Secure By Default Network Profile
Starting with this release, you can, during installation, set the default behavior for network services to run in a much more secured manner. During an interactive installation (hands on), this security option is provided in the installation configuration selection screens. For automated JumpStart installations (hands off), you can select a limited network profile by using a new service_profile keyword in the sysidcfg file.
If you choose to restrict network security during the initial installation, numerous services are fully disabled during the installation. Other services are still enabled, but these services are limited to local connections only. Solaris Secure Shell remains available for remote administrative access to the system.
With this limited networking profile, you reduce your risk of exposure on the Internet or LAN. The system retains full graphical desktop use and outbound network access. For example, you can still access your graphical interface, use browsers or email clients, and mount NFSv4 file shares.
The existing service configuration is not altered by an upgrade.
The network services can be easily reopened after installation by using the netservices open or by enabling individual services by using SMF commands.
For more information about this new security option, see the following references.
Table 6–1 Additional Security Information|
Administer security for network services |
How to Create an SMF Profile in System Administration Guide: Basic Administration |
|
Reopen network services after installation | |
|
Plan installation configuration | |
|
Select restricted network security during a hands-on installation | |
|
Set up restricted network security for a JumpStart installations |
service_profile Keyword in Solaris 10 11/06 Installation Guide: Network-Based Installations |
- © 2010, Oracle Corporation and/or its affiliates