Taking Advantage of the Security Features in the Solaris 10 OS

In Part I of his two-part series on \'Practical Security Using Solaris Containers in the Solaris 10 OS\', Glenn Brunette explains the use of the containers and zones available in the SolarisTM 10 Operating System (Solaris OS) to develop what he calls "...an enhanced ability to detect and contain security breaches, limit privilege escalation, and minimize installation of root kits, Trojan horses, and other malware." He focuses on the use of zones to enhance the security of deployed systems and services.

Brunette encourages users to take advantage of the default reduced privileges that the Solaris 10 OS features. The Basic Security Module (BSM) configured from the global zone enables administrators to detect the presence of an intruder who can neither realize his presence is being monitored nor can he see or change the audit system itself, its configuration or its logs. Further, an intruder can not turn off more than the accounting stream within a particular zone rather than more generally.

An additional protection lies in the hacker's inability to install a kernel root kit. With the system in default configuration -- a sparse root configuration -- directory trees are read-only and cannot be modified with the local zone. Trojan horses or variants of sshd cannot, therefore, be installed.

Another reason to limit privileges to no more users than necessary is that hacker damage to those root files that must remain writable is restricted to only those root files in a particular zone. The Solaris 10 Basic Auditing and Reporting Tool (BART) enables administrators to detect and monitor such changes to the system as installation of a run-control script or a service that uses Service Management Facility, modifications to service configuration files, and additions to user lists or changes to passwords. Again, this monitoring can take place without the hacker becoming aware of it.

In summary, Brunette notes the broad scope of security that using the Solaris 10 OS provides, saying, "...the zones security model combined with Solaris 10 capabilities like Solaris auditing and BART do not leave attackers with very much room to conceal the fact that they are on the system. Similarly, resource management controls can also be applied to help prevent individual zones from consuming resources required by other zones or the global zone on the system. This can help mitigate certain types of denial of service attacks. Of course, the success of this model is dependent on customers deploying services in local zones that can leverage the strength of these capabilities and tools." [...read more...]

Keywords:

fullsource

Current

Profile

Archive

Blog

Generate newsletter

Other articles in the Security section of Volume 92, Issue 2:

Taking Advantage of the Security Features in the Solaris 10 OS (this article)
"Introduction to Intrusion Detection With Snort"

See all archived articles in the Security section.

Top 10 Most Popular Articles in Current Issue (Vol 168, Issue 1)
Sun ZFS Storage Appliances Earn Highest Ratings for Enterprise and Midrange NAS Systems SPARC T4 Server Momentum Expands Demand for SPARC System Oracle Sun Ray 3 Series Clients Capture 2011 Good Design Award SPARC T4 Servers Find Favor with Telecommunications Service Providers How to Manage the ZFS Storage Appliance with JavaScript: Three Approaches	Oracle Ships Over 1 Exabyte of Media for StorageTek T10000C Tape Drives Exactly What Is Big Data? Building a Secure Cloud with Identity Management Oracle Secure Global Desktop Allows Simplified, Anywhere, Access to Applications Migrating from SUSE Linux to Oracle Linux 5.5