Reduce ARP caching time in Sun Solaris using ndd
ARP attacks are the easiest attacks that can be launched on a network or a Server causing a Denial of Service. One of those things that can be done on the Sun Solaris Operating System is to alter the caching time for the ARP cache whch reduces the time that a rogue ARP entry stays in the ARP table. While this is not fool proof but can certainly make it that extra difficult to the hacker.
The default time that ARP entries are cached in a Sun Solaris system is 5 mins.
Disable ICMP Redirect in Sun Solaris for Security
Solaris Operating Environment by default is configured to both accept and send the ICMP Redirect messages. According to RFCs, only a router or a gateway device should send an ICMP Redirect message and any other hosts should only be able to receive the ICMP Redirects. If the Solaris server is not acting as a Router or a Gateway then sending ICMP Redirect message should be disabled. The same applies to accepting ICMP Redirect messages if the solaris server is not required to receive ICMP Redirect messages (say a single Router/Gateway network/subnets scenario) as a malicous hacker could send fake ICMP redirect messages to modify the routing table on the host and potentialy cause a Denial of Service attack.
How to disable IP Forwarding in Sun Solaris
IP packet forwarding is the process of routing packets between network interfaces on one system. A packet arriving on one network interface and addressed to a host on a different network is forwarded to the appropriate interface. While this is a job for the network router, Servers with multiple interfaces connected to different network can perform this action as well. This behaviour as a router is a default in Sun Solaris Operating Systems.
NFS Security – nfs_portmon to restrict client source port to privileged ports
Network File System (NFS) security in Sun Solaris can be enhanced by restricting the source ports for the client connections for NFS to be only privileged ports. The privileged port range is from 512 to 1023. Enabling this security feature for NFS in solaris, checks if the source ports from the clients from privilege ports. This prevents malicious users from gaining access to files exported/shared by the NFS server by preventing custom RPC based scripts or applications being used on unprivileged ports.
Disable remote logging in Syslog daemon
Syslog daemon in Solaris by default is enabled for remote logging and will listen on UDP port 514 for syslog messages from remote systems. Unless, the server is acting as a remote logging server, this can be a Security issue as a malicious user can launch a Denial Of Service (DoS) attack on the server.
Sun Security Alerts- Sun Alert 275590 A Security Vulnerability in the ntp Daemon (xntpd(1M)) May Lead to a Denial of the Solaris Network Time Protocol(NTP) Service
- Sun Alert 274110 Security Vulnerability in the Apache 1.3 "mod_perl" Module Component "Status.pm" May Lead to Unauthorized Access to Data
- Sun Alert 274990 Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Affects Multiple Server Products in the Sun Java Enterprise System Suite
- Sun Alert 275530 Integer Overflow Security Vulnerability in AES and RC4 Decryption in the Solaris Kerberos Crypto Library May Lead to Execution of Arbitrary Code or a Denial of Service (DoS)
- Sun Alert 271169 Multiple Security Vulnerabilities in the Common Unix Printing System (CUPS) Web Interface in OpenSolaris May Lead to Cross-Site Scripting (XSS) and HTTP Response Splitting Attacks