Securing Systems with the Solaris Security Toolkit

Authors: Alex Noordergraaf and Glenn Brunette
Pages: 415
Publisher: Prentice Hall PTR
ISBN: 0131410717

Introduction

This book is part of an on-going series of books known as the Sun Blueprints Program. What this publication wants to provide are best practices for securing the Solaris Operating Environment (Solaris OE) by using the Solaris Security Toolking software.

As we can see from the preface of the book, this title consolidates three previously published Sun Blueprint OnLine articles into one comprehensive user and reference guide. It also adds a lot of new content that extends and complements the online material. Let’s get to know the authors and see what can be found in this book.

About the authors

Alex Noordergraaf has over 10 years’ experience in the area of Computer and Network Security. As a security architect of the Enterprise Server Products (ESP) group at Sun Microsystems, he is responsible for the security of midframe and high-end Sun servers. He is a co-founder of the Solaris Security Toolkit.

Glenn Brunette is a Sun Principal Engineer with over a decade of experience in information security. Glenn is co-founder of the Solaris Security Toolkit.

Inside the book

The authors begin the book by giving you an understanding of the Solaris Security Toolkit software. You learn about its design, its purpose and the versions of Solaris OE it works with. When it comes to customizations, you get some recommandations that should make deployment simpler and more effective.

In order to properly secure your systems you have to make an assessment of the risks and benefits associated with your organization. The authors offer several considerations that you can follow in order to make sure that your system is functional after the implementation of the Solaris Security Toolkit software.

After this preparation phase where you’ve also reviewed your security policy, you learn how to develop and implement a Solaris Security Toolkit profile. The authors give some sound advice when they note that you have to maintain the security of your system also after the installation by using an audit strategy and, of course, by periodically updating to the new version of the software.

What follows is a chapter dedicated to the downloading, installation and running of the Solaris Security Toolkit software, as well as other interesting security software. Everything is described in great detail and every step is followed by command line examples that don’t leave much to the imagination.

When the Solaris Security Toolkit software hardens your system, it inevitably makes some changes to it. You learn how to undo these changes before moving on to learn about the configuration and management of JumpStart servers. To use the Solaris Security Toolkit software. The JumpStart technology is Sun’s network-based Solaris OE mechanism that is able to run to Solaris Security Toolkit software during the installation process.

It’s time to learn how to audit your system’s security using the Solaris Security Toolkit software. As I mentioned above, security has to be reviewed periodically so this is a chapter you shouldn’t skip as it will teach you how to keep your systems secure after hardening. Later in the book you’ll learn how to work with audit scripts.

The next chapter presents a case scenario where you learn how to deploy the Solaris Security Toolkit software with a Checkpoint Firewall-1 NG for the Solaris 8 OE. The authors assume you have a good skill level in order to completely understand the presented information. Don’t worry though, as before everything is explained in detail, step by step.

The Solaris Security Toolkit software has framework functions that allow you to change its behavior without modifying source code. The authors demonstrate how framework functions can be customized, used, added, modified and removed.

As we move on you learn how to use, modify and customize the file templates included in the Solaris Security Toolkit software. Everything is explained carefully and I believe all demonstrated actions are easy to understand.

As we move on there are two chapters dedicated to everything related to the drivers and scripts that are used by the Solaris Security Toolkit software to harden, minimize and audit Solaris OE systems. You get an understanding of driver functions and processes and then move on to discover reference information related to the scripts and customization. You learn how to use both standard and product-specific finish scripts.

The last chapter of the book provides reference information about using environment variables and provides tips for customizing their values.

My 2 cents

There are details in this book that make it both an excellent user guide and reference guide. The layout and fonts are used in a winning combination that makes it easy to spot specific information and make the book easy to browse.

If you want to learn more, use the handy list of resources that the authors decided to put at the beginning of the book. It it contains a list of both papers and web sites.

As you’ve probably noted in my review, I’m quite happy with the details, command line examples and advice that the authors produced. This book has no competition so if you think about using the Solaris Security Toolkit software I suggest you get this book first.