Whether you are an experienced Security or System Administrator or a Newbie to the industry, you will learn how to use native, “out-of-the-box”, operating system capabilities to secure your UNIX environment. No need for third-party software or freeware tools to be and stay secure!

This book will help you ensure that your system is protected from unauthorized users and conduct intrusion traces to identify the intruders if this does occur.  

It provides you with practical information to use of the native OS security capabilities without the need for a third party security software application.  Also included are hundreds of security tips, tricks, ready-to-use scripts and configuration files that will be a valuable resource in your endeavor to secure your UNIX systems.

Dr. Loza’s passion for providing vanguard technology solutions led him to found Tego System Inc. and HackerProof technology.

He is also a contributor to many industry magazines (including 2600 Hackers Quarterly Magazine), has been translated into several languages and quoted in many information security books and web sites. His infamous article Reviewing Your X Window Security spread around the Internet and has been featured by the Sun Microsystems, Linux and BSD communities. Dr. Loza is also an author of several patents and is an expert in computer security and a well-known speaker and trainer.

During his career, Dr. Loza has gained extensive field-tested security knowledge and has analyzed and designed security architectures for a variety of applications and products.

INTRODUCTION

Protecting corporate assets from security breaches is a compelling concern - an organization’s productivity, brand reputation and consumer confidence can all depend on it.  Implementing proper information security measures is also the first step towards minimizing production down time due to system failure - one of the primary goals of every organization.

During the author’s extensive experience as a system and security administrator for numerous large and medium-size companies, it was not unusual for operation and production management to prohibit the installation of any third-party applications - “unsupported” freeware and open-source applications for hardening security, especially on production machines. This was partially due to strict policies from vendors providing operating system support.  It was also because of company security policies prohibiting downloading from the Internet and installing any applications that have not been thoroughly tested, regardless of how well these applications can secure the production box. Therefore, in many cases you will not be able to use any third-party tools.

This book was written to help system and security administrators set up a secure UNIX operating system environment by using the native capabilities of the “pure” operating system. As you read this book, you will learn that with your knowledge of the operating system and information security, it is possible to do a great deal to create a “hard” operating environment by using only the tools and utilities that come bundled with UNIX.

This book not only discusses security measures, but actually shows you how particular measures can be implemented. Use it when you need a practical solution for a security problem.

The output for all the examples in the book is provided for the popular Solaris operating system version of UNIX from Sun Microsystems.  Known for robustness, easy administration, maintenance, and overall good security, Solaris has continued to gain popularity since it was introduced in 1992, based on a port of System V Release 4.0.   Other UNIX “flavors” are identified in the title of certain sections. “Linux” means that the solution in the section can be used for Linux (tested for Red Hat Linux). “UNIX General” means that the particular security solution can be used with other UNIX systems, including AIX, HP-UX, FreeBSD on others. We will also indicate which Solaris OS version and platform relate to a specific procedure, where applicable.

Throughout the book we will use “#” sign to as a command line prompt to indicate that you have to be root to run this particular command. The “$” sign will indicate that you do not have to use superuser privileges to execute this particular sequence of commands. User input is also highlighted as bold text in code listings.

Commands for which the UNIX man command can be used for additional information, are included where applicable, e.g., swap (1M).