sign in sign up
<<
Home , Sun Microsystems, Unix

Solaris™ 10 Operating

System and Security Advanced Features Enable Secure Systems < Security is built in, not bolted on Security is than a mix of technologies — it’tag">s an ongoing discipline. Sun, we’re reinforcing our more than 20-year commitment to building security into the Solaris™ with the release of the Solaris 10 OS — our security-enabled OS yet.

File integrity In addition, the Solaris 10 OS offers an extensive System administrators can detect possible system event audit-trail facility. Access to files, attacks on their systems by monitoring for devices, roles, system services, and applications changes to information. In the Solaris 10 are recorded. This audit trail is exportable into OS, binaries are digitally signed, so adminis- an open XML or can be automatically trators can track changes easily. All patches transported to another system. or enhancements are embedded with digital signatures, eliminating the false positives Network service protection Highlights associated with upgrading or patching file The Solaris 10 OS provides protection against integrity-checking . The Solaris 10 inappropriate use of network resources through • Verifies the integrity of your system OS also provides the Basic Audit and Reporting its Secure By Default networking configuration, using file verification features Tool (BART) for integrity checking of customer disables many unused network services • Reduces risk by granting only the files. In addition, the Solaris Fingerprint Data- to reduce exposure to attack. With Secure by privileges needed using and base project, hosted by Sun on the SunSolveSM Default, an administrator can enable or disable Rights Management Web site, provides free online file integrity individual network services or change how • Defends your system against attack verification utilities for many generations of they listen for network connections. through the Secure By Default the Solaris OS. networking profile, Solaris IP Firewall, and TCP Wrappers. The Solaris 10 OS also ships with Solaris IP User and Process Rights Management Filter Firewall software preinstalled. This • Simplifies administration by integrated firewall can reduce the number using open, standards-based Hackers often attempt to exploit root accounts Solaris Cryptographic and Solaris because those accounts are empowered with of network services that are exposed to attack Key Management frameworks for complete access to ® systems. The Solaris and provides protection against maliciously encryption 10 OS offers unique User and Process Rights crafted networking packets. Starting with the • Controls access to data based Management technology to reduce risks by Solaris 10 OS 8/07, the Solaris IP Filter Firewall on its sensitivity through Solaris granting users and applications only the can also filter traffic flowing between Solaris Trusted Extensions labeled minimum capabilities needed to perform their Containers when it’s configured in the Global security technology duties. Unlike other solutions, the Solaris 10 Zone. In addition, TCP Wrappers are integrated • Evaluated against some of the OS requires no application changes to take into the Solaris 10 OS, limiting access to most stringent independent advantage of these security enhancements. service-based allowed domains or partner sites. testing profiles available

Solaris applications, running on 64-bit SPARC®, Cryptographic services and AMD™, and processors, also are automati- encrypted communication cally protected from a form of intrusion known For high-performance, systemwide crypto- as “stack smashing” by a nonexecutable stack graphic routines, the Solaris Cryptographic feature. No application changes or performance Framework adds a standards-based, common degradation are required. API that provides a single point of adminis- tration for cryptographic routines and digital 2 Solaris™ 10 Operating System and Security sun.com/solaris

certificate lifecycle management. The Solaris client-side authentication and Key Management Framework provides a single enhancements enable enterprise-wide, secure, Learn More set of administrative commands for digital standards-based access to your servers and For more information about Solaris 10 OS certificate creation requests, manipulation, applications. To enable easier integration with security, the Solaris Security Learning and loading. These pluggable frameworks existing environments, the Solaris 10 OS provides Center at sun.com/solaris/secure/. balance loads across hardware accelerators NIS and NIS+ to LDAP gateways. All Solaris User and software implementations, increasing and Process Rights Management information The Solaris Trusted Extensions data sheet encrypted network traffic throughput. They’re can also be stored and managed centrally using is available at sun.com/software/solaris/ available to applications written to use the LDAP-based software. ds/trusted_extensions.jsp. And the Solaris PKCS #11, Sun ™ Enterprise System (NSS), Security Toolkit can be found at sun.com/ OpenSSL, and Java Crypto-graphic Extension . System-specific userIDs now have strong pass- blueprints/tools/. word encryption options, including MD5 and The Solaris 10 OS also provides protection Blowfish, as well as account lockout, against theft of sensitive material by encrypting and complexity checking, long password communications using Solaris IPsec/IKE format, and a banned list. according to a site-defined security profile. and Solaris Secure protocols. Solaris The toolkit also includes an audit mechanism IPsec/IKE complies with industry standards to Repeatable security hardening to compare a running system configuration provide data encryption between two or more and monitoring against a site-specified hardening profile. systems over the network, without any appli- New features in the Solaris 10 OS it easier cation modification. The Solaris Secure Shell than ever to minimize and harden a system. The , labeling, protocol is a specific set of utilities modified Reduced Networking Metacluster option and security certification to allow for encrypted remote access and file creates a minimized Solaris OS image, ready for Solaris Trusted Extensions solve the problem transfer between two systems. administrators to add functionality and services of controlling access to sensitive data by imple- in direct support of their system’s purpose. menting sensitivity labels for access control to Flexible enterprise authentication files, printers, networks, windows, applications, The Solaris 10 OS delivers a number of flexible And the Secure By Default networking configu- and devices. Solaris Trusted Extensions is the authentication features, including support for ration disables many unused network services, only labeled OS feature to support full enter- the Pluggable Authentication Mechanism (PAM), while configuring all other services for local prise-class solutions, giving customers multi- which makes it possible to add authentication system-only communications. The Solaris Service level desktops through the GNOME-based Java services to the OS dynamically. Sun and third- Manager can be used to control exactly which Desktop System or CDE, simple deployment, party vendors provide many PAM modules and services run, can manage those services, and centralized userID management. customers can create their own to meet specific and what privileges those services run with. security needs. The Solaris 10 OS 11/06 is currently in evaluation What’s more, the freely available Solaris Security at EAL4+, one of the highest level of Common The Solaris Kerberos Service delivers Kerberos- Toolkit assists in the process of installing and Criteria Certification, with three Protection enabled remote applications such as rsh, rcp, maintaining a minimized and hardened oper- Profiles: Labeled Security Protection Profile , Solaris Secure Shell, and NFS file sharing. ating system security configuration. The toolkit (LSPP), Controlled Access Protection Profile Kerberos-based protocols allow for standards- integrates with the Solaris ™ installa- (CAPP), and Role-Based Access Control Protection based enterprise single sign-on (SSO), autho- tion process for repeatable secure installations, Profile (RBACPP). In addition, Solaris 10 OS 3/05 rization, and encrypted communication. or it can be used to harden an existing system has completed evaluation at EAL4+ with CAPP Lightweight Directory Access Protocol (LDAP) and RBACPP.

Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 USA Phone 1-650-960-1300 or 1-800-555-9SUN Web sun.com © 2007 © 2007 , Inc. All rights reserved. Sun, Sun Microsystems, the Sun logo, Solaris, SunSolve, Java, JumpStart, and The Network Is The are trademarks or registered trademarks of Sun Microsystems, Inc. in the and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. UNIX is a registered trademark in the United States and other countries, exclusively licensed through X/Open Company, Ltd. AMD and are trademarks or registered trademarks of . Information subject to change without notice. SunWIN#: 420177 Lit.#: SWDS12148-1 09/07