|C H A P T E R 8|
This chapter provides important information about securing the system, explains security recommendations, discusses domain minimization, and provides references to Solaris Operating System security.
This chapter includes the following topics:
The following are security practices to consider:
The practice of configuring a system to limit unauthorized access is called hardening. There are several configuration steps that can contribute to hardening your system. These steps are guidelines for system configuration:
The only restrictions on SC console passwords are the character set supported by ASCII and the terminal emulator in use. The SC uses the MD5 algorithm to generate a hash of the password entered. Correspondingly, all characters entered are significant.
A minimum password length of 16 characters promotes the use of pass-phrases instead of passwords. Passwords should be composed of a mixture of lowercase, uppercase, numeric, and punctuation characters. For information on how to set the console password, see To Set Up the Password.
Simple Network Management Protocol (SNMP) is commonly used to monitor and manage networked devices and systems. By default, SNMP is disabled.
|Note - The use of Sun Management Center software requires SNMP. However, since the SC does not support a secure version of the SNMP protocol, do not enable SNMP unless you must use Sun Management Center software.|
The SC needs to be rebooted if a console message similar to the following is displayed:
Type resetsc -y to reboot the SC
The SC can be rebooted while the Solaris domain is up and running.
After rebooting the SC, use the shownetwork command to validate that all the network modifications were implemented.
For information about using the Sun Security Toolkit to create secure configurations for systems running the Solaris Operating System, see the following web site:
The SSH and Telnet services on the SC are disabled by default.
If the SC is on a general purpose network, you can ensure secure remote access to the SC by using SSH rather than Telnet. SSH encrypts data flowing between host and client. It provides authentication mechanisms that identify both hosts and users, enabling secure connections between known systems. Telnet is fundamentally insecure because the Telnet protocol transmits information (including passwords) unencrypted.
|Note - SSH does not help with FTP, HTTP, SYSLOG, or SNMPv1 protocols. These protocols are insecure and should be used cautiously on general purpose networks.|
The SC provides limited SSH functionality, supporting only SSH version 2 (SSHv2) client requests. TABLE 8-1 identifies the various SSH server attributes and describes how the attributes are handled in this subset. These attribute settings are not configurable.
1. To enable SSH, type:
You are prompted to enter the network configuration and connection parameters. For example:
lom> setupnetwork Network Configuration --------------------- Is the system controller on a network? [yes]: Use DHCP or static network settings? [static]: Hostname [hostname]: IP Address [xxx.xxx.xxx.xxx]: Netmask [xxx.xxx.xxx.x]: Gateway [xxx.xxx.xxx.xxx]: DNS Domain [xxxx.xxx.xxx]: Primary DNS Server [xxx.xxx.xxx.xx]: Secondary DNS Server [xxx.xxx.xx.x]: Connection type (ssh, telnet, none) [ssh]: Rebooting the SC is required for changes in the above network settings to take effect. lom>
For detailed information on the setupnetwork command, see the command description in the Sun Fire Entry-Level Midrange System Controller Command Reference Manual.
The SSH server on Sun Fire entry-level midrange systems does not support the following features:
If you try to use any of the above features, an error message is generated. For example, if you type the following command
The following messages are generated:
It is good security practice for well-managed machines to get new host keys periodically. If you suspect that the host key might be compromised, you can use the ssh-keygen command to regenerate system host keys.
Host keys, once generated, can only be replaced and not deleted without resorting to the setdefaults command. For newly generated host keys to be activated, the SSH server must be restarted either by running the restartssh command or through a reboot. For further information on the ssh-keygen and restartssh commands (with examples), see the Sun Fire Entry-Level Midrange System Controller Command Reference Manual.
|Note - You can also use the ssh-keygen command to display the host key fingerprint on the SC.|
This section discusses the following topics:
Special key sequences can be issued to the SC, over its serial connection, while it is booting. These key sequences have special capabilities if entered at the serial port within the first 30 seconds after an SC reboot.
The special capabilities of these key sequences are automatically disabled 30 seconds after the Sun copyright message is displayed. Once the capability is disabled, the key sequences operate as normal control keys.
Because of the risk that the security of the SC could be compromised by unauthorized access to the RTOS shell, you should control access to the serial ports of the SC.
One way to contribute to the security of a Sun Fire midrange system is to tailor the installation of software to an essential minimum. By limiting the number of software components installed on each domain (called domain minimization), you can reduce the risks of security holes that can be exploited by potential intruders.
For a detailed discussion of minimization, with examples, see Minimizing Domains for Sun Fire V1280, 6800, 12K, and 15K Systems (two-part article) available online at:
For information on securing the Solaris Operating System, see the following books and articles: