The checklists are for planning and for reference. They provide an overall view of what to remember when installing and configuring the workstations at your site, and a record of doing so.
The following checklists summarize what you have done at your site. Where indicated, there are separate worksheets to plan particular site features, such as servers and labels.
Read Trusted Solaris Administration Overview.
Understand site security requirements.
See Trusted Solaris Label Administration. For highlights, see "Planning Labels".
See Trusted Solaris Audit Administration. For highlights, see "Planning Auditing".
See "Plan User Security" and Table 3-4.
See "To Create a Role" for password and account locking considerations.
See Trusted Solaris Administrator's Procedures.
See Trusted Solaris Administrator's Procedures and "Planning Workstations".
Planning labels requires extensive knowledge. Trusted Solaris Label Administration describes in detail the modifications required to the label_encodings file you choose.
Label visibility exceptions are implemented per user when creating users.
Label visibility exceptions per workstation can be done but are not recommended. See Trusted Solaris Label Administration for why and how.
When localizing a label_encodings file, localize the label names only. However, the names ADMIN_HIGH and ADMIN_LOW must not be localized. All labeled workstations that you contact must have label names that match the label names in the Trusted Solaris label_encodings file.
GFI
Site-specific
Modified Trusted Solaris single-label
Modified Trusted Solaris multilabel
Create multiple user Sensitivity Labels -- Yes, default
Hide upgraded names in directories -- No, default
Visible to each user, default
The first decision to make is whether to have an open network or a closed network.
Identify accessible domains
Identify accessible workstations
Identify Trusted Solaris workstations that can access to unlabeled workstations or domains
Identify the NIS or NIS+ master
Identify the NIS or NIS+ slaves/replicas
Identify the NIS+ subdomain masters
Identify the file servers
Identify the audit servers
Identify the print servers
Identify the mail servers
Identify network routers/gateways
Identify end user workstations
Identify other workstations on the network
Identify the labels at which machines can communicate.
Determine the label range of each workstation's network interfaces
Determine the label(s) applied to incoming data from unlabeled workstations
Planning auditing can require extensive knowledge. Trusted Solaris Audit Administration describes in detail how to set up auditing.
Auditing security decisions include:
Classes of events to audit for success
Classes of events to audit for failure
Classes of events to audit for both
Users/roles with what additional auditing
Who has access to the audit administration server
Who has access to the audit servers
Who has the rights profile for audit file backup
Who has the rights profile for audit file review
Auditing system decisions include:
Primary and secondary audit partitions for each workstation
Size of audit partitions
List the system information for each workstation/server in the Trusted Solaris network:
name
kernel architecture
IP address
Determine the security information for each workstation/server in the Trusted Solaris network:
root password
PROM/BIOS security level
PROM/BIOS password
Attached peripherals permitted?
Access to printers
Access to unlabeled domains