[SunHELP] Solaris 8: Unable to login

Sheldon T. Hall shel at cmhcsys.com
Fri Aug 13 09:38:09 CDT 2004

Charu Kamath says ...

> Thanks.I re-installed the machine and again have enabled
> tcp_wrappers and disabled SMC as well.
> What other precautions to be taken to protect the machine
> from hackers??

#1.  Never put an un-hardened computer directly on the Internet.

#2.  Google "armoring solaris" and go through the list.  This includes a
fresh install, patching, and hardening _before_ ever connecting the computer
to any non-dedicated network.

The best thing to do is to put your network behind a real firewall, and only
allow access to certain ports on certain machines from certain IP addresses.
This keeps the most of the bad guys from ever getting a connection, much
less being able to exploit anything.

If one machine on your network has been rooted, you must investigate _all_
the rest.  A clever cracker will already have used the first compromised
machine to root at least one other machine.  This way, when you find and fix
the first one, he has another way in.

SANS reports that the average Internet-connected computer gets some sort of
attack every 20 minutes.  I only have two ports open to the Internet, and I
see several attacks per day.  I expect the other ports are getting hammered,
but that stops at the firewall and I don't ever see it.


More information about the SunHELP mailing list