Devising an Installation and Configuration Strategy for Trusted Extensions

As in the Solaris OS, Trusted Extensions software is initially installed by the root user. However, allowing the root user to configure the software is not a secure strategy. The following describes the installation and configuration strategies from the most secure strategy to the least secure strategy:

• A two-person installation team installs and configures the software. The configuration process is audited.

  Two people are at the computer when the software is installed. Early in the configuration process, this team creates local users and roles. The team also sets up auditing to audit events that are executed by roles. After roles are assigned to users, and the computer is rebooted, the software enforces task division by role. The audit trail provides a record of the configuration process. For an illustration of a secure configuration process, see Figure 1–1.

• One person installs and configures the software by assuming the appropriate role. The configuration process is audited.

  Early in the configuration process, the root user creates a local user and roles. This user also sets up auditing to audit events that are executed by roles. Once roles have been assigned to the local user, and the computer is rebooted, the software enforces task division by role. The audit trail provides a record of the configuration process.

• One person installs and configures the software by assuming the appropriate role. The configuration process is not audited.

  By using this strategy, no record is kept of the configuration process.

• The root user installs and configures the software. The configuration process is audited.

  The install team sets up auditing to audit every event that root performs during configuration. With this strategy, the team must determine which events to audit. The audit trail does not include the name of the user who is acting as root.

• The root user installs and configures the software.

Task division by role is shown in the following figure. The security administrator sets up auditing, protects file systems, sets device policy, determines which programs require privilege to run, and protects users, among other tasks. The system administrator shares and mounts file systems, installs software packages, and creates users, among other tasks.

Figure 1–1 Administering a Trusted Extensions System: Task Division by Role