test

Trusted Solaris Administration Overview

Basic Concepts Review

The Trusted Solaris environment is an enhanced version of the Solaris environment that incorporates configurable security policy into the system. The concepts in this section are basic to understanding the Trusted Solaris environment, both for users and administrators. They are briefly covered here and are discussed in more depth in the Trusted Solaris User's Guide.

How the Trusted Solaris Environment Protects Against Intruders

The Trusted Solaris environment protects access to the system by providing accounts requiring user names with passwords. Passwords can be created by users or system-generated, according to your site's security policy. You can also require that passwords be changed regularly. In addition, users can work within their approved label range only limiting the information they can access. Additional passwords are required for certain administrative tasks. Additional authentication limits the damage that can be done by an intruder who guesses the root password.

The Trusted Solaris environment displays the Trusted Path symbol, an unmistakable, tamper-proof emblem that appears at the bottom of the screen. The symbol indicates to users when they are using security-related parts of the system. If the Trusted Path symbol does not appear when the user is running a trusted application, that version of the application should be checked immediately for authenticity.

As administrator, you should always verify personally instructions that you send to your users via email. This policy can help to prevent such situations as imposters posing as administrators and sending email to users to try to get passwords to accounts or other sensitive information.

How the Trusted Solaris Environment Enforces Access Control Policy

The Trusted Solaris environment protects information and other resources through both discretionary and mandatory access control. Discretionary access control is the traditional UNIX permission bits and access control lists set at the discretion of the owner. Mandatory access control is a mechanism enforced by the system automatically that controls all transactions by checking the labels of processes and data in the transaction.

A user's label represents the sensitivity level at which the user is permitted to and chooses to operate. It determines which information the user is allowed to access. Both mandatory and discretionary access controls can be overridden by special permissions called privileges, which are granted to processes. In some cases, users may need authorizations as well, which are granted to users (and roles) by an administrator.

As administrator, you need to train users on the proper procedures for securing their files and directories, according to your site's security policy. Furthermore, you should instruct any users allowed to upgrade or downgrade labels as to when it is appropriate to change a label.

How the Trusted Solaris Environment Implements Administration

In conventional UNIX systems, superuser (root) is all-powerful, with the ability to read and write to any file, run all programs, and send kill signals to any process. In the Trusted Solaris environment, root's capabilities are divided into separate role accounts that can be assigned to different individuals.

Roles are used mainly for security-related tasks. Roles:

Many administrative applications require all four conditions to run successfully.