In addition to keeping your OS up to date, there are several
things you should do to further secure your system. First,
be sure that the TCP Wrapper package is installed and correctly
configured on your system. The TCP Wrapper package essentially
adds a security wrapper around network services on your computer
and it allows you to control who has access to your system.
Once the package is installed there are three steps involved
in using it. First, you must make sure that all services started
from /etc/inetd.conf are "wrapped". Second, you must add a
file to your system called /etc/hosts.deny which must have
the entry "ALL:ALL" as it's only contents. Finally, you will
need to create a file called /etc/hosts.allow which permits
access to only those people and those specific network functions
that you want to give access to.
The next step in securing your system is to install and
use the Secure Shell. Secure Shell is a replacement for
network services such as telnet, rsh, and ftp. The difference
is that Secure Shell provides encryption and prevents anyone
from spying on you (or worse, hijacking your sessions) while
you work over the network. Secure Shell provides enough
functionality that you should be able to completely disable
telnet, ftp and rsh and only use the Secure Shell replacements.
The TCP Wrapper and Secure Shell packages can be found
on the WHOI ftp sever for both Solaris and IRIX.
Silicon Graphics, Inc./Irix
There are a large number of security holes in versions
of IRIX before 6.5.9. If you are running one of these older
versions, you should consider upgrading as soon as possible.
SGI releases OS updates once every two to three months on
CD-ROM. The updates include security fixes and enhancements.
SGI may also make patches available between update releases
for special cases, however installing the updates is the
preferred method of keeping up to date. Upgrading a system
running IRIX 6.5.0 or above is relatively easy and generally
only takes about two hours. The upgrade media is located
on the network and does not require that you have a CD-ROM
attached to your system. The upgrade can also be performed
remotely and in most cases does not require physical access
to your system. If you are running a version of IRIX prior
to release 6.5 the upgrade is somewhat more involved and
will require physical access to the system. Even so, the
upgrade is still not very difficult and can generally be
accomplished in just a few hours. To determine what version
of IRIX your SGI is currently running, issue the command
'uname -R' at a shell prompt.
Sun / Solaris
Sun releases security updates as both individual patches
and "patch clusters". The easiest method of keeping up to
date with patches is to install the Sun "recommended" patch
cluster. This is essentially a collection of all the patches
that should be installed on your system to close security
holes and fix general system bugs. I do not recommend installing
every single patch that comes out, since some patches may
introduce new problems into your system. The "recommended"
patch cluster is a collection of only those patches that
you really should have. The most recent Sun recommended
patch cluster can be obtained directly from Sun's web site.
The URL is http://www.sun.com/bigadmin/patches. Download
the recommended patch cluster for your version of Solaris.
View the readme included with the patch cluster for instructions
on how to install it. Also note that you can view the release
notes for the patch by clicking the "?" button beside the
patch on Sun's web site. Viewing the release notes will
tell you what is new in the patch cluster and the date it
was last updated. New patches come out frequently so you
should check this site once every few weeks for updates.
Hewlett Packard
Coming soon.
|
