whose implementation I discuss in this web page:
Defense in Depth
Defense in Depth is the single most useful concept that I cover here. When used with computer security, it means that you never depend on a single security measure (like a firewall) to keep your system secure. You assume that there's a hole in any security measure you put in place, and provide for it's being broken through.

The goal here is to either have enough security doors blocking the intruder that they give up, and move on, or they run into a door that they don't know how to get through. From the security standpoint, both of these can be considered a win, or at least a draw.

This concept should also be applied to the physical security of a server, and will be discussed in greater depth in the section on System Hardware Configuration.

Less is Better
Less is Better means that the less there is on a system, the more secure the system can be made. It refers to less software, fewer daemons, fewer users logging in, and fewer services being offered.

This concept is why large organizations have dedicated name servers, NFS servers, web servers, time servers, etc..

Strong Configuration Management
Strong configuration management is critical to properly securing a server in the long term. This measure is accomplished by the use of a properly configured change detection system (i.e. Tripwire or Axe Handle), and/or a centralized configuration management system (i.e. cfengine). These two tools can be used independently, or together.

The purpose of an intrusion detection system is to inform a system administrator when a possible intrusion has occurred. This detection is often done by looking at the fingerprints of critical system files.

The purpose of a centralized configuration management system is to ensure that each system has the correct configuration at all times. The system should report when a discrepancy is found.

If you wish to run both of these tools, then the intrusion detection system should finish running prior to starting the centralized configuration management system, so that it can properly identify any changes that may have been made.

Hazard Awareness
A system administrator should always be aware of the hazards that come with operating a computer connected to the Internet, and protect against them. Usually, there are multiple ways to secure a service. The system administrator should be aware of the hazards that may arise because one or more of these actions is not performed. Making an informed decision to not close a particular security door is not necessarily bad; not monitoring it is.

Also, there are several security oriented E-mail lists, whose purpose is to keep administrators informed about current security issues. Among these are CERT, Bugtraq (from SecurityFocus) and SANS. URLs for these organizations may be found in the section on Sources of Tools.

Security Through Obscurity
This form of security is done by providing a minimal amount of information on the software configuration, software version, hardware configuration, or even the hardware vendor. Wherever it's possible to NOT provide information, don't provide it. In general, if someone has a legitimate need to know about what's on a system, they'll ask. The reasoning behind this is to never give the intruder a free ride. As an example, if you don't advertise that your web server has PHP, most intruders won't try the PHP exploits.

It should be noted that this security philosophy only serves to muddle the playing field. It is not sufficient, without the support of the other security philosophies described here. The Code Red worm is an example of why this security philosophy is inadequate. It didn't look or ask, it just hit.

Give a warning shot to the chest
This philosophy means that every feasible path into the system should get a warning message, and these messages should be plain, direct and to the point. Don't worry about being excessively polite. On the other hand, don't be excessively abusive.

These messages are not very useful against intrusion, but they may improve your legal position, if an intrusion occurs.

Prev Index Next

If you have any comments or suggestions, please E-mail webmaster@accs.com

© 2004 - Ashford Computer Consulting Service