Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
11121314151617181920
Solaris 9 Security CX-310-301 11
¾ Detect – You should, at regular intervals, run tests to see if you can break in to your systems. A
number of scanning tools and vulnerability checking applications are available to do this. The
value of this is that you can detect new vulnerabilities at the earliest opportunity – remember, if
you find a vulnerability, then it’s a good bet an attacker already knows about it! As well as testing
for new kinds of threat, you can also run a system audit – this can be extremely useful, for
example, to detect changes to files that should not have changed, thereby indicating a breach of
security.
¾ React – If a security breach is located at the detection phase, then you need to react to it and “plug
the hole”. This might involve applying a patch to remedy the situation, but a review of services
and applications should also be carried out to see if they are all still required. Attackers thrive on
legacy systems and applications that are “just left running” – often a legacy application has
already been migrated to another system, but no-one has turned the old one off!
¾ Deter – You can’t protect against everything, or foresee what is going to happen, but you can take
reasonable precautions to ensure your systems and applications are not left wide open for an
attacker to exploit. If a system or application is not needed, shut it down immediately! It is no
longer a risk. Another useful deterrent is to place a notice on the entrance to a system – for
example when a user logs in. It won’t stop a determined attacker, but should state that there should
be no unauthorized access. Attackers have been cleared of crimes in the past because there was
nothing saying that they shouldn’t be logged in!
The most important point to remember about the security life cycle is that it is a cycle and not a one-off
implementation.
Good Security
There are always risks involved in computer security and you can never be 100% certain that you won’t be
attacked or compromised. Even disconnecting your systems from the rest of the world doesn’t protect you
from an attack from the inside. The following factors are critical in achieving good security:
¾ The people – Education of users and training are probably the most important aspect because a
user that is aware of the risks and takes security seriously is a precious asset.
¾ Processes – Regular procedures to check the system and application security need to be carried
out to ensure the effectiveness of the security policy that is implemented at your site. Many
companies decide that this should be done, but how many actually do it? And are then surprised
when a vulnerability is exploited by an attacker.
¾ Technology – Apply the patches regularly to your systems. Sun Microsystems tend to update the
recommended patch cluster about twice a month and can be downloaded directly from their web
site. Read newsgroups and see what other users are experiencing – useful information can often be
gathered from these locations. Run an intrusion detection system (IDS) so that you can be alerted
to probes or attacks from other computers or networks.
¾ Defense in depth – Consider applying different protection mechanisms at several layers on your
systems. The more protection you have, the harder it is for an attacker to penetrate and cause
serious damage. If an attacker has to penetrate a number of obstacles before gaining access, then it