Security Enhancements
|
Feature Description |
Release Date |
|---|---|
|
Internet Key Exchange (IKE) Protocol Internet Key Exchange (IKE) automates key management for IPsec. IKE replaces manual key assignment and refreshment on an IPv4 network, which enables the administrator to manage larger numbers of secure networks. System administrators use IPsec to set up secure IPv4 networks. The in.iked daemon provides key derivation, authentication, and authentication protection at boot time. The daemon is configurable. The administrator sets up the parameters in a configuration file. After the parameters are set up, no manual key refreshment is required. For further information, see "Internet Key Exchange" in the System Administration Guide: IP Services. |
Solaris 9 |
|
Solaris Secure Shell Secure Shell allows a user to securely access a remote host over an unsecured network. Data transfers and interactive user network sessions are protected from eavesdropping, session hijacking, and intermediary attacks. Solaris 9 Secure Shell supports SSHv1 and SSHv2 protocol versions. Strong authentication is provided that uses public key cryptography. The X Window System and other network services can be tunneled safely over Secure Shell connections for additional protection. The Secure Shell server, sshd, supports the monitoring and filtering of incoming requests for network services. The server can be configured to log the client host name of incoming requests and thus enhance network security. sshd uses the same mechanism that is used by the Tcp-wrappers 7.6 utility that is described in "Freeware". For further information, see the sshd(1M), hosts_access(4), and hosts_options(4) man pages. |
Solaris 9 |
|
Kerberos Key Distribution Center (KDC) and Administration Tools System administrators can improve system security by using Kerberos V5 authentication, privacy, and integrity. NFS is an example of an application that is secured with Kerberos V5. The following list highlights the new features of Kerberos V5.
For further information, see "Administering the Kerberos Database" in the System Administration Guide: Security Services. |
Solaris 9 |
|
Secure LDAP Client The Solaris 9 release includes new features for LDAP client-based security. A new LDAP library provides for SSL (TLS) and CRAM-MD5 encryption mechanisms. These encryption mechanisms enable customers to deploy methods for encryption over the wire between LDAP clients and the LDAP server. For further information about the iPlanet Directory Server 5.1, the LDAP directory server, see "Networking". |
Solaris 9 |
|
Encryption Modules for IPsec and Kerberos Encryption with a maximum key length of 128 bits is included in the Solaris 9 release. Prior to the Solaris 9 release, encryption modules were available only on the Solaris Encryption Kit CD-ROM or through a web download. A number of these algorithms are now in the Solaris 9 operating environment. These algorithms include 56-bit DES privacy support for Kerberos as well as 56-bit DES and 3-key Triple-DES support for IPsec. Note - Also with the Solaris 9 release, support for greater than 128-bit encryption with IPsec is available on the Solaris Encryption Kit CD-ROM or through a web download. IPsec supports the 128-bit, 192-bit or 256-bit Advanced Encryption Standard (AES), and 32-bit to 448-bit Blowfish (in 8-bit increments). For information on IPsec support, see "IPsec (Overview)" in the System Administration Guide: IP Services. For information on Kerberos support, see "Introduction to SEAM" in the System Administration Guide: Security Services. |
Solaris 9 |
|
IP Security Architecture for IPv6 The IPsec security framework has been enhanced in the Solaris 9 release to enable secure IPv6 datagrams between machines. For the Solaris 9 release, only the use of manual keys is supported when using IPsec for IPv6. Note - The IPsec security framework for IPv4 was introduced in the Solaris 8 release. The Internet Key Exchange (IKE) Protocol is available for IPv4. For further information, see "IPsec (Overview)" in the System Administration Guide: IP Services. |
Solaris 9 |
|
Role-Based Access Control (RBAC) Enhancements Role-based access control (RBAC) databases can be managed through the Solaris Management Console graphical interface. Rights can now be assigned by default in the policy.conf file. In addition, rights can now contain other rights. For further information about RBAC, see "Role-Based Access Control". For further information, see "Role-Based Access Control" in the System Administration Guide: Security Services. |
Solaris 8 1/01 |
|
Xserver Connection Security Options New options enable system administrators to allow only encrypted connections to the Solaris X server. For further information, see "Xserver Features". |
Solaris 9 |
|
Generic Security Services Application Programming Interface (GSS-API) The Generic Security Services Application Programming Interface (GSS-API) is a security framework that enables applications to protect the data they transmit. The GSS-API provides authentication, integrity, and confidentiality services to applications. The interface permits those applications to be entirely generic with respect to security. That is, they do not have to check for the underlying platform (such as the Solaris platform) or security mechanism (such as Kerberos) being used. This means that applications that use the GSS-API can be highly portable. For more information, see the GSS-API Programming Guide. |
Solaris 8 6/00 |
|
Additional Security Software For information about SunScreenTM 3.2, a firewall product, see "Additional Software". See also "Freeware" for information about the Tcp-wrappers 7.6 freeware in the Solaris 9 release. Tcp-wrappers 7.6 are small daemon programs that monitor and filter incoming requests for network services. |
Solaris 9 |
- © 2010, Oracle Corporation and/or its affiliates