System News
back5 6 7 8 9 10 11 12 13 14 15 next
Archived Security Articles
05 May 2014
open to premium members only
Solaris 11.2: Immutable Global Zone [36169]
Read-Only Root Non-Global Zones is marketed as Immutable Zones

Casper Dik writes, "This is blog is a bit more substantial; it requires some knowledge about Solaris Zones, Immutable Zones and Solaris administration in general. It is high-level; in future I'm hoping to get down to the nuts and bolts.

In Solaris 11 we added the Read-Only Root Non-Global Zones, marketed as Immutable Zones; this is a feature that makes a zone tamper-proof.

In an Immutable Zone is configured simply by setting the "file-mac-profile" to one of "strict" (not much writeable), "fixed-configuration" and "flexible-configuration" (configuration is writeable but binaries and such or not). This is all implemented in the kernel based on pathnames and depending on the context; the super-user in the global zone can still update the zone or even modify protected files as long as that is not done from within the zone..."
(Get More Information . .)

05 May 2014
open to premium members only
Solaris 11.2: Immutable Global Zone [36169]
Read-Only Root Non-Global Zones is marketed as Immutable Zones

Casper Dik writes, "This is blog is a bit more substantial; it requires some knowledge about Solaris Zones, Immutable Zones and Solaris administration in general. It is high-level; in future I'm hoping to get down to the nuts and bolts.

In Solaris 11 we added the Read-Only Root Non-Global Zones, marketed as Immutable Zones; this is a feature that makes a zone tamper-proof.

In an Immutable Zone is configured simply by setting the "file-mac-profile" to one of "strict" (not much writeable), "fixed-configuration" and "flexible-configuration" (configuration is writeable but binaries and such or not). This is all implemented in the kernel based on pathnames and depending on the context; the super-user in the global zone can still update the zone or even modify protected files as long as that is not done from within the zone..."
(Get More Information . .)

29 Apr 2014
open to premium members only
Solaris Verified Boot Introduction [36167]
By Dan Anderson

Dan writes, "Verified Boot here refers to verification of object modules before execution using digial signatures. If enabled, Solaris Verified Boot checks the factory-signed signature in a kernel module before loading and executing the module. This is to detect accidental or malicious modification of a module. The action taken is configurable and, when enabled, will either print a warning message and continue loading and executing the module or will fail and not load and execute the module..."
(Get More Information . .)

29 Apr 2014
open to premium members only
Oracle Solaris 11.2 Authenticated Rights Profiles [36168]
By Glenn Faden

Glenn writes, "Roles are implemented in Oracle Solaris as shared accounts, which require authentication prior to use. When an authorized user successfully assumes a role, the actions of the role are attributed to the user in the audit trail, but the user's authorizations, rights profiles, and home directory are replaced by those of the role. Alternatively, administrative rights profiles can be assigned directly to users, so that they don't need to assume roles. Such users can enable profile-based execution by starting a profile shell, e.g pfbash, which sets the process flag PRIV_PFEXEC. While this is more convenient, it presents the risk that users may not realize they are using their rights, or that someone else could abuse those rights if they leave their terminal unlocked..."
(Get More Information . .)

10 Apr 2014
open to premium members only
Oracle Mobile Authenticator [35722]
A new component of Oracle Access Management Suite

As digital security risk continues to grow, the need for organizations to authenticate user identities using 2-factor strong authentication, before providing employees and customers access to sensitive information, is crucial. However, the cost of providing secure authentication methods beyond a password have historically been prohibitive, and most users have bristled at the idea of carrying around a token or card to validate their identity.

To address these challenges, Oracle is introducing Oracle Mobile Authenticator, a new component of Oracle Access Management Suite. With this solution, an employee's or consumer's personal phone or tablet can be turned into a second factor authentication device, eliminating the complexity associated with supplying, maintaining and revalidating security devices such as tokens or smart cards. This provides a more cost effective approach to securing consumer access for companies looking to secure their customers and employees from fraud.
(Get More Information . .)

10 Apr 2014
open to premium members only
Oracle Enhances Oracle Identity Management Platform to Secure the Extended Enterprise [35723]
New Features Enable Customers to Consistently and Securely Deploy Enterprise, Cloud and Mobile Environments While Helping Reduce Total Cost of Ownership

As organizations increasingly adopt cloud and mobile applications, user identities are proliferating and becoming unmanageable. This causes organizations to struggle to embrace new business opportunities while keeping their corporate user information and data secure. Enterprises often end up adopting separate solutions for enterprise applications, cloud applications and mobile device management - with increased cost, complexity and risk. Instead, what companies need is a complete and integrated identity management platform that can help ensure the security of their data, regardless of where it is accessed, or through which kind of device. With the latest updates to the Oracle Identity Management platform, Oracle is providing organizations with new and enhanced features to further secure enterprise, cloud and mobile applications. Oracle refers to this expanding technology perimeter as the Extended Enterprise, which includes employees, customers, contractors, partners and their respective devices and applications that reside within the enterprise or in public or private clouds.
(Get More Information . .)

 
back5 6 7 8 9 10 11 12 13 14 15 next









News and Solutions for Users of Solaris, Java and Oracle's Sun hardware products
30,000+ Members – 30,000+ Articles Published since 1998