Certifiably Secure: Sun Solaris Security Administrator
As one of a handful of operating system oriented security certifications around, the Sun Solaris Security Administrator is worth a look—especially for those interested in working around Sun servers and so forth, but also as a point of comparison with the Microsoft MCSA and MCSE security specializations.
Interestingly, the Sun Solaris Security Administrator does not require candidates to first obtain either of the other Solaris certifications—namely the Sun Certified Systems Administrator for the Solaris OS or the Sun Certified Network Administrator for the Solaris OS. But it does recommend that candidates have previous Solaris system and network administration certification. Given the scope and coverage of the exam objectives, obtaining the other two certs first certainly seems like a good idea.
Earning the Sun Solaris Security Administrator requires taking and passing only a single exam: CX-310-301 (listed on Prometric’s site at 310-301). The exam costs $150, lasts for 90 minutes, presents 60 questions, and requires a 60% score or better (36 questions correct) to pass. Question types include multiple choice, drag and drop, and item matching.
The exam objectives are broken into 6 areas:
- General Security Concepts: security architectures, the security life cycle, basic concepts of unsecure systems, user trust, threat, and risk, AAA (accountability/audit, authentication, and authorization), privacy, confidentiality, integrity, and non-repudiation. Security evaluation standards, and social engineering techniques.
- Detection and Device Management: monitoring and auditing of processes, events and logs. How to work with and centralize logins, and work with logging facilities. Auditing, audit trails and analysis using relevant commands. Working with and configuring device management components.
- Security Attacks: identifying, understanding, and mitigating/defeating denial of service, distributed denial of service, Trojan horse, buffer overflow, backdoor, rootkit, loadable kernel modules, and other types or techniques for attack. Use commands, Solaris Fingerprint database, and other tools to detect attacks.
- File and System Resources Protection: manage accounts, passwords, resources, access controls, and so forth to protect files and systems. Includes user and account management, account lockout, pluggable authentication modules, Kerberos, role-based access controls, and ACLs.
- Host and Network Prevention: working with network security elements including firewalls, IPSec, network intrusion and detection, hardening network services, and the Solaris Security Toolkit (SST).
- Network Connection Access, Authentication and Encryption: Work with TCP wrappers, understand public and secret key encryption techniques (including hashing, encryption, server and client authentication), and working with Solaris Secure Shell.
It’s a tightly focused, hands-on, operationally oriented exam (and credential) that differs from the Microsoft specializations in requiring less compulsory system knowledge, but in demanding more mastery of practical security best practices, procedures, tools, and utilities.