SC-300 Course Description

    Administering Security for Solaris is intended for system administrators and security administrators. Generally the course is an introduction to security, with the assumption that students have no prior instruction in security related issues with UNIX. However, to understand the material presented in the course, a minimum of one year of experience working as UNIX system administrator and a solid understanding of networking with TCP/IP is required.

    The intention of the course is to introduce students to security related issues with Solaris from a system administration and configuration point of view. Although the course is taught on Solaris, many issues are really related to TCP/IP applications and thus most of the course is generic UNIX, so Solaris specific experience is not required.

    It begins with a little background, identifying what data is important to be protected and various threats, including physical threats, such as fire and theft (which are briefly mentioned). The course concentrates on software configuration.

    There are discussions of basic security of users and passwords, good password selection and tips on educating users to choose strong passwords. File permissions are covered in detail (including umask and access control lists), caveats of SUID executables, restricted shells and chroot environments.

    Using UNIX with emphasis on security is presented. Configuring syslog to log to remote computers and to directly print is covered. Issues with remote access via telnet, rlogin, rsh and rcp are discussed. Also, presented is an introduction to configuring PAM.

    Common cracks, trojan horses, worms, fork bombs and denial-of-service issues are discussed.

    The remainder of the course deals with using publicly available software to enhance security. While the non-commercial versions of the software are explored during lab exercises, the training is applicable to the corresponding commercial versions as well. A variety of products are explored, which are oriented toward: additional logging capabilities, restricting access, enhancing security through encryption and analyzing potential weaknesses in the configuration.

    In particular, the course covers the following software:

    • Crack, which discovers weak passwords
    • Tripwire, which monitors file integrity
    • SST (JASS), Titan, ASET, automatic tools for enhancing security
    • BSM, which produces audit logs and restricts access to some devices
    • TCP_Wrappers, which logs and restricts access to network applications
    • SSL, SKIP and IPSec, which encrypt IP datagrams
    • Secure Shell, which encrypts shell sessions
    • RBAC and SUDO, which provide access to specified root commands to some users
    • Nessus and Saint, network security probing tools

    The course is wrapped up with issues that are not included in the above categories, such as security with web, mail and name servers. A list of steps to install a hardened Solaris server is presented.

    The course comprises a 75:25 mix of lecture and lab time. Students will install, configure and investigate all the software discussed above.

    The course does not include advanced topics, such as firewall configuration and assumes pre-requisite knowledge of TCP/IP configuration.

    [Qenesis Home] - [Solaris Training] - [SC-300]

    Copyright © 2000 Qenesis Inc. All rights reserved.
    All trademarks belong to their respective owners.