System Guide
Common Controller
Multicast routing
Multicast is used to send data to many systems at the same time
while using one address. It is recommended to disable this
feature when security is enabled.
Hide OS and host information
When security is enabled, the ftp and telnet banners are set to
null. Also, the sendmail banner is modified to not provide any
OS host information.
Securing the sendmail daemon
When security is enabled, sendmail is forced to perform only
outgoing mail. No incoming mail will be accepted.
Securing the network parameters
When security is enabled, network parameters are secured. For
additional information, view the /etc/init.d/nddconfig file as well
as Sun's document, Solaris Operating Environment Settings for
Security.
Disabling executable stacks
When security is enabled, the system stack is non-executable.
This is done so security exploitation programs cannot take
advantage of the Solaris OE kernel executable system stack and
cannot attack the system. To ensure that these system stacks
are not executable, ensure that the following lines are added to
the /etc/system/fP file:
[set noexer_user_stack=1]
[set noexer_user_stack_log=1]
Restricting NFS port monitor
The NFS server normally accepts requests from any port
number. The NFS Server can be altered to process only those
requests from privileged ports. To restrict access, add the
following entry into the /etc/system file:
[set nfssrv:nfs_protmon=1]
Security and Network Setup
4-13