Today, organizations are focused more than ever on security. More specifically, cyber security.

To help government and businesses protect themselves from the evils of cyber crime, organizations such as the Center for Internet Security (CIS) have worked congruently with academia, private industry, and government to establish best practices for security and to benchmark vendor tools and technologies as to how well they comply with best practices. One of the many types of technology that CIS evaluates is the operating system. Be it physical or virtual, the operating system is the foundation on which all of an organization’s systems reside. You can have all the server hardware and applications in the world, but they aren’t going to be of much use without a foundation on which to run them.

SunTM was heavily involved in the CIS publication of best security practices for Solaris 10. According to one source (1), "this content represents the best and most complete form of Solaris security guidance ever produced."

In addition to Sun and CIS combining efforts to develop these guidelines, both the National Security Agency (NSA) and the Defense Information Systems Agency (DISA) also contributed. Incidentally, DISA publishes their own set of security standards for every operating system used by the Department of Defense (DoD) called the DISA Security Technical Implementation Guidelines (STIGs), which are updated quarterly. Every operational system that is used by the DoD is required to meet the STIGs. These four organizations joined forces to provide Solaris users with a consistent set of security guidelines that any organization can benefit from.

The most recently published CIS benchmark for Solaris 10 was released on July 9, 2010. It addresses the recommended security settings in Solaris 10 11/06 through Solaris 10 10/09. Whether you adopt the CIS guidelines verbatim or use them as a basis for determining the security policy that is right for your organization, you should consider evaluating Security BlanketR, an automated hardening tool from Trusted Computer Solutions (TCS).

Security Blanket incorporates the CIS hardening guidelines for Solaris but also allows you to customize your security policy to suit your needs.

For example, you might start with the CIS hardening guidelines for Solaris but choose to alter some parameter values, such as required password length, or eliminate certain guidelines altogether. Once your security profile is defined, Security Blanket assesses any number of operating systems (Solaris as well as others), and reports the compliancy status against the profile.

An assessment report provides an itemized list of each guideline with an indication of which guidelines passed and which failed. Then, should you elect to bring those servers into compliance with your security profile, you can do so with a single click.

An administration console is provided from which your profiles are managed, assessments and hardening are initiated, servers are grouped, reports generated, etc.

One of the best features is an automatic "undo." If you harden an operating system and something breaks in the process, the "undo" feature lets you revert back to your prior configuration.

If you're a DoD customer, Security Blanket, in addition to CIS and other standards, contains all of the DISA UNIX STIGs and updates them quarterly in accordance with DISA. A variety of reporting options also makes Security Blanket a great tool for producing documentation required by security auditors and managers.

Free Trial

A limited free trial is available at www.TrustedCS.com/SecurityBlanket or you can try a full version of the product by contacting the company directly at 1-866-230-1307.

More Information

(1) Glenn Brunette's Security Weblog

		fullsource
Print Email Current Profile Archive Blog Generate newsletter