Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
11121314151617181920
Solaris 9 Security CX-310-301 10
Security Administrator for the Solaris 9
Operating System
General Security Concepts
This section is concerned with describing a number of fundamental concepts and terms relating to computer
and information security. It also covers an analysis of a potential attacker, how crucial information can be
gained by ill-prepared security procedures and the motives and methods of an attacker.
Information Security
Information security is not just about the security of data, it encompasses three main objectives:
¾ Protection of physical access to a computer system or network
¾ Controlling authorized access to a computer system or network through the use of user accounts
and passwords
¾ Protection of the data and database information from unauthorized access, which includes
accidental, as well as deliberate, deletion or modification.
In order to achieve “information security” all three of the above must be addressed equally. Failure in any
one aspect can nullify the effect of the others. For example, if an attacker is allowed to gain physical access
to a system console, then the data and user accounts are put at risk.
The Security Life Cycle
An extremely popular misconception is that security is a task that has to be carried out once and having
carried it out, the systems are secure, allowing everyone to go and do something more interesting. This
could not be more wrong. Computer security is an ongoing task that needs to be revisited regularly to
reduce the chances of a security lapse. Periodic maintenance of the security procedures ensure that the
security of the systems and data remains effective. With Solaris systems, this includes the application of
regular security and recommended patches, effective management of user accounts and testing for
vulnerabilities.
A security life cycle helps you to understand and formulate procedures for keeping the security procedures
current. It identifies four distinct phases:
¾ Prevent – The initial hardening of a system (or network) where services that might not be required
are turned off. A good baseline is to turn off all the services and then determine the ones you really
need – this helps the administrator to be sure that no services are missed. Additionally, when a
new service is requested, any risks associated with the service should be considered BEFORE it is
enabled.