Security Risks in Solaris for ISPs
This section discusses some Solaris for ISPs features that leave the software open to some security risks. Please refer to "How To Tighten Security" for protection against these risks.
-
Administration Products: Solaris for ISPs administration products for individual services, such as ftp or news, provides new paths for accessing privileged operations. This intruder, by knowing, guessing, or cracking the password of the administrator, may change the behavior of the services by exploiting their administrator interface through the network. However, SunscreenTM SKIP, bundled with Solaris for ISPs, authenticates incoming traffic and ensures that outgoing data is not viewed by others while in transit.
-
Remote Command Execution Mechanism: Sun Internet Administrator provides access to all of the command-line administration commands through its administrator console remote execution mechanism. An intruder may break this mechanism and gain access to those commands. However, access to these commands can be restricted, by root, to registered system administrators only.
-
Sun Directory Services: This Solaris for ISPs software can be used to store and manage passwords and information about other Solaris for ISPs extensions and services. An intruder may break in and exploit access to such privileged information. However, most passwords in Sun Directory Services are encrypted. Unencrypted passwords in Sun Directory Services require root access.
- © 2010, Oracle Corporation and/or its affiliates