Network Security

The Solaris operating environment provides a sophisticated security system that controls the way users access files, protect system databases, and use system resources. Solaris security is network-wide security, providing security over several different systems, not just one. The Solaris security system is designed to accommodate different security models, giving users the flexibility to choose the model that best fits their needs now and in the future. Here are a number of new features added to the Solaris security system.

RPCSEC_GSS

The kernel-level RPC implementation adds support for a new authentication flavor based on the GSS-API. NFS services are no longer tied down to a specific or a single security mechanism. The user-level RPC implementation has been modified to support two stronger security services--integrity and confidentiality. This implementation also supports multiple security mechanisms.

For more information, see NFS Administration Guide.

NIS+ Extended Diffie-Hellman (DH)

NIS+ enhances NIS+ security by increasing the authentication key length from 192 bits to 640 bits.

For more information, see NIS+ Transition Guide, Solaris Naming Administration Guide, or Solaris Naming Setup and Configuration Guide.

BIND 8.1.2

Berkeley Internet Name Daemon (BIND), the most popular DNS implementation, has been upgraded to 8.1.2. It provides a new configuration file that enhances network security through the use of access control lists (ACLs).

The /etc/named.conf (BIND 8.1.2) file replaces the /etc/named.boot (BIND 4.9.6 file and older).

For more information, see Solaris Naming Setup and Configuration Guide or Solaris Naming Administration Guide.