|
UnixReview.com
June 2007
Elements of Efficient and Secure Service Provisioning with Solaris
by Kristy Westphal
About the time Solaris 10 came out, my friend Pete Ehlke gave me a great idea for an article about how to build a secure server in Solaris 10. We were supposed to write the article together, but for many reasons, it never happened. However, this was such a great idea, I had to revisit it to plant the seed in your head about how this notion might actually work.
Solaris 10 presents the systems administrator with a wealth of significant advances in network performance, manageability, efficient hardware utilization, and security. This article will describe the various elements of Solaris 10 that will help build a server that will take advantage of all these features.
The idea here is to build a minimized, highly secure, high-performance, and highly efficient operating system profile based on Solaris Containers. Then, using the tools described here, you can build a secure, high-performance application-ready (Web or other) server on top of this profile that leverages Role Based Access Controls (RBAC), ipfilter, and the Solaris Process Rights management feature sets to further secure the Container. Lastly, you can consider using auditing and intrusion detection facilities made possible through this architecture, as well as the use of the Basic Auditing and Reporting Tool (BART).
The Individual Elements
Regardless of the software group options that you choose to install Solaris 10, there are many options within the operating system that can be utilized to provide a more efficient and secure system.
JASS, or the Security Toolkit, is a series of scripts that can be used to lock down the original installation of your server.
|
