Solaris 8 Security

The book also touches on subjects such as Kerberos, simple ways to vastly improve the security of a system, and discusses what kinds of attacks are often seen (and how to deal with them).

It's a good book to have on your shelf if you administer Solaris. It provides a good starting point for securing your Solaris 8 systems (and other UNIX systems in general). Ask your boss to buy it for you, you'll both sleep easier.

Rating:
Summary: Comprehensive security book on Sun Solaris 8
Review: Mark Twain once said that he didn’t have enough time to write short stories, so he was forced to write long novels. In that vein, there are plenty of computer books in print that comprise more than 1000 pages, cover every topic under the sun, and include a CD-ROM with often-obsolete freeware tools. Such tomes are often a waste of time and money because the contents are primarily filler with little added value.

Solaris 8 Security, on the other hand, provides a very good overview of Solaris security without the bulk of unnecessary and often extraneous information. The book covers a lot of ground. The author covers key issues involved with the various aspects of securing Solaris systems, but does not get bogged down in page-wasting minutiae.

The first three chapters provide a good introduction to basic security, cryptography, and system security issues. Chapter 4 gives a good synopsis of the authentication and authorization facilities in Solaris 8. The chapter includes information about the basics, such as etc/passwd and /etc/shadow, and the new RBAC (Role Based Access Control) functionality that is available in Solaris 8. In the past, RBAC was only available on Trusted Solaris; now it is included in standard versions of Solaris 8 and above.

RBAC attempts to solve the problem of network users having far more network access than is necessary. The fact is that most existing networks allow users to access 10 to 20 times more resources than they will ever use or need. Because authorized users commit roughly 80% of computer crime, providing too much access is a huge security risk. So how does a systems administrator reduce overall user permissions by 70-90%, while providing users with the necessary access on a need-to-know and need-to-do basis? RBAC.

Further chapters in Solaris 8 Security deal with Kerberos, auditing and accounting, and open source security tools. Chapters 8 through 10 conclude the book with overviews of network security and IPSec. Chapter 8 has some very helpful hints on fine-tuning the Solaris 8 TCP/IP stack via various configuration tools and files. Chapter 10 details how to secure various network services including HTTP and NFS.

Anyone looking for a well-focused book on Solaris security should take a look at Solaris 8 Security . It’s an excellent starting point, and at fewer than 200 pages, it provides a really good introduction to Solaris security without wasting readers’ time, money, or trees.

Rating:
Summary: Excellent book!!
Review: This book was what I needed. It is the perfect refference book for it's topic. I like the size of the book; it was not crammed with useless pictures, tables, or filler.
Sure, you can pour over tons of online Sun Documentation scatterd thoughout the Answerbook series or even dig through the man pages. Who has that much time? I needed to get quick organized understanding of my options in securing Solaris 8. Some of the chapters will be basic reading for some and reviews for others. However, a new Solaris admin who need to learn good idas on security can start here. The experienced UNIX/Linux/BSD admin can also pick up this book to learn the specific options available on the Solaris plateform. You will also learn about the short-comings of it as well (such as not coming with ssh; remedied in Solaris 9). You learn how to configure the Solaris TCP/IP stack and it's implementation of IPSEC. These two where the most useful chapters in the whole book for me.
All in all, if you admin Solaris 7/8/9 you should check this book out.