Using solaris 10 as an example, we see in this section that the collection of securityrelated mechanisms in a modern. I am not a solaris system administrator, but i read hack proofing sun solaris 8 hpss8 to learn more about securing solaris systems. This category only includes cookies that ensures basic functionalities and security features of the website. Oracle hardware systems and software in silicon provide the antimalware trust anchors. Trust modeling for security architecture development december 2002.
The auditconfig command is used to view information about audit policy and to change audit policy. Sun blueprint program was at least partially a reaction to ibm red books program but it. Ipsec includes aesccm and aesgcm modes and is now capable of protecting network traffic for the trusted extensions feature of oracle solaris trusted extensions. In this overview, get up to date on the features you should know about in the latest releases of ibm aix, hewlettpackards hpux and oracles solaris.
The unisys os 2200 operating system includes an implementation of the dod orange book b1, labeled security protection level specification. Trusted solaris 8 was a security focused version of the solaris unix operating system. The book describes strategies to make installations protected and how one can configure the os to the precise needs of your setting, whether or not or not your methods are on the sting of the net or working a data center. Getting familiar with some of the new features of solaris. Solaris trusted extensions is an opensolaris project. Solaris trusted extensions a redesign of the trusted solaris product using a layered architecture. One of problems in computer security is the validation of binaries. The term rainbow series comes from the fact that each book is a different color. Conclusion cost is the main concern with any kind of printed security feature. Being an enhanced version of the oracle solaris operating system, trusted solaris offered special security features that enabled an organization to define and implement a set of rules and practices a security policy helping protect both information and hardware on a single workstation or on a network of workstations running oracle solaris.
The tcsec has been superseded by the new er and more internationally. Security feature changes transitioning from oracle solaris. Ipsec includes aesccm and aesgcm modes and is now capable of protecting network traffic for the trusted extensions. Solaris 10 security essentials describes the various security technologies contained in the solaris operating system. This popular operating system allows you to choose the features that fit the unique needs of your business. Trusted solaris 8 401 security target evaluation in confidence. Secure by default, smf, privileges, zfs, zones, trusted extensions, and more. The oracle solaris os is designed to deliver a consistent platform to run your enterprise applications. Synthesis lectures on information security, privacy, and trust. Getting familiar with some of the new features of solaris 10. Solaris trusted extensions is a set of security extensions incorporated in the solaris 10 operating system by sun microsystems, featuring a mandatory access control model. Solaris, hpux and aix, including management and security tools available on these systems. It succeeds trusted solaris, a family of security evaluated operating systems based on earlier versions of solaris.
Other trusted solaris environment features 92 lock 92 exit 92 occupy workspace commands 93 5. Understanding and using trusted extensions in oracle. For instance, use of the pencil required evolution to include an eraser for undoing its mistakes or unintended meaning. But you can check it, when you boot the system from a trusted media like a original. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. Necessary cookies are absolutely essential for the website to function properly. Solaris 10 security essentials oracle solaris system. The orange book choosing solaris 8 c2 security configuring auditing managing the audit log understanding auditing classifications configuring auditing extracting and analyzing auditing data choosing trusted solaris 8 using trusted solaris 8s b1level security understanding the concept of mandatory access control administrative labels auditing.
Recently, the importance of ensuring such security has become a mainstream issue. Oracle solaris is the trusted business platform that you depend on. Trusted solaris how is trusted solaris abbreviated. Now, you can custombuild your own server security system with solaris 9. Provides an overview of oracle solaris security features and the guidelines for using those features to harden and protect an installed system and its applications. Softpanorama slightly skeptical sun solaris hardening page. Part of the hack proofing series, this book gives system administrators the information they need to fortify their operating system against the neverending threat of hackers. Trusted extensions enable oracle solaris users to define rules and practices that enable special security features that help protect information and resources. Trusted security information exchange for restricted environments. For example, the oracle solaris os provides eeprom protection, password requirements and strong password algorithms, system protection by locking out a user, and protection from keyboard shutdown. The security and audit features of the operating system often provide the tools to monitor and control security exposures. Providing handson information written by both security professionals and selfproclaimed hackers, this book will give system administrators the edge they need to fortify their sun solaris operating system against the neverending. Hundreds of thousands of business enterprises, large and small, depend on sun solaris to keep their business alive but have they protected themselves against hackers. Successfully configuring trusted extensions on a system in a way that is consistent with site security requires understanding the security features of trusted.
Logicacmg clef lfl, logicacmg uk limited, chaucer house, the office park, leatherhead. Trusted extensions is a powerful security technology of oracle solaris. Sun is today expected to outline security features in solaris 10, both new and cribbed from trusted. Solaris 10 security essentials covers all of the security features and technolo. The authors provide useful explanations of trusted solaris, with enhancements like role based access control and mandatory access control. There is more work for administrators in creating accounts, managing labels and roles, and helping users with the security features. A set of labelaware services which implement multilevel security. Solaris security toolkit customization oracle solaris blog. Internet key exchange ike and ipsec ike now includes more diffiehellman groups and can also use elliptic curve cryptography ecc groups.
He is the author of a series of books on oracle technology, the most recent. The following network security components are supported in this release. Is this the original binary or is it a counterfeit binary. The least privilege model evolved from suns experiences with trusted solaris and the tighter security model used there.
Trusted solaris users guide university of colorado. For details, see installing or upgrading the solaris os for trusted extensions. This book is the work of the engineers, architects, and writers at sun microsystems who conceptualized the services, wrote the procedures, and coded the solaris oss security features. Since the 1960s, operating systems designers have explored how to build secure operating systems operating systems whose mechanisms protect the system against a motivated adversary. Trusted solaris is a discontinued securityevaluated operating system based on solaris by sun microsystems, featuring a mandatory access control model. This book is written in simple, easytounderstand format with lots of screenshots and stepbystep explanations. In the solaris 10 1106 update a new component called solaris trusted extensions was introduced, making it no longer necessary to have a different release with a modified kernel for labeled security environments. In this article, jonathan sinclair points out some of them. Solaris corporation security service security service. This is an uptodate listing of technical videos i have been involved in, one way or another, in the seven years ive been working with solaris, illumos, smartos, and related people, technologies, and companies. While linux is a commonly chosen system for implementing research ideas securityrelated and otherwise solaris 10 has a very impressive outofthebox security repertoire amongst general purpose operating systems.
No reboot is required when disabling or enabling this service. It is imperative that they are implemented according to the security policy of the organization. This software may be installed during a unattended solaris jumpstart install, or installed after solaris is installed and booted. I am being told that a project etcproject will not bind to the user because of a solaris bug.
Oracle solaris 10 1 reference manual documentation this library shelf contains the complete set of manual pages for the oracle solaris 10 1 operating system. The changes in the solaris 10 release 0509 trusted extensions comprise bug fixes which are delivered in the form of patches. The oracle solaris dtrace feature revolutionizes the way you debug operating systems and applications. To make use of solaris role based access control you can use any out of the box version since solaris 8, although to make use of finegrained privileges youd need either trusted solaris 8, solaris 10, or more recent, such as solaris express. Evaluation in confidence trusted solaris 8 401 security target admin. Since the 1960s, operating systems designers have explored how to buildsecure operating systems operating systems whose mechanisms protect the system against a motivated adversary. Each zone is a separate and isolated process space. Solaris 10 security deep dive a dive into new features including. Admins unwilling to deploy trusted solaris can experiment with the sunscreen basic security module bsm, which raises a default solaris 8 installation to the c2 security level.
Getting familiar with some of the new features of solaris 10 by jonathan sinclair in enterprise software on september 18, 2006, 12. While trusted solaris 8 found an almost exclusive home in defence and intelligence environments, changes in legislation and configuration mean that trusted extensions is far more applicable to todays academic and commercial world. An update on oracle solaris and sparc infrastructure. Solaris next security deep dive solaris future project outlines. Within trusted extensions, i would guess that automatically creating a zone violates the governance policies youre trying to enforce in a tx environment.
Trusted extensions uses the same security features that the solaris os provides, and adds some features. For security reasons, some of the options that are available for solaris installation must not be chosen. Trusted extensions is a powerful security technology of oracle solaris that allows you to create a multilevel labeled security environment in which users with different access permissions can work simultaneously with data that has different access controls, thus enabling you to enforce strict access controls for your data based on both data sensitivity and data ownership. The solaris security toolkit provides a flexible way to harden a solaris system, making it more secure from malicious attack. Tcr watters 2229985 blind folio ii about the author paul a. A critical security feature of any technology is the ability to turn it off, undo it, deactivate it, or otherwise separate the harm it might cause from those it might harm. The rainbow series is sixfoot tall stack of books on evaluating trusted computer systems according to the national security agency. When sun upgraded solaris to version 10, it incorporated about 85 percent of the security features in trusted solaris. Is there a solaris 10 bug with trusted extensions with binding to a project. This is solaris 10 32bit intel and oracle ee 10grel2. Hpss8 addresses a wide variety of solaris security issues, and is suitable for beginning and intermediate system administrators. This security target documents the security characteristics of the solaris 10 509 trusted extensions operating system. Configurable solaris security features trusted extensions uses the same security features that the solaris os provides, and adds some features. Solaris 10 509 trusted extensions is an optionally enabled layer of the solaris 10 509 operating system that provides security labeling technology allowing data security policies to be separated from data ownership.
Happily, basic security features can be added for little or no cost. Furthermore, the cost of special security features is decreasing, so they are becoming easier to sell. Trusted solaris 8 401 oe obtains marketplace first in. Sun is today expected to outline security features in solaris 10. An overview of oracle solaris 10 security controls 1 introduction the purpose of this document is to extend upon the foundation of security recommendations. Solaris already sets the standard for operating system security, but users who require multiple levels of security can turn to trusted solaris 8 oe, which provides the highest level of security in the marketplace, said andy ingram, vice president of marketing, solaris. Configurable oracle solaris security features trusted. Trusted extensions administration openindiana docs. Hack proofing sun solaris 8 is the latest addition to the popular hack proofing series from syngress publishing. These authors bring a vast range of industry and academic experience to the business of creating and deploying secure operating systems. These cookies do not store any personal information.
Auditing auditing is a now a service and is enabled by default. Operating systems provide the fundamental mechanisms for securing computer processing. Jumpstart software the feature in solaris that allows access to solaris. The solaris 10 os least privileged model conveniently enables normal users to do things like mount file systems, start daemon processes that bind to lower numbered ports, and change the ownership of files. Trusted solaris lives on, despite convergence, says sun sun will also support customers in heterogeneous environments including solaris os and trusted solaris, the solaris x86 platform edition, suse linux enterprise server 8, as well as other sun supported linux offerings. You cannot initialize a process in any solaris zone and have run the process elsewhere. However, if a system design does not aim for achieving the secure operating system requirements, then its security features fail to protect the system in a myriad of ways. Trusted solaris has a different operating system kernel than the more widely used solaris 10, though the two are similar. Oracle solaris 11 introduces the following key security changes. It succeeds trusted solaris, a family of securityevaluated operating systems based on earlier versions of solaris. Solaris corporation security service in andheri east, mumbai. Overall, the usability of trusted solaris 8 seemed quite good.
Chapter 4 security requirements on a trusted extensions. This category includes articles about security focused operating systems, operating system features that provide application security and security focused libraries. Chapter10 security requirements on a trusted extensions. Subcategories this category has the following 2 subcategories, out of 2 total. If you are a solaris administrator looking for a stepbystep guide to understand the new features and functionality of oracle solaris. Com has been the premier brand name laptop, desktop and workstation value added reseller and service provider of most major brands such as lenovo thinkpad, lenovo thinkcentre, asus, acer, samsung, toshiba and more in southern california. We also study systems that have been retrofit with secure operating system features after. The solaris trusted extensions project is a reimplementation of trusted solaris 8 based on new security features in solaris 10. The latest features in aix, hpux and solaris each of the major unix versions have been updated with useful new features recently. According to my admin people solaris told my company this when. May 08, 2009 solaris 10 with trusted extensions security audit events short descript 807559 may 8, 2009 9. The oracle solaris 11 operating system os gives you consistent compatibility, is simple to use and is designed to always be secure. Sep 18, 2006 solaris 10 is the latest version of suns venerable flavor of unix.
Understanding and using trusted extensions in oracle solaris 11. For this talk, well be using solaris syntax however, the same steps can and should be applied to any unixlike os pointers to specific instructions for many different os types at the end of the course. Installing trusted extensions software means installing packages on a solaris system. I am a senior engineer for network security operations. The book describes how to make installations secure and how to configure the os to the particular needs of your environment, whether your systems are on the edge of the internet or running a data center. Trusted operating system tos generally refers to an operating system that provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements the most common set of criteria for trusted operating system design is the common criteria combined with the security functional requirements sfrs for labeled security. Sun executives have said several times that security features from trusted solaris, a hardened version of suns os used by the military, governments and some enterprises, will be added to its. Download solaris 10 security essentials oracle solaris.
Configurable oracle solaris security features oracle. The following network security features are supported. Operating system security synthesis lectures on information. It has been renamed because it will be delivered as an optional set of extensions to solaris. Solaris trusted extensions is a set of security extensions incorporated in the solaris 10 operating system by sun microsystems, featuring a mandatory access. Is available in pdf format in the installation directory optvirtualbox. Newest solaris questions information security stack exchange. Security feature changes transitioning from oracle. Oracle solaris combines the power of industry standard security features, unique security and antimalware capabilities, and compliance management tools for low risk application deployments and cloud infrastructure. Solaris 10 trusted extensions and zones oracle community. D, is a senior lecturer in the department of computing at macquarie.