|
|
|
|
|
Security News Bites Short Items of Interest on Sun Security July 27, 2009, Volume 137, Issue 5 Using One Instance of OpenSSO to Secure Web Services
Configure and test secure web services communications using just one instance of OpenSSO by following Michael Teger's outlined example. Procedures are given to achieve message security by using an instance of OpenSSO that communicates with a security agent deployed on both the WSC and WSP sides. The agent profiles for the deployment are configured using OpenSSO. Recent OpenSSO Extensions
OpenSSO Extensions is an incubator for modules that build on the access control, single sign-on and federation technology in OpenSSO. Sun Principal Engineer Pat Patterson lists three recently added OpenSSO extensions:
Read more about them and visit the OpenSSO Extensions page to learn more. Scripts for Encrypted File System / Scratch Space
Sun Distinguished Engineer Glenn Brunette presents a new set of scripts that enables the creation of an encrypted file system that is intended to be used as scratch space. He explains that these scripts use an SMF service, called isc-encrypted-scratch, that (if enabled) will automatically create encrypted scratch space for the global zone as well as any non-global zones on the system (by default). The creation of encrypted scratch space is configurable allowing users to specify which zones (including the global zone) can have one. Users can specify which ZFS file system can be used as the home directory for the scratch space hierarchy. Using SMF properties and standard SMF service configuration methods, users can also specify the size of the encrypted scratch space. Wanted: Solaris Security Aficionados
Help develop and improve the recommendations and settings in the Solaris 10 Benchmark by getting involved in the Center for Internet Security (CIS) Benchmarks and Tools. Brunette offers this invite as CIS is beginning work to update the Solaris 10 security benchmark and integrate recommendations found in the DISA UNIX STIG (Security Technical Implementation Guide) and associated checklist. Plus, the benchmark needs to be updated for the Solaris 10 05/2009 (Update 7). The Solaris 10 Benchmark currently supports Solaris 10 11/08 (Update 4). Kernel SSL Proxy (KSSL) Project
The KSSL project is a relatively new one on opensolaris.org. "To me, KSSL is one of the unique projects in the (Open)Solaris security land in a sense it is tightly integrated into the system and is a consumer of several major subsystems (networking, crypto framework) which makes it interesting for study and also for extending it in creative ways," writes Vlad on his Czech Techie's Adventures blog. "We will start adding more content to the pages, including design documentation and description of KSSL internals. Also, this marks major milestone in a way how KSSL team does its job. From now on all non-confidential discussions, reviews etc. will happen in the open. Feel free to join the project and participate if you're interested!" Solaris Security Demonstrations
Three flash-based demonstrations that Christoph Schuba has been presenting at at Sun's Technology Developer Conferences (TechDays) are available. These include:
|
|
|||||||||||||||||||||||||
Print
Email
Security News Bites
(this article)|
News and Solutions for Users of Solaris, Java and Oracle's Sun hardware products
Just the news you need, none of what you don't – 42,000+ Members – 24,000+ Articles Published since 1998 |
Copyright © 1998-2011 System News, Inc.
