Personalising Security on the Solaris Operating System

5 Day Course
Hands On
Official Unix Curriculum
Code SC-301-S10

This course has been retired. Please view currently available Solaris Training Courses.

Modules

Collapse all

Describing Basic Security Principles (7 topics)

  • Describe the need for a security policy
  • Describe the need to securely configure systems
  • Describe hardening systems
  • Describe minimized systems
  • Describe appropriate system configuration
  • Describe the need for auditing
  • Describe logging to meet legislative compliance

Listing Applicable Solaris 10 Security Features (16 topics)

  • Describe these new features included in the Solaris 10 Operating System (OS):
  • The device policy
  • Kerberos-enabled applications, Lightweight Directory Access Protocol (LDAP), and interoperability enhancements
  • Process rights management
  • Solaris Containers
  • User rights management (Role Based Access Control)
  • Password strength, syntax checking, history, and aging improvements
  • Basic Audit and Report Tool (BART) for file integrity
  • IPfilter stateful packet filtering firewall
  • Solaris Secure Shell
  • IPsec/Internet Key Exchange (IKE) performance enhancements
  • Solaris auditing
  • Trusted Extensions
  • SSL encryption with PKCS#11 interface and OpenSSL
  • PAM improvements
  • MD5 hash functions built into the Solaris OS

Describing Minimization (4 topics)

  • Describe a minimal installation
  • Describe software installation clusters (metaclusters)
  • Examine loose compared to strict minimization
  • Provide consistent, known configuration for installations

Managing Patches (4 topics)

  • Describe the Solaris 10 Update Manager
  • Describe signed patches
  • Understand how to verify signatures for a signed patches
  • Specify a web proxy when installing a signed patch

Performing Hardening (5 topics)

  • Understand what is involved when performing system hardening
  • Use the Solaris Security Toolkit (SST)
  • Understand the software component of SST
  • Use SST for system hardening
  • Use SST for system security audits

Implementing Process Rights Management (5 topics)

  • Describe process rights management
  • Describe process privileges
  • Understand how to determine rights required by processes
  • Understand how to debug privileges
  • Assign minimum rights to a process

Implementing User Rights Management (8 topics)

  • Describe access controls
  • Understand and use Role Based Access Control
  • Explain what is meant by a rights profile
  • Understand and use a role
  • Explain authorizations and privileges in RBAC
  • Configure and use password history
  • Configure password selection constraints
  • Understand how to use strong cryptographic algorithms for passwords

Utilizing the Solaris Cryptographic Framework (5 topics)

  • Describe the role of the Solaris Cryptographic Framework
  • Administer and maintain the Solaris Cryptographic Framework
  • Explain and use the digest(1), mac(1), encrypt(1), and decrypt(1) commands
  • Manage the Solaris Cryptographic Framework environment
  • Describe how the Solaris Cryptographic Framework can be used with Java applications, web servers, and the Sun Crypto accelerator cards

Managing File system Security (3 topics)

  • Use the elfsign(1) command to verify Solaris 10 OS Executable and Linkable Format (ELF) objects
  • Describe and use the Basic Audit and Report Tool
  • Describe secure execution

Using the Service Management Facility (5 topics)

  • Describe the Service Management Facility
  • Describe the concept of least privilege
  • Describe authorization
  • Limit a service's privileges
  • Examine a service's current privileges

Securing Networks (6 topics)

  • Describe network access controls
  • Describe TCP Wrappers in the Solaris 10 OS
  • Implement the Solaris IP Filter Stateful Packet Filtering Firewall
  • Describe Kerberos security
  • Understand and use Solaris Secure Shell
  • Describe the security features of NFSv4

Implementing IPsec (4 topics)

  • Describe IP Security (IPsec) and the Internet Key Exchange (IKE) protocols
  • Describe the various ways IPsec can be configured
  • Describe two ways to configure IKE
  • Describe methods used for troubleshooting IPsec and IKE configurations

Performing Auditing and Logging (7 topics)

  • Describe Solaris auditing
  • Configure an audit policy
  • Implement Solaris auditing
  • Configure auditing on a system implementing Solaris zones
  • Access the audit data from the audit trail
  • Describe how the audit records can be used
  • Protect audit information on a system or in the enterprise

Implementing Security in Solaris Zones (7 topics)

  • Describe security characteristics of a Solaris system with zones installed
  • Understand the differences between the subjects already covered and how they apply to the Solaris operating system with zones installed
  • Describe the global zone
  • Explain when and how to use zones
  • Describe resource management in a zone
  • Address zones and network security
  • Understand patching zones

How Security Components Work Together (3 topics)

  • Describe how security components work together
  • Describe how technologies interact
  • Describe infrastructure requirements

Course PDF

Print

Sections