The following is a brief compendium of what we at Auburn Univeristy College of Engineering use to secure our NIS networks. We had a mix of about 65% NIS, 35% NIS+ network before dropping NIS+ due to reliability problems and setting all machines to use NIS. The following is our implementation of securing NIS using various vendor patches and free utilities from around the world.
NIS has a reputation of being extremely insecure. If you implement these steps it will lose most if not all of the reasons for this, and you will retain all the administrative advantages of NIS without the security risks. We use NIS on SunOS4 and on Solaris 2.X machines and are a predominantly Sun shop. All other machines may have slightly different results and implementations. Hopefully others will find this useful, though. Here's a list of reasons why you should follow these steps.
[ Read more ]