Solaris 10 info @ Ace's

[Sunner]

Aceshardware frontpage

This part is something I've wanted for a long time now:

"Military grade" security as standard
Sun has Trusted Solaris which features security features such as elimination of root user (use job specific "roles" instead), secure by default and on install, "permissions" system for programs (a bit like Java's "sandbox") as well as plenty of paranoia and basic security features. The basic idea is to make hacks as hard as possible and to greatly limit the scope for damage from any "security compromises" or "disaffected employees". Solaris 10 will get all these features as standard, though exactly how it will be on install is unclear. All Solaris 9 binaries will be guaranteed to run however. Trusted Solaris is popular with the military, "three letter agencies" and financial institutions. For example, a Trusted Solaris setup manages information about Air Force One's air-space and is accessed via Sun Ray thin clients requiring multi-factor authentication.

Wohoo

 

[drag]

What does military grade security means? The military uses Linux, Windows, Netware and a whole bunch of other stuff. NSA developed NSA's selinux.

I know some security ratings don't realy mean anything about how secure the OS realy is, but how well the OS fits into the standards that were created when whatever security rating was created by whatever commitee for whatever reason.

Some are actualy serious I bet.

What is the actual rating and how did Solaris get it and why did it get it? ( am pretty ignorant about that sort of thing.)

After all solaris has had good security credentials in the past...

And only having "roles" instead of root, seems to be pretty inflexible design on my first impressions and means more tie in to Solaris.

Probably is a good OS, I don't have any reason to use it other then thru curiosity so far.

 

[Sunner]

From what I've read, it seems like Solaris 10 will get many of the features that Trusted Solaris has today, as well as borrowing a few ideas from OpenBSD.

 

[Barnaby W. Füi]

elimination of root user (use job specific "roles" instead)

I thought that seemed like a really interesting idea.

 

[Sunner]

Yeah, I hope Sun gets out of this crisis ok, I like the direction they're taking currently.
Solaris 10(or whatever the name's gonna be, SolarisX? ) seems like it's gonna be a very good upgrade to an already excellent OS, and their hardware is very reasonably prices these days.

We're looking at a DB server at work, and lists a SunFire V440 with 4 1.3 GHz US-IIIi's, 16 GB of memory, etc, for a mere $26.000.

 

[burnedout]

What does military grade security means? The military uses Linux, Windows, Netware and a whole bunch of other stuff. NSA developed NSA's selinux.

We also used Solaris in the Army. We were just starting to use a customized version of Linux for some newly delivered tactical equipment in beta form when I retired 3 years ago.

I got a good one for y'all: Think of a Compaq 486 notebook running an X86 version of Solaris 2.x with a customized GUI designed by TRW. My stomach still gets upset thinking of the performance and crashes. I also fondly remember doing 14.4 k ftp transfers over our wireless tactical net back in the day.

Gawd, I love civilian IT departments over those in the military. At least our new toys out here now aren't the result of some contract signed 3 years earlier.

 

[n0cmonkey]

Originally posted by: drag
What does military grade security means? The military uses Linux, Windows, Netware and a whole bunch of other stuff. NSA developed NSA's selinux.

I know some security ratings don't realy mean anything about how secure the OS realy is, but how well the OS fits into the standards that were created when whatever security rating was created by whatever commitee for whatever reason.

Some are actualy serious I bet.

What is the actual rating and how did Solaris get it and why did it get it? ( am pretty ignorant about that sort of thing.)

Just a guess, but probably C2. Like I said, just a guess. C2 basically adds some extra logging features, ACLs, and the root thing mentioned.

After all solaris has had good security credentials in the past...

And only having "roles" instead of root, seems to be pretty inflexible design on my first impressions and means more tie in to Solaris.

I think this is one of the features of SELinux. Check out gentoo's secure server. They give you an ip address and the root password. Try and do something. It's got me wanting to setup another linux box :Q

Probably is a good OS, I don't have any reason to use it other then thru curiosity so far.

I think it is worth knowing, and some of these changes are making me reconsider my choice of OS on my Ultra 10.

 

[Sunner]

I think this is one of the features of SELinux. Check out gentoo's secure server. They give you an ip address and the root password. Try and do something. It's got me wanting to setup another linux box

Do you have a link for this? Sounds nice, but I couldn't find anything about it on the Gentoo site...

Probably is a good OS, I don't have any reason to use it other then thru curiosity so far.

IMO if you want a box that should "just stand there and work", SPARC/Solaris is the best combo out there.
They aren't overly quick unless you shell out a crapload of cash, but they just never die

 

[n0cmonkey]

Originally posted by: Sunner

I think this is one of the features of SELinux. Check out gentoo's secure server. They give you an ip address and the root password. Try and do something. It's got me wanting to setup another linux box

Do you have a link for this? Sounds nice, but I couldn't find anything about it on the Gentoo site...

here

 

[Sunner]

Thanks, found the project page but not that link, my reading skills seem to be getting worse

 

[n0cmonkey]

Originally posted by: Sunner
Thanks, found the project page but not that link, my reading skills seem to be getting worse

I never found the link on gentoo's project page either. "hardened gentoo" turned it up on google.