Message Checking and Session Type Selection
After you successfully enter your username and password, the Workstation Information dialog box is displayed. It provides status information and, if your account is configured for user-specified sessions, lets you a select a single- or multilevel session. If your account is set up for a single-label configuration, then there will be no option for selecting a session level.
Single-level Versus Multilevel Sessions
In a multilevel session, you can operate at different labels. The range in which you operate is bounded at the upper end by the session clearance you specify and at the lower end by the minimum label assigned to you by your administrator.
In a single-level session, you specify a session label at which you operate for the entire session. In a single-level session, you can access and write to files at that label only. You cannot change the label of workspaces in the session. Note that you can assume a role within a single-level session and then operate at any label available to that role.
Session Selection Example
Table 2-1 provides an example of the difference between a single- and multilevel session. It contrasts a user choosing to operate in a single-level session at SECRET A against the user selecting a multilevel session, also at SECRET A. Note that labels are shown in their long form inside square brackets ([]).
The three columns on the left show the user's session selections at login. Note that users set session labels for single-level sessions and session clearances for multilevel sessions. (This is a minor distinction that is taken care of by the system; the correct label builder dialog box is always displayed with the choices permitted.)
The two columns on the right show the label values available in the session. The Initial Workspace label column represents the label when the user first enters the Trusted Solaris environment. The Available Labels column lists the labels that the user is permitted to switch to in the session.
Table 2-1 How Session Selections Affect Session Values|
User Selections |
Session Label Values |
|||
|---|---|---|---|---|
|
Session Type |
Session Label |
Session Clearance |
Initial Workspace Label |
Available Labels |
|
single-level |
[S A] |
-- |
[S A] |
[S A] |
|
multilevel |
-- |
[S A] |
[C] |
[C], [C A], [S], [S A] |
In the first row of the table, the user has selected a single-level session with a session label of [S A]. In the Trusted Solaris environment, the user has an initial workspace label of [S A] which is also the only label at which the user can operate.
In the second row of the table, the user has selected a multilevel session with a session clearance of [S A]. The user's initial workspace label is set to [U], that is, a label of [UNCLASSIFIED], because that is the lowest possible label in the user's account label range. The user can switch to any label between [U], the minimum, and [S A], the session clearance.
To Check Messages and Select Session Type
A typical Workstation Information dialog box appears in the following figure. Note that because this account is configured for multilevel operation, there is a toggle for restricting the session to a single level; single-level accounts do not get this option.
Figure 2-4 Workstation Information Dialog Box
-
Check the date and time of the last login.
This field indicates when your system was last used. You should always check that there is nothing suspicious about the last login, such as an unusual time of day, and report such occurrences to your security administrator.
-
Read any messages in the Message of the Day field.
This field contains messages from your administrator. Since this message may contain warnings about scheduled maintenance or security problems, you should always read it.
-
Read any console messages since last logout.
Typically, these system messages contain messages concerning cron (batch) jobs, but you should check that there are no messages indicating suspicious activity or other problems.
-
Click the session level toggle if you intend to work at only one label in your session (not available in single-label configurations).
In a single-level session, you operate at a single discrete label. You can only access and write to files at the same label. If you do not click the toggle, you are implicitly selecting a multilevel session and can view data at different labels. The range in which you can operate is bounded at the upper end by the session clearance that you select in the session clearance dialog box and at the lower end by the minimum label assigned to you by your administrator.
-
Click OK (or press Enter) to close the Workstation Information dialog box.
If your account is configured for single-label operation, the Trusted Solaris environment is displayed after the Workstation Information dialog box is closed; otherwise you will set the session level next.
- © 2010, Oracle Corporation and/or its affiliates