Hack Proofing Sun Solaris 8

Two of Sun Solaris's prime attractions are its reliability and the high availability of servers running it. These advantages can be, however, negated by carelessness. Forget to apply a patch, or neglect to synchronize your servers' system clocks, and someone who's paying more attention will exploit the holes you've left in your system. The authors of Hack Proofing Sun Solaris 8 teach you how to run Solaris with flair. They show you how to implement wise security rules and implement popular services--like Common Gateway Interface (CGI) scripts--with a focus on improving security without reducing function. Most of the advice here has to do with Solaris boxes as Web servers, mail servers, and firewalls.

A lot of the authors' advice will be familiar to readers who have done security work before--their advice to disable all nonessential services, for example, falls into this category. Other information, such as the particular syntax of Solaris's native security utilities and third-party programs that are designed for Solaris, is very handy. It'll prove especially nice for people coming to Solaris from security administration on other operating systems. The organizational approach balances quick reference--the ability to quickly locate some detail via the index--with informative background that will help you head off emerging, undocumented attacks. There aren't many earth-shaking revelations in this book, but it contains good documentation of Solaris security tools and procedures. --David Wall

Topics covered: Sun Solaris 8 defensive policies and procedures. Native Solaris tools (like audit log) are documented, as are outside tools like Snort. There's advice on setting user and file permissions, and hints on how to configure network services like HTTP, SMTP, DHCP, and network address translation (NAT) in a secure way. Caching with Squid gets attention, too.