Hardening Guidelines - Sun Solaris 8, Red Hat Enterprise AS 3.0, SuSE Enterprise 8.0, VMWare ESX 2.1, AIX 5.1/5.2L

["Rosado, Rafael (Rafael)" <rarosado () lucent com>]

All, 

I am developing hardening guides for different Unix and Linux OSs (including
VMWare ESX under which the Service Console runs under a hardened version of
Red Hat 7.2).

I want to corroborate these hardening guides I am developing with industry
best practices.  I currently have available those docs developed by SANS,
NIST, and the vendors themselves (Sun, VMWare, Red Hat and IBM) and others
(Armoring Sun Solaris, etc.). 

Do any of you have good links for additional hardening information?  Your
recommendations are truly appreciated.

Rafael Rosado

-----Original Message-----
From: Rosado, Rafael (Rafael) [mailto:rarosado () lucent com] 
Sent: Tuesday, March 30, 2004 8:36 AM
To: cisspforum () yahoogroups com
Cc: carringa () sympatico ca
Subject: RE: [cisspforum] 802.1X/WPA/802.11i WLANs (SECOND POSTING)

Andre,

I would if I could only get others that are currently upgrading their
802.11b WLAN models to 802.1X/802.11i (WPA + AES) to respond (that is why I
am sending this second post to the mailing lists).  Either other folks are
implementing 802.1X/802.11i and not wanting to share experiences, or not
upgrading at all.  Most people would like to hear what others are doing,
however, very reluctant to share information about what they are doing
themselves.

I am really interested in hearing from individuals that either have the
experience of implementing 802.1X/802.11i (not 802.11b) or individuals that
are currently in the process of implementing/upgrading to 802.1X/802.11i.
There is plenty of information about how 802.1X works (and how 802.11i is
supposed to work since it is not a ratified standard yet), but not enough
information available on successful implementations of these (or at least
not enough that people are willing to share).

I look forward to other implementers experiences and also in sharing with
them our experiences (on a one-on-one basis) offline.  

Rafael Rosado, CISSP, CISA
Network Security Manager
Lucent Technologies
IT Infrastructure - Network Design
2400 SW 145th Avenue
Miramar, Florida 33027
Office: 954-885-2176
Facsimile: 954-885-3861
Email: rarosado () lucent com 

This electronic mail message contains information belonging to Lucent
Technologies, which may be confidential and/or legal privileged. The
information is intended only for the use of the individual or entity named
above. If you are not the intended recipient, you are hereby notified that
any disclosure, printing, copying, distribution, or the taking of any action
in reliance on the contents of this electronically mailed information is
strictly prohibited. If you receive this message in error, please
immediately notify us by electronic mail and delete this message.

-----Original Message-----
From: Andre Carrington [mailto:carringa () sympatico ca]
Sent: Tuesday, March 30, 2004 8:11 AM
To: cisspforum () yahoogroups com
Subject: Re: [cisspforum] 802.1X/WPA/802.11i WLANs (SECOND POSTING)

Rafael, I (and surely the rest of the group) would be interested in hearing
the experiences of those using/testing 802.1X / WPA.  Can you summarize the
responses anonymously or pseudonymously once received? 
 Thanks in advance.

Rosado, Rafael (Rafael) wrote:

> All,
>
> If any of you have implemented an 802.1X-based Wireless LAN (based on 
> the WiFi Alliance Security Model - WiFi Protected Access or WPA) or in 
> the planning phases of doing so, I would like to speak with you.  I am 
> also interested in talking with those of you that are integrating your 
> WLAN models with seamless roaming for 3G based devices (cellular, 
> Wireless PDAs, etc. over UMTS/CDMA2000) via Mobile IP.
>
> Please respond directly to me at your earliest convenience.
>
> Thanks in advance,
>
> Rafael Rosado, CISSP, CISA
> IT Security Manager
> Lucent Technologies
> IT Infrastructure - Network Design
> 2400 SW 145th Avenue
> Miramar, Florida 33027
> Office: 954-885-2176
> Facsimile: 954-885-3861
> Email: rarosado () lucent com
>
> This electronic mail message contains information belonging to Lucent 
> Technologies, which may be confidential and/or legal privileged. The 
> information is intended only for the use of the individual or entity 
> named above. If you are not the intended recipient, you are hereby 
> notified that any disclosure, printing, copying, distribution, or the 
> taking of any action in reliance on the contents of this electronically 
> mailed information is strictly prohibited. If you receive this message 
> in error, please immediately notify us by electronic mail and delete 
> this
message.
> [Non-text portions of this message have been removed]
>
>
>
> ******************
> To UNSUBSCRIBE, go to the CISSP Services Page
(https://www.isc2.org/cgi-bin/cissp_forum.cgi).  Do not send unsubscribe
messages to the CISSP Forum! 
> Yahoo! Groups Links
>
>
>
>
>
>
>  




******************
To UNSUBSCRIBE, go to the CISSP Services Page
(https://www.isc2.org/cgi-bin/cissp_forum.cgi).  Do not send unsubscribe
messages to the CISSP Forum! 
Yahoo! Groups Links



 


******************
To UNSUBSCRIBE, go to the CISSP Services Page
(https://www.isc2.org/cgi-bin/cissp_forum.cgi).  Do not send unsubscribe
messages to the CISSP Forum! 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
     http://groups.yahoo.com/group/cisspforum/

<*> To unsubscribe from this group, send an email to:
     cisspforum-unsubscribe () yahoogroups com

<*> Your use of Yahoo! Groups is subject to:
     http://docs.yahoo.com/info/terms/
 

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------