How to reduce the Security risk in Solaris - Generic OS Hardening steps
1.Apply recommendation patch cluster bundle regularly.
It's very impartant bug fixes & security fix patches
2.Disable unused services which will make high risk
like no longer used such NFS,NIS,Apache,sendmail,SNMP,Printer,Internet based services
3.disable inet services and use ssh for remote login and file server.
It's better not to use telnet,ftp,rlogin services
4.There many parameters in solaris kernal which can be turned to increase the security
Network parameters can be tuned using -->ndd command
Other kernel parameters can modified using-->/etc/system file.
5.Network tweaks:-
@ Disable IP forwarding on OS
@ Protect against SYN floods attacks
@ Reduce ARP timeouts
6.Restrict root to login only via console
@ remove un-used users
@ Restrict cron access from normal users and disable.rhosts
7.set warning banners in /etc/motd & /etc/issue
8.Increase the level of logging in system accounting,process accounting,kernal level auditing
9.create /etc/ftpd/ftpusers to restrict ftp to all users
10.Remove the group writable from all files in /etc
# chmod -R g-w /etc
11.Disble un-used SMF services using -->svcadm command
12.use Solaris sercrity Toolkit (JASS)
13.Be caution with removable media devices.Stop "vold" if possible
14.Restrict access to TCP based network services by using TCP wrappers
1.Apply recommendation patch cluster bundle regularly.
It's very impartant bug fixes & security fix patches
2.Disable unused services which will make high risk
like no longer used such NFS,NIS,Apache,sendmail,SNMP,Printer,Internet based services
3.disable inet services and use ssh for remote login and file server.
It's better not to use telnet,ftp,rlogin services
4.There many parameters in solaris kernal which can be turned to increase the security
Network parameters can be tuned using -->ndd command
Other kernel parameters can modified using-->/etc/system file.
5.Network tweaks:-
@ Disable IP forwarding on OS
@ Protect against SYN floods attacks
@ Reduce ARP timeouts
6.Restrict root to login only via console
@ remove un-used users
@ Restrict cron access from normal users and disable.rhosts
7.set warning banners in /etc/motd & /etc/issue
8.Increase the level of logging in system accounting,process accounting,kernal level auditing
9.create /etc/ftpd/ftpusers to restrict ftp to all users
10.Remove the group writable from all files in /etc
# chmod -R g-w /etc
11.Disble un-used SMF services using -->svcadm command
12.use Solaris sercrity Toolkit (JASS)
13.Be caution with removable media devices.Stop "vold" if possible
14.Restrict access to TCP based network services by using TCP wrappers
No comments:
Post a Comment