Solaris 8 Administrator's Guide by Paul Andrew Watters

After creating a Solaris network, one of the greatest fears of many system administrators is the thought of the network coming under attack from either outside or within. Administrators of high-profile sites often perceive that they are under constant attack, and may be driven to the edges of paranoia by anticipating worst-case scenarios to unfold daily. When installed out of the box, Solaris (just like any other network operating system) provides many potential entry points for intruders to access a network. However, the modular nature of Solaris packages and the ease with which most services can be configured allows Solaris security to be customized to a level that is appropriate for the target installation. For example, a standalone Solaris system that runs accounting software and a local relational database does not need to worry about network attacks. An e-commerce site, on the other hand, depends on granting selective remote access to users for specific server-side applications, while protecting confidential and sensitive data on the server, such as credit card numbers. In addition, once access is gained to a single host on a Solaris network, distributed network information services, such as NIS+, make it easy to gain access to data residing on many different hosts within that local area network. This is not to say that NIS+ and similar systems should not be used—NIS+ is secure when hosts are protected from unauthorized access. It’s also important ...