Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
61626364656667686970
Solaris 9 Security CX-310-301 64
¾ Network Address Translation (NAT) – where a corporate network can be made to look
(externally) like it has only one address, or a limited number of addresses. Numerous internal
addresses can be mapped to a single external IP address, protecting the identity of the internal
hosts.
A firewall works on a set of rules which either allow or deny certain addresses or types of data. The rules
are usually processed in a top-down fashion, stopping when a match is found. It is always good practice to
insert a deny rule for all network traffic at the end of the ruleset to catch any packets that don’t match any
other rules.
IPsec
Internet Protocol security (IPsec) is a framework for applying security at the network transport level,
instead of at the application level like a lot of other security mechanisms. Two main services operate here:
¾ Authentication Headers (AH) – where the sender must be authenticated before data packets will
be allowed
¾ Encapsulating Security Payload (ESP) – where the sender is authenticated, but the data can also
be encrypted for added protection
Network Intrusion
A network intrusion is said to have occurred when there has been unauthorized access to the network. This
can take the form of a port scanning operation, where a potential attacker might be trying to find
vulnerabilities in your network, or
Intrusion Detection
The activity of spotting an attempted intrusion on your network. An intrusion can often be identified by the
type of activity being performed by a potential attacker, lots of packets being sent to different ports for
example. Intrusion Detection Systems (IDS) such as Courtney, Gabriel and snort look specifically for these
kind of patterns and alert the administrator to any suspicious activity. It should be noted that an IDS cannot
prevent an attack, or intrusion, from taking place, it can only detect it.
Restricting Network Services
Inetd Services
Network services are controlled via the file /etc/inetd.conf and are implemented using the inetd daemon. To
restrict services, edit /etc/inetd.conf and place a “#” in column 1. This makes the whole line a comment and
is ignored by the inetd daemon.