Hardening the operating system is the first, and one of the most
fundamental, steps in ensuring that mission critical information
is adequately protected on Corporate systems. This course will
provide a detailed understanding of the security features and
configuration settings of the UNIX operating system. During the
seminar, we will outline a process for reviewing and auditing
the security of UNIX systems to ensure that appropriate countermeasures
are in place to protect against common UNIX vulnerabilities, threats,
and exploits. The seminar will be focused on Sun Solaris, one
of the dominant UNIX variants for mission critical systems that
would most often be encountered by an IT Auditor. The seminar
will focus on “general purpose” Solaris configuration
issues as well as some optional security features and tools that
may be appropriate for highly secure environments, and considers
all versions up through and including Solaris 9. Finally, the
seminar will identify and discuss specific audit procedures for
reviewing and evaluating the security of Sun Solaris UNIX installations.
• Introduction to UNIX and Solaris
• Users and Groups
• Authentication
• File System and File Permissions
• System Startup and User Initialization
• Internetworking: NFS and Trust
• Network Services
• Logging
• Other Security Controls
• Monitoring
