Table of Contents
Advertisement
Sendmail daemon secured
Network parameters secured
Executable stacks disabled
NFS port monitor restricted
Remote CDE login disabled
Xerox FreeFlow Print Server router capabilities disabled
12
NOTE: All of these services are prohibited with a 'high' security
setting, but if they are re-enabled manually the hostname
information will remain hidden.
Sendmail is forced to perform only outgoing mail. No incoming
mail will be accepted.
Sun's nddconfig security tool is run. For additional information,
view Sun's document, Solaris Operating Environment Network
Settings for Security, at
http://www.sun.com/solutions/ blueprints/1200/network-updt1.pdf.
The system stack is made non-executable. This is done so
security exploitation programs cannot take advantage of the
Solaris OE kernel executable system stack and thereby attack the
system.
The NFS server normally accepts requests from any port number.
The NFS Server is altered to process only those requests from
privileged ports. Note that with the high security setting, NFS is
disabled; however if the service is re-enabled manually, the port
restriction will still apply.
The Remote CDE login is disabled.
The Xerox FreeFlow Print Server router capabilities is disabled
(empty/etc/notrouter file created).
Security Guide
Advertisement
Table of Contents
