System News
back1 2 3 4 5 6 7 8 9 10 11 next
Archived Security Articles
05 May 2014
open to premium members only
Solaris 11.2: Immutable Global Zone [36169]
Read-Only Root Non-Global Zones is marketed as Immutable Zones

Casper Dik writes, "This is blog is a bit more substantial; it requires some knowledge about Solaris Zones, Immutable Zones and Solaris administration in general. It is high-level; in future I'm hoping to get down to the nuts and bolts.

In Solaris 11 we added the Read-Only Root Non-Global Zones, marketed as Immutable Zones; this is a feature that makes a zone tamper-proof.

In an Immutable Zone is configured simply by setting the "file-mac-profile" to one of "strict" (not much writeable), "fixed-configuration" and "flexible-configuration" (configuration is writeable but binaries and such or not). This is all implemented in the kernel based on pathnames and depending on the context; the super-user in the global zone can still update the zone or even modify protected files as long as that is not done from within the zone..."
(Get More Information . .)

05 May 2014
open to premium members only
Solaris 11.2: Immutable Global Zone [36169]
Read-Only Root Non-Global Zones is marketed as Immutable Zones

Casper Dik writes, "This is blog is a bit more substantial; it requires some knowledge about Solaris Zones, Immutable Zones and Solaris administration in general. It is high-level; in future I'm hoping to get down to the nuts and bolts.

In Solaris 11 we added the Read-Only Root Non-Global Zones, marketed as Immutable Zones; this is a feature that makes a zone tamper-proof.

In an Immutable Zone is configured simply by setting the "file-mac-profile" to one of "strict" (not much writeable), "fixed-configuration" and "flexible-configuration" (configuration is writeable but binaries and such or not). This is all implemented in the kernel based on pathnames and depending on the context; the super-user in the global zone can still update the zone or even modify protected files as long as that is not done from within the zone..."
(Get More Information . .)

05 May 2014
open to premium members only
Solaris 11.2: Immutable Global Zone [36169]
Read-Only Root Non-Global Zones is marketed as Immutable Zones

Casper Dik writes, "This is blog is a bit more substantial; it requires some knowledge about Solaris Zones, Immutable Zones and Solaris administration in general. It is high-level; in future I'm hoping to get down to the nuts and bolts.

In Solaris 11 we added the Read-Only Root Non-Global Zones, marketed as Immutable Zones; this is a feature that makes a zone tamper-proof.

In an Immutable Zone is configured simply by setting the "file-mac-profile" to one of "strict" (not much writeable), "fixed-configuration" and "flexible-configuration" (configuration is writeable but binaries and such or not). This is all implemented in the kernel based on pathnames and depending on the context; the super-user in the global zone can still update the zone or even modify protected files as long as that is not done from within the zone..."
(Get More Information . .)

29 Apr 2014
open to premium members only
Solaris Verified Boot Introduction [36167]
By Dan Anderson

Dan writes, "Verified Boot here refers to verification of object modules before execution using digial signatures. If enabled, Solaris Verified Boot checks the factory-signed signature in a kernel module before loading and executing the module. This is to detect accidental or malicious modification of a module. The action taken is configurable and, when enabled, will either print a warning message and continue loading and executing the module or will fail and not load and execute the module..."
(Get More Information . .)

29 Apr 2014
open to premium members only
Oracle Solaris 11.2 Authenticated Rights Profiles [36168]
By Glenn Faden

Glenn writes, "Roles are implemented in Oracle Solaris as shared accounts, which require authentication prior to use. When an authorized user successfully assumes a role, the actions of the role are attributed to the user in the audit trail, but the user's authorizations, rights profiles, and home directory are replaced by those of the role. Alternatively, administrative rights profiles can be assigned directly to users, so that they don't need to assume roles. Such users can enable profile-based execution by starting a profile shell, e.g pfbash, which sets the process flag PRIV_PFEXEC. While this is more convenient, it presents the risk that users may not realize they are using their rights, or that someone else could abuse those rights if they leave their terminal unlocked..."
(Get More Information . .)

10 Apr 2014
open to premium members only
Oracle Mobile Authenticator [35722]
A new component of Oracle Access Management Suite

As digital security risk continues to grow, the need for organizations to authenticate user identities using 2-factor strong authentication, before providing employees and customers access to sensitive information, is crucial. However, the cost of providing secure authentication methods beyond a password have historically been prohibitive, and most users have bristled at the idea of carrying around a token or card to validate their identity.

To address these challenges, Oracle is introducing Oracle Mobile Authenticator, a new component of Oracle Access Management Suite. With this solution, an employee's or consumer's personal phone or tablet can be turned into a second factor authentication device, eliminating the complexity associated with supplying, maintaining and revalidating security devices such as tokens or smart cards. This provides a more cost effective approach to securing consumer access for companies looking to secure their customers and employees from fraud.
(Get More Information . .)

 
back1 2 3 4 5 6 7 8 9 10 11 next









News and Solutions for Users of Solaris, Java and Oracle's Sun hardware products
Just the news you need, none of what you don't – 42,000+ Members – 24,000+ Articles Published since 1998