Part I Security Overview

This book focuses on the features that enhance security in the Solaris Operating System. This book is intended for system administrators and users of these security features. The overview chapter introduces the topics in the book.

Chapter 1 Security Services (Overview)

To maintain the security of the Solaris Operating System (Solaris OS), Solaris software provides the following features:

• System Security – The ability to prevent intrusion, to protect machine resources and devices from misuse, and to protect files from malicious modification or unintentional modification by users or intruders

  For a general discussion of system security, see Chapter 2, Managing Machine Security (Overview).

• Solaris Cryptographic Services – The ability to scramble data so that only the sender and the designated receiver can read the contents, and to manage cryptographic providers and public key objects

• Authentication Services – The ability to securely identify a user, which requires the user's name and some form of proof, typically a password

• Authentication With Encryption – The ability to ensure that authenticated parties can communicate without interception, modification, or spoofing

• Solaris Auditing – The ability to identify the source of security changes to the system, including file access, security-related system calls, and authentication failures

• Security Policy – The design and implementation of security guidelines for a computer or network of computers

System Security

System security ensures that the system's resources are used properly. Access controls can restrict who is permitted access to resources on the system. The Solaris OS features for system security and access control include the following:

• Login administration tools – Commands for monitoring and controlling a user's ability to log in. See Securing Logins and Passwords (Task Map).

• Hardware access – Commands for limiting access to the PROM, and for restricting who can boot the system. See SPARC: Controlling Access to System Hardware (Task Map).

• Resource access – Tools and strategies for maximizing the appropriate use of machine resources while minimizing the misuse of those resources. See Controlling Access to Machine Resources.

• Role-based access control (RBAC) – An architecture for creating special, restricted user accounts that are permitted to perform specific administrative tasks. See Role-Based Access Control (Overview).

• Privileges – Discrete rights on processes to perform operations. These process rights are enforced in the kernel. See Privileges (Overview).

• Device management – Device policy additionally protects devices that are already protected by UNIX permissions. Device allocation controls access to peripheral devices, such as a microphone or CD-ROM drive. Upon deallocation, device-clean scripts can then erase any data from the device. See Controlling Access to Devices.

• Basic Audit Reporting Tool (BART) – A snapshot, called a manifest, of the file attributes of files on a system. By comparing the manifests across systems or on one system over time, changes to files can be monitored to reduce security risks. See Chapter 6, Using the Basic Audit Reporting Tool (Tasks).

• File permissions – Attributes of a file or directory. Permissions restrict the users and groups that are permitted to read, write, or execute a file, or search a directory. See Chapter 7, Controlling Access to Files (Tasks).

• Antivirus software – A vscan service checks files for viruses before an application uses the files. A file system can invoke this service to scan files in real time for the most recent virus definitions before the files are accessed by any clients of the file system.

  The real-time scan is performed by third-party applications. A file can be scanned when it is opened and after it is closed. See Chapter 4, Virus Scanning Service (Tasks).

Solaris Cryptographic Services

Cryptography is the science of encrypting and decrypting data. Cryptography is used to insure integrity, privacy, and authenticity. Integrity means that the data has not been altered. Privacy means that the data is not readable by others. Authenticity for data means that what was delivered is what was sent. User authentication means that the user has supplied one or more proofs of identity. Authentication mechanisms mathematically verify the source of the data or the proof of identity. Encryption mechanisms scramble data so that the data is not readable by a casual observer. Cryptographic services provide authentication and encryption mechanisms to applications and users.

Cryptographic algorithms use hashing, chaining, and other mathematical techniques to create ciphers that are difficult to break. Authentication mechanisms require that the sender and the receiver compute an identical number from the data. Encryption mechanisms rely on the sender and the receiver sharing information about the method of encryption. This information enables only the receiver and the sender to decrypt the message. The Solaris OS provides a centralized cryptographic framework, and provides encryption mechanisms that are tied to particular applications.

• Solaris^TM Cryptographic Framework – A central framework of cryptographic services for kernel-level and user-level consumers. Uses include passwords, IPsec, and third-party applications. The cryptographic framework includes a number of software encryption modules. The framework enables you to specify which software encryption modules or hardware encryption sources an application can use. The framework is built on the PKCS #11 v2 library. This library is implemented according to the following standard: RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki). The library provides an API for third-party developers to plug in the cryptographic requirements for their applications. See Chapter 13, Solaris Cryptographic Framework (Overview).

• Encryption mechanisms per application –

  • For the use of DES in Secure RPC, see Overview of Secure RPC.

  • For the use of DES, 3DES, AES, and ARCFOUR in the Kerberos service, see Chapter 21, Introduction to the Kerberos Service.

  • For the use of RSA, DSA, and ciphers such as Blowfish in Solaris Secure Shell, see Chapter 19, Using Solaris Secure Shell (Tasks).

  • For the use of cryptographic algorithms in passwords, see Changing the Password Algorithm (Task Map).

In the Solaris Express Community Edition, the Key Management Framework (KMF) provides a central utility for managing public key objects, including policy, keys, and certificates. KMF manages these objects for OpenSSL, NSS, and PKCS #11 public key technologies. See Chapter 15, Solaris Key Management Framework.

Authentication Services

Authentication is a mechanism that identifies a user or service based on predefined criteria. Authentication services range from simple name-password pairs to more elaborate challenge-response systems, such as smart cards and biometrics. Strong authentication mechanisms rely on a user supplying information that only that person knows, and a personal item that can be verified. A user name is an example of information that the person knows. A smart card or a fingerprint, for example, can be verified. The Solaris features for authentication include the following:

• Secure RPC – An authentication mechanism that uses the Diffie-Hellman protocol to protect NFS mounts and a name service, such as NIS or NIS+. See Overview of Secure RPC.

• Pluggable Authentication Module (PAM) – A framework that enables various authentication technologies to be plugged into a system entry service without recompiling the service. Some of the system entry services include login and ftp. See Chapter 17, Using PAM.

• Simple Authentication and Security Layer (SASL) – A framework that provides authentication and security services to network protocols. See Chapter 18, Using SASL.

• Solaris Secure Shell – A secure remote login and transfer protocol that encrypts communications over an insecure network. See Chapter 19, Using Solaris Secure Shell (Tasks).

• Kerberos service – A client-server architecture that provides encryption with authentication. See Chapter 21, Introduction to the Kerberos Service.

Authentication With Encryption

Authentication with encryption is the basis of secure communication. Authentication helps ensure that the source and the destination are the intended parties. Encryption codes the communication at the source, and decodes the communication at the destination. Encryption prevents intruders from reading any transmissions that the intruders might manage to intercept. The Solaris features for secure communication include the following:

• Solaris Secure Shell – A protocol for protecting data transfers and interactive user network sessions from eavesdropping, session hijacking, and “man-in-the-middle” attacks. Strong authentication is provided through public key cryptography. X windows services and other network services can be tunneled safely over Secure Shell connections for additional protection. See Chapter 19, Using Solaris Secure Shell (Tasks).

• Kerberos service – A client-server architecture that provides authentication with encryption. See Chapter 21, Introduction to the Kerberos Service.

• Internet Protocol Security Architecture (IPsec) – An architecture that provides IP datagram protection. Protections include confidentiality, strong integrity of the data, data authentication, and partial sequence integrity. See Chapter 19, IP Security Architecture (Overview), in System Administration Guide: IP Services.

Solaris Auditing

Auditing is a fundamental concept of system security and maintainability. Auditing is the process of examining the history of actions and events on a system to determine what happened. The history is kept in a log of what was done, when it was done, by whom, and what was affected. See Chapter 28, Solaris Auditing (Overview).

Security Policy

The phrase security policy, or policy, is used throughout this book to refer to an organization's security guidelines. Your site's security policy is the set of rules that define the sensitivity of the information that is being processed and the measures that are used to protect the information from unauthorized access. Security technologies such as Solaris Secure Shell, authentication, RBAC, authorization, privileges, and resource control provide measures to protect information.

Some security technologies also use the word policy when describing specific aspects of their implementation. For example, Solaris auditing uses audit policy options to configure some aspects of auditing policy. The following table points to glossary, man page, and information on features that use the word policy to describe specific aspects of their implementation.

Table 1–1 Use of Policy in the Solaris OS

Glossary Definition	Selected Man Pages	Further Information
audit policy	audit_control(4), audit_user(4), auditconfig(1M)	Chapter 28, Solaris Auditing (Overview)
policy in the cryptographic framework	cryptoadm(1M)	Chapter 13, Solaris Cryptographic Framework (Overview)
device policy	getdevpolicy(1M)	Controlling Access to Devices
Kerberos policy	krb5.conf(4)	Chapter 25, Administering Kerberos Principals and Policies (Tasks)
network policies	ipfilter(5), ifconfig(1M), ike.config(4), ipsecconf(1M), routeadm(1M)	Part III, IP Security, in System Administration Guide: IP Services
password policy	passwd(1), nsswitch.conf(4), crypt.conf(4), policy.conf(4)	Maintaining Login Control
policy for public key technologies	kmfcfg(1)	Chapter 15, Solaris Key Management Framework
RBAC policy	rbac(5)	exec_attr Database