This chapter lists the major security threats, provides important information about the system controller, explains password requirements for the platform and the domains, describes domain separation requirements, explains how to secure the system controller with the setkeyswitch command, provides references to Solaris operating environment security, and briefly describes SNMP.

This chapter contains the following topics:

• Security Threats
• System Controller Security
• Domains
• Solaris Operating Environment Security
• SNMP

---

Security Threats

Some of the threats regarding host break-ins that can be imposed are:

• Unauthorized system controller access
• Unauthorized domain access
• Unauthorized administrator workstation access
• Unauthorized user workstation access

Caution - It is important to remember that access to the system controller can shut down all or part of the system, including active domains running the Solaris operating environment. Also, hardware and software configuration can be changed.

---

System Controller Security

In order to secure the system controller in your system, read about the system controller security issues. System controller security issues have a great impact on the security of the system controller installation. Refer to the articles available online, including Securing the Sun Fire Midframe System Controller, at:

http://www.sun.com/blueprints

When you set up the software for your system, you performed software tasks needed to set up system controller security in Chapter 3. The basic steps to secure the system controller are:

1. Setting the platform shell password by using the password command.

2. Setting up the platform-specific parameters by using the setupplatform command.

A few setupplatform parameters involving system controller security are parameters that configure the following:

• Network settings
• Loghost for the platform
• SNMP community strings
• Access control list (ACL) for hardware
• Time out period for telnet and serial port connections

3. Setting the domain shell password for all domains by using the password command.

4. Setting the domain-specific parameters by using the setupdomain command.

A few setupdomain parameters involving system controller security are parameters that configure:

• Loghost for each domain
• SNMP for each domain (Public and Private Community Strings)

5. Saving the current configuration of the system by using the dumpconfig command.

This list of parameters is only a partial list of what you need to set up. For step-by-step software procedures, see Chapter 3.

setupplatform and setupdomain Parameter Settings

For technical information on the setupplatform and setupdomain settings involving system controller security, see the system controller commands in the Sun Fire 6800/4810/4800/3800 System Controller Command Reference Manual. Also refer to the articles available online. See System Controller Security for the URL.

Setting and Changing Passwords for the Platform and the Domain

When you set up your system for the first time:

• Make sure that you set the platform password and a different domain password for each domain (even if the domain is not used) to increase isolation between domains.
• Continue to change the platform and domain passwords on a regular basis.

---

Domains

This section discusses domain separation and the setkeyswitch command.

Domain Separation

The domain separation requirement is based on allocating computing resources to a specific domain. These mid-range systems enforce domain separation, which prevents users of one domain, who only have access to the Solaris operating environment running in that domain, from accessing or modifying the data of another domain.

This security policy enforcement is performed by the software (FIGURE 5-1). In this figure, a domain user is a person who is using the Solaris operating environment and does not have access to the system controller. The domain administrator is responsible for:

• Configuring the domain
• Maintaining domain operations
• Overseeing the domain

As this figure shows, the domain administrator has access to the domain console and domain shell for the domain the administrator is responsible for. Also note in FIGURE 5-1 that the platform administrator has access to the platform shell and the platform console. If the platform administrator knows the domain passwords, the platform administrator also has access to domain shells and consoles. You should always set the domain shell passwords for each domain.

The following are security items to consider in each domain:

• Make sure that all passwords are within acceptable security guidelines. For example, each domain and the platform should have a unique password.
• Change your passwords for the platform and each domain shell on a regular basis.
• Scrutinize log files on a regular basis for any irregularities.

FIGURE 5-1 System With Domain Separation

setkeyswitch Command

The Sun Fire 6800/4810/4800/3800 systems do not have a physical keyswitch. You set the virtual keyswitch in each domain shell with the setkeyswitch command. To secure a running domain, set the domain keyswitch to the secure setting. For more information about setkeyswitch, refer to the online article, Securing the Sun Fire Midframe System Controller available online at

http://www.sun.com/blueprints

With the keyswitch set to secure, the following restrictions occur:

• Disables the ability to perform flashupdate operations on CPU/Memory boards or I/O assemblies. Performing flashupdate operations on these boards should be done only by an administrator who has platform shell access on the system controller.
• Ignores break and reset commands from the system controller. This is an excellent security precaution. This functionality also ensures that accidentally typing a break or reset command will not halt a running domain.

---

Solaris Operating Environment Security

For information on securing the Solaris operating environment, refer to the following books and articles:

• SunSHIELD Basic Security Module Guide (Solaris 8 System Administrator Collection)
• Solaris 8 System Administration Supplement or the System Administration Guide: Security Services in the Solaris 9 System Administrator Collection
• Solaris security toolkit articles available online at

http://www.sun.com/blueprints

---

SNMP

The system controller uses SNMPv1, which is an insecure protocol. This means that the SNMPv1 traffic needs to be kept on a private network, as described in the online article, Securing the Sun Fire Midframe System Controller available online at

http://www.sun.com/blueprints