U<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
  <head>
    <title>Keep the cyberpunks out!</title>
  </head>

  <body>
    <h1>Keep CyberPunks OUT of your Solaris box!</h1>

By now everyone has been reading about the recent
breakins, credit card thefts, web server defacements,
and other malicious acts plaguing computers around
the world.  It seems that computer crime is on the
rise and you simply can not afford to be complacent
any more.<BR><BR>

Todays tip is where to find information about how
to "wrap a titanium turtle shell around your Solaris
box".  If you already have acquired some basic command
line skills, and limited system administration skills
on your Solaris machine, you are ready to use this
information to make it significantly tougher for the
"bad guys" to bother your machine.<BR><BR>

The good friends over at Sabernet have  a great
little article at <A HREF="http://www.sabernet.net/papers/Solaris.html">http://www.sabernet.net/papers/Solaris.html</A>
which outlines simple configuration changes that will
help protect your system.  Sabernet is a web site
that provides security news and advisories about new threats.
The bottom of that article shows additional resources that are
also excellent.<BR><BR>

Sun also posts current information about security issues
at site <A HREF="http://sunsolve.sun.com/pub-cgi/secBulletin.pl">http://sunsolve.sun.com/pub-cgi/secBulletin.pl</A>
Read it frequently to stay on top of the issues.  Patches
are identified and made available for downloading at this
site.<BR><BR>

SANS Institute <A HREF="http://www.sans.org ">http://www.sans.org </A>
is another great
security resource site that carries many articles about
Solaris.  One of their more interesting features is at
<A HREF="http://www.sans.org/newlook/resources/hard_solaris.htm">http://www.sans.org/newlook/resources/hard_solaris.htm</A>
which documents a script for hardening Solaris installations
that was created by a team of professionals led by
Xerox Palo Alto Research Center's Jean Chouanard.<BR><BR>

There are far too many to list, but the resources above, coupled with
Sun's BigAdmin site <A HREF="http://www.sun.com/bigadmin">http://www.sun.com/bigadmin</A>
 should be more than
enough to get you started.<BR><BR>
<HR>

I strongly suggest setting up the firewall portion of ip_filter.
I have a paper on how to set up ip_filter on your Solaris X86 box.
<A HREF="http://www.riddleware.com/solx86/nat-config.html">http://www.riddleware.com/solx86/nat-config.html</A>
Mail me if you need pointers to reliable binaries until I have a current one availabe for download.   
<BR><BR>
For a lightweight Intrusion Detection System try <A HREF="http://www.snort.org">Snort!</A>
Visit <A HREF="http://dev.whitehats.com/index.html">http://dev.whitehats.com/index.html</A> for latest exploits to add.
 <BR><BR>
Other resources I've found usefull or informative include:
<UL>
        <LI><A HREF="http://www.apache.org/docs/misc/security_tips.html">Apache HTTP Server: Security Tips</A>

        <LI><A HREF="http://www.sendmail.org/vendor/sun/source-diffs.html">Sendmail Source Diffs for Solaris</A>
        <LI><A HREF="http://www.ornl.gov/~jar/HowToKerb.html#Pick">Kerberos installation help</A>
        <LI><A HREF="http://www.sunworld.com/sunworldonline/swol-07-2000/swol-0721-security.html">Forensics</A>
        <LI><A HREF="http://www.enteract.com/~lspitz/motives/">Know Your Enemy</A>
        <LI><A HREF="http://www.sun.com/solaris/encryption/download.html">Solaris Data Encryption</A>
        <LI><A HREF="http://www.ssh.com/products/ssh/administrator/Configuring_SSH2_for_SSH1_Compatibility.html">SSH: Configuring SSH2 for SSH1 Compatibility</A>

        <LI><A HREF="ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/">Directory of /pub/OpenBSD/OpenSSH/portable</A>

        <LI><A HREF="http://www.openssl.org/source/">OpenSSL: Source, Tarballs</A>

        <LI><A HREF="http://yassp.parc.xerox.com/">YASSP: Yet Another Solaris Security Package</A>

        <LI><A HREF="http://www.incident.org/snortdb/">Global Intrusion Detection - INCIDENT.ORG</A>

        <LI><A HREF="http://www.washington.edu/People/dad/">Dave Dittrich</A>
        <LI><A HREF="http://www.snort.org">Snort!</A>

        <LI><A HREF="http://dev.whitehats.com/index.html">http://dev.whitehats.com/index.html</A>

        <LI><A HREF="http://mailcrypt.sourceforge.net/">Mailcrypt Updated for PGP 5.0</A>

        <LI><A HREF="http://www.treachery.net/">Treachery Unlimited - www.treachery.net</A>
        <LI><A HREF="http://www.attrition.org/">www.attrition.org</A>
</UL>
 <BR><BR>
Other resources I've recieved subsequent to the initial post:
<UL>
<LI><A HREF="http://www.sun.com/software/cover/2001-0411/">http://www.sun.com/software/cover/2001-0411/</A>
<LI><A HREF="http://www.enteract.com/~lspitz/armoring.html">http://www.enteract.com/~lspitz/armoring.html</A>
<LI><A HREF="ftp://math.uwb.edu.pl/pub/solaris8/x86/">ftp://math.uwb.edu.pl/pub/solaris8/x86/</A> Some Excellent packages including openssh2.52, imap and pop3 over SSL, sendmail with STARTTLS feature (SSL)
<LI><A HREF="http://www.enteract.com/~lspitz/snoop.html">http://www.enteract.com/~lspitz/snoop.html</A>
<LI><A HREF="http://project.honeynet.org/">http://project.honeynet.org/</A>
</UL>

<BR><BR>
John Weekley says, "You should remove services from /etc/inetd.conf that
have no use in your environment, that will remove a significant portion
of threats you might otherwise encounter.
<HR>
Some notes from Rich Bejtlich about what a scan of a fresh install of
Solaris 8 1/01 looks like.<A HREF="sol8-101-scan.txt"> Solaris 8 1/01 Scan</A>     <hr>


    <address><a href="mailto:briddle@riddleware.com">Bruce Riddle</a></address>
<!-- Created: Mon Apr  9 20:43:27 EDT 2001 -->
<!-- hhmts start -->
Last modified: Sun Apr 22 01:09:11 EDT 2001
<!-- hhmts end -->
  </body>
</html>