Administering Security for Solaris is intended for system administrators and security administrators. Generally the course is an introduction to security, with the assumption that students have no prior instruction in security related issues with UNIX. However, to understand the material presented in the course, a minimum of one year of experience working as UNIX system administrator and a solid understanding of networking with TCP/IP is required.
The intention of the course is to introduce students to security related issues with Solaris from a system administration and configuration point of view. Although the course is taught on Solaris, many issues are really related to TCP/IP applications and thus most of the course is generic UNIX, so Solaris specific experience is not required.
It begins with a little background, identifying what data is important to be protected and various threats, including physical threats, such as fire and theft (which are briefly mentioned). The course concentrates on software configuration.
There are discussions of basic security of users and passwords, good password selection and tips on educating users to choose strong passwords. File permissions are covered in detail (including umask and access control lists), caveats of SUID executables, restricted shells and chroot environments.
Using UNIX with emphasis on security is presented. Configuring syslog to log to remote computers and to directly print is covered. Issues with remote access via telnet, rlogin, rsh and rcp are discussed. Also, presented is an introduction to configuring PAM.
Common cracks, trojan horses, worms, fork bombs and denial-of-service issues are discussed.
The remainder of the course deals with using publicly available software to enhance security. While the non-commercial versions of the software are explored during lab exercises, the training is applicable to the corresponding commercial versions as well. A variety of products are explored, which are oriented toward: additional logging capabilities, restricting access, enhancing security through encryption and analyzing potential weaknesses in the configuration.
In particular, the course covers the following software:
The course is wrapped up with issues that are not included in the above categories, such as security with web, mail and name servers. A list of steps to install a hardened Solaris server is presented.
The course comprises a 75:25 mix of lecture and lab time. Students will install, configure and investigate all the software discussed above.
The course does not include advanced topics, such as firewall configuration and assumes pre-requisite knowledge of TCP/IP configuration.