System News
back1 2 3 4 5 6 7 8 9 10 11 next
Archived Security Articles
29 Apr 2014
open to premium members only
Solaris Verified Boot Introduction [36167]
By Dan Anderson

Dan writes, "Verified Boot here refers to verification of object modules before execution using digial signatures. If enabled, Solaris Verified Boot checks the factory-signed signature in a kernel module before loading and executing the module. This is to detect accidental or malicious modification of a module. The action taken is configurable and, when enabled, will either print a warning message and continue loading and executing the module or will fail and not load and execute the module..."
(Get More Information . .)

29 Apr 2014
open to premium members only
Oracle Solaris 11.2 Authenticated Rights Profiles [36168]
By Glenn Faden

Glenn writes, "Roles are implemented in Oracle Solaris as shared accounts, which require authentication prior to use. When an authorized user successfully assumes a role, the actions of the role are attributed to the user in the audit trail, but the user's authorizations, rights profiles, and home directory are replaced by those of the role. Alternatively, administrative rights profiles can be assigned directly to users, so that they don't need to assume roles. Such users can enable profile-based execution by starting a profile shell, e.g pfbash, which sets the process flag PRIV_PFEXEC. While this is more convenient, it presents the risk that users may not realize they are using their rights, or that someone else could abuse those rights if they leave their terminal unlocked..."
(Get More Information . .)

10 Apr 2014
open to premium members only
Oracle Mobile Authenticator [35722]
A new component of Oracle Access Management Suite

As digital security risk continues to grow, the need for organizations to authenticate user identities using 2-factor strong authentication, before providing employees and customers access to sensitive information, is crucial. However, the cost of providing secure authentication methods beyond a password have historically been prohibitive, and most users have bristled at the idea of carrying around a token or card to validate their identity.

To address these challenges, Oracle is introducing Oracle Mobile Authenticator, a new component of Oracle Access Management Suite. With this solution, an employee's or consumer's personal phone or tablet can be turned into a second factor authentication device, eliminating the complexity associated with supplying, maintaining and revalidating security devices such as tokens or smart cards. This provides a more cost effective approach to securing consumer access for companies looking to secure their customers and employees from fraud.
(Get More Information . .)

10 Apr 2014
open to premium members only
Oracle Enhances Oracle Identity Management Platform to Secure the Extended Enterprise [35723]
New Features Enable Customers to Consistently and Securely Deploy Enterprise, Cloud and Mobile Environments While Helping Reduce Total Cost of Ownership

As organizations increasingly adopt cloud and mobile applications, user identities are proliferating and becoming unmanageable. This causes organizations to struggle to embrace new business opportunities while keeping their corporate user information and data secure. Enterprises often end up adopting separate solutions for enterprise applications, cloud applications and mobile device management - with increased cost, complexity and risk. Instead, what companies need is a complete and integrated identity management platform that can help ensure the security of their data, regardless of where it is accessed, or through which kind of device. With the latest updates to the Oracle Identity Management platform, Oracle is providing organizations with new and enhanced features to further secure enterprise, cloud and mobile applications. Oracle refers to this expanding technology perimeter as the Extended Enterprise, which includes employees, customers, contractors, partners and their respective devices and applications that reside within the enterprise or in public or private clouds.
(Get More Information . .)

31 Mar 2014
open to premium members only
Enhanced Oracle Solaris Cluster Security Framework [35609]
By Krishna K Murthy

"Besides providing high availability (HA) & reliability to the applications, Oracle Solaris Cluster data services (agents) strive to provide a very secure HA environment by leveraging some of the salient security features implanted in the Oracle Solaris Cluster software. Oracle Solaris Cluster Resource Group Manager (RGM) callback methods such as Start, Stop or Validate execute with a high level of privilege and must be protected against modification by a non-privileged user. These callback methods in turn might execute application programs that often do not require elevated privilege. If an application program is to be executed with elevated privilege, it must similarly be protected against modification by an unprivileged user..."
(Get More Information . .)

29 Mar 2014
open to premium members only
Oracle Solaris 11.1 Gets Common Criteria Certification [35598]
EAL4+ under the Canadian Common Criteria Scheme (CCCS)

The Oracle Solaris 11.1 operating system achieved a Common Criteria certification on March 18, 2014 at EAL4+ under the Canadian Common Criteria Scheme (CCCS) conformant to the BSI Operating System Protection Profile v2.0 2010-06-01 with the following 4 extended packages.

  • Advanced Management v2.0, 2010-05-28
  • Extended identification & Authentication v2.0, 2010-05-28
  • Labeled Security v2.0, 2010-05-28
  • Virtualization v2.0, 2010-05-28

The evaluation is summarized in the list of certified products.
(Get More Information . .)

 
back1 2 3 4 5 6 7 8 9 10 11 next









News and Solutions for Users of Solaris, Java and Oracle's Sun hardware products
30,000+ Members – 30,000+ Articles Published since 1998