Solaris 10 What's New

Secure By Default Network Profile

Starting with this release, you can, during installation, set the default behavior for network services to run in a much more secured manner. During an interactive installation (hands on), this security option is provided in the installation configuration selection screens. For automated JumpStart installations (hands off), you can select a limited network profile by using a new service_profile keyword in the sysidcfg file.

If you choose to restrict network security during the initial installation, numerous services are fully disabled during the installation. Other services are still enabled, but these services are limited to local connections only. Solaris Secure Shell remains available for remote administrative access to the system.

With this limited networking profile, you reduce your risk of exposure on the Internet or LAN. The system retains full graphical desktop use and outbound network access. For example, you can still access your graphical interface, use browsers or email clients, and mount NFSv4 file shares.

The existing service configuration is not altered by an upgrade.

The network services can be easily reopened after installation by using the netservices open or by enabling individual services by using SMF commands.

For more information about this new security option, see the following references.

Table 6–1 Additional Security Information

Administer security for network services 

How to Create an SMF Profile in System Administration Guide: Basic Administration

Reopen network services after installation 

Revising Security Settings After Installation in Solaris 10 11/06 Installation Guide: Planning for Installation and Upgrade

Plan installation configuration 

Planning Network Security in Solaris 10 11/06 Installation Guide: Planning for Installation and Upgrade

Select restricted network security during a hands-on installation 

Chapter 2, Installing With the Solaris Installation Program (Tasks), in Solaris 10 Installation Guide: Basic Installations

Set up restricted network security for a JumpStart installations 

service_profile Keyword in Solaris 10 11/06 Installation Guide: Network-Based Installations