One approach to security that has become standard practice within the past decade is the deployment of reduced or minimal configurations of Oracle Solaris in the assumption that if software is not installed it cannot be re-enabled or exploited, or at least not easily. Glenn Brunette's blog on the subject includes recommendations for creating such reduced configurations for security reasons and to reduce the management burden and costs associated with instance provisioning, patching, migration, and audit compliance.
(Get More Information . .)
The most recently published CIS benchmark for Solaris 10 was released on July 9, 2010. It addresses the recommended security settings in Solaris 10 11/06 through Solaris 10 10/09.
Security Blanket incorporates the CIS hardening guidelines for Solaris but also allows you to customize your security policy to suit your needs.
For example, you might start with the CIS hardening guidelines for Solaris but choose to alter some parameter values, such as required password length, or eliminate certain guidelines altogether. Once your security profile is defined, Security Blanket assesses any number of operating systems (Solaris as well as others), and reports the compliancy status against the profile.
(Get More Information . .)
Leveraging the built-in security capabilities of the Solaris Operating System, including Solaris ZFS and Solaris Containers, Sun reports some of its open source security tools can help in securing data in transit, data at rest, and data in use in the cloud. Sun also has announced its support for the latest security guidance from the Cloud Security Alliance.
(Get More Information . .)
Sun Distinguished Engineer Glenn Brunette has created a new Solaris 10 Security Deep Dive training mediacast updated for Solaris 10 10/09 or Update 8. Items added to this new version include: ZFS user and group quotas, ZFS pre-defined ACL sets, NTPv4, and nss_ldap shadowAccount support. In addition, there was a bit of cleanup throughout and a new example was added for Trusted Extensions. There is also a recent update to Immutable Service Containers (ISC) for OpenSolaris 2009.06.
(Get More Information . .)
There is a new release of hardened OpenSolaris 2008.11 AMI on Amazon EC2's cloud computing service. It contains Drupal AMI with AMP stack. Installed and pre-configured on this publicly available AMI are Drupal v6.10, Apache v2.2, MySQL v5.0, and PHP v5.2. In his introduction of this release, Sun Distinguished Engineer and Chief Security Architect Glenn Brunette offers two points: 1) no security-relevant changes were necessary to Drupal; and 2) MySQL was modified to not listen on the network for connections.
(Get More Information . .)
News and Solutions for Users of Solaris, Java and Oracle's Sun hardware products
Just the news you need, none of what you don't –
42,000+ Members – 24,000+ Articles Published since 1998
