System Management Services (SMS) 1.4.1 Installation Guide Table of ContentsPrevious ChapterNext ChapterBook Index


C H A P T E R  5
SMS 1.4.1 Security Options

This chapter contains information on securing the System Management Services (SMS) 1.4.1 software under the Solaris operating environment. These instructions apply to the Sun Fire high-end server systems.

The following security options are available in SMS 1.4.1:

Strongly Recommended

Optional

By using ssh as an alternative transport for fomd, the SCs no longer require a /.rhosts file. Secure Shell provides user authentication and encrypts all network traffic; it prevents an intruder from being able to read an intercepted communication or from spoofing the system.

To protect against ARP spoofing and IP-based attacks, We strongly recommend that you disable ARP on the MAN network in all multi-domain configurations. For systems where domain separation is critical, we also recommend disabling IP connectivity between the SC and specific domains that require separation.

Before you implement the above security options, we strongly recommend that you you modify (harden) your Solaris Operating Environment configurations on the SCs and domains to improve overall system security. For details, refer to following Sun BluePrints Online articles available at:

http://www.sun.com/security/blueprints

For step-by-step instructions on implementing the three options, which involve the use of the Solaris Security Toolkit (SST, a/k/a JASS), and detailed description of all security recommendations for Sun Fire high end systems, refer to the following Sun BluePrints Online articles available at:

http://www.sun.com/security/blueprints



  System Management Services (SMS) 1.4.1 Installation Guide 817-5409-10 Table of ContentsPrevious ChapterNext ChapterBook Index


Copyright © 2004, Sun Microsystems, Inc. All rights reserved.