ebook img

Sun Certified Security Administrator for Solaris 9 and 10: Study Guide PDF

577 Pages·2005·10.787 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Sun Certified Security Administrator for Solaris 9 and 10: Study Guide

TEAM LinG Sun® Certified Security Administrator for Solaris ™ 9 & 10 Study Guide TEAM LinG This page intentionally left blank TEAM LinG Sun® Certified Security Administrator for Solaris ™ 9 & 10 Study Guide McGraw-Hill/Osborne is an independent entity from Sun Microsystems, Inc. and is John Chirillo not affiliated with Sun Microsystems, Inc. in any manner. This publication and CD may be used in assisting students to prepare for the Sun Certified Security Administrator Edgar Danielyan Exam. Neither Sun Microsystems nor McGraw-Hill/Osborne warrant that use of this publication and CD will ensure passing the relevant exam. Solaris, Sun Microsystems, and the Sun Logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. McGraw-Hill/Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto TEAM LinG Copyright © 2005 by The McGraw-Hill Companies. All rights reserved. Manufactured in the United States of America. Except as per- mitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. 0-07-226450-0 The material in this eBook also appears in the print version of this title: 0-07-225423-8. All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate train- ing programs. For more information, please contact George Hoare, Special Sales, at [email protected] or (212) 904-4069. TERMS OF USE This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inac- curacy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise. DOI: 10.1036/0072254238 TEAM LinG ABOUT THE CONTRIBUTORS About the Author John Chirillo, CISSP, ISSAP, ASE, CCDA, CCNA, CCNP, SCSECA, is a Senior Internetworking Engineer at ValCom and the author of several computer security books. John has also achieved certifications in numerous programming languages and is responsible for dozens of published security exploits and alerts throughout numerous listings. He has actively participated in core security developments of various UNIX flavors under the GNU. John can be reached at [email protected]. About the Co-Author Edgar Danielyan, CISSP, ISSAP, ISSMP, CISA, MBCS, SCSA, SCNA, is Information Systems Audit Manager with Deloitte & Touche in the city of London. Before joining Deloitte, he had been an independent security consultant since 1999. He is also the author of Solaris 8 Security (New Riders, 2001) and technical editor of a number of books on Solaris, security, UNIX, and internetworking. His personal web site can be found at www.danielyan.com. About the Technical Editor Tom Brays, SCSA, SCNA, SCSECA, MCP, is a network administrator for a large telecommunications firm and the technical editor and contributing author of several computer books. He can be reached at [email protected]. About LearnKey LearnKey provides self-paced learning content and multimedia delivery solutions to enhance personal skills and business productivity. LearnKey claims the largest library of rich streaming-media training content that engages learners in dynamic media- rich instruction complete with video clips, audio, full motion graphics, and animated illustrations. LearnKey can be found on the Web at www.LearnKey.com. TEAM LinG Copyright © 2005 by The McGraw-Hill Companies. Click here for terms of use. This page intentionally left blank TEAM LinG CONTENTS AT A GLANCE Part I General Security Concepts 1 Fundamental Security Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2 Attacks, Motives, and Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 3 Security Management and Standards . . . . . . . . . . . . . . . . . . . . . . . . 65 Part II Detection and Device Management 4 Logging and Process Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 5 Solaris Auditing, Planning, and Management . . . . . . . . . . . . . . . . . . 121 6 Device, System, and File Security . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Part III Security Attacks 7 Denial of Service Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 8 Remote Access Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Part IV File and System Resources Protection 9 User and Domain Account Management with RBAC . . . . . . . . . . . . 255 10 Fundamentals of Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 Part V Solaris Cryptographic Framework 11 Using Cryptographic Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 vii TEAM LinG viii Sun Certified Security Administrator for Solaris 9 & 10 Study Guide Part VI Authentication Services and Secure Communication 12 Secure RPC Across NFS and PAM . . . . . . . . . . . . . . . . . . . . . . . . . 333 13 SASL and Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 14 Sun Enterprise Authentication Mechanism . . . . . . . . . . . . . . . . . . . 375 Part VII Appendixes A Final Test Study Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423 B Final Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447 C Final Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475 D Hands-On Exercises and Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . 499 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515 TEAM LinG For more information about this title, click here CONTENTS About the Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii Part I General Security Concepts 1 Fundamental Security Concepts . . . . . . . . . . . . . . . . 3 Describe Principles of Information Security ............................... 4 Confidentiality ..................................................... 4 Integrity ............................................................. 5 Availability ......................................................... 5 Identification ....................................................... 6 Authentication ..................................................... 6 Authorization ...................................................... 8 Accountability ..................................................... 8 Logs ................................................................. 9 Functionality vs. Assurance ....................................... 9 Privacy .............................................................. 10 Non-repudiation ................................................... 10 Explain Information Security Fundamentals and Define Good Security Architectures ............................... 13 Least Privilege ...................................................... 13 Defense in Depth .................................................. 13 Minimization ....................................................... 14 Cost-Benefit Analysis ............................................. 14 Risk-Control Adequacy ........................................... 14 Compartmentalization ............................................. 15 Keep Things Simple ............................................... 15 ix TEAM LinG

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.