Manualshelf

Specifications

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 3 - DEVELOPER TOOLS GUIDE
61626364656667686970
Red Hat Enterprise Linux to Oracle Solaris Porting Guide
63
Chapter 7 Security
Security Interfaces for Developers
For data centers hosting enterprise applications, security is of utmost importance. In most enterprises,
security is considered one of the prime factors for making platform decisions. To build a secure
environment, rather than looking at security as set of commands and features available in operating
systems, it is necessary that the security features be designed into the core of an operating system. Built
over decades, Oracle Solaris provides unmatched enterprise-class features you can depend on to
protect your applications. Oracle Solaris 11 combines multiple security technologiesfrom
networking, cryptographic capabilities, and trusted extensions to process and user rights as well as
unmatched monitoring and auditing capabilities.
Irrespective of the hosting operating system (Linux or Oracle Solaris), to build a secure system, security
administrators follow simple rules:
Ensure physical security.
Deploy stringent access controls.
Simplify administration.
Delegate appropriate (minimal) privileges.
Use Oracle Solaris Trusted Extensions.
Do minimal installs.
Ensure strong defenses.
Physical Security
The first and foremost layer of security you need to take into account is the physical security of the
computer systems. How much physical security you need on a system is dependent on your situation
and other logistics such as using shared labs, shared systems, deployments in a virtualized environment
on a larger server, and so on. The various measures that need to be taken to ensure security involve
things such as securing direct physical access to a machine and the security of connected peripheral and
devices, as well as restricting access to system details such as BIOS passwords, screen-saver settings,
password policies for console login, and so on.
Delegate Minimal PrivilegesOnly as Appropriate
A privilege is a discrete right that can be granted to an application. With a privilege, a process can
perform an operation that would otherwise be prohibited by the operating system. Legacy UNIX
systems follow a superuser-based model. So a typical UNIX application will have checks for UID
(0/root) to test for the availability of specific privileges. This has drastically changed in Oracle
Solaris. Oracle Solaris now implements a least privilege model, which gives a specified process only a
subset of the superuser powers, not full access to all privileges.