Solaris Trusted Extensions Installation and Configuration for Solaris 10 11/06 and Solaris 10 8/07 Releases

Appendix A Site Security Policy

This appendix discusses site security policy issues, and suggests reference books and web sites for further information:

Creating and Managing a Security Policy

Each Solaris Trusted Extensions site is unique and must determine its own security policy. Perform the following tasks when creating and managing a security policy.

Site Security Policy and Trusted Extensions

The security administrator must design the Trusted Extensions network based on the site's security policy. The security policy dictates configuration decisions, such as the following:

Computer Security Recommendations

Consider the following list of guidelines when you develop a security policy for your site.

Physical Security Recommendations

Consider the following list of guidelines when you develop a security policy for your site.

Personnel Security Recommendations

Consider the following list of guidelines when you develop a security policy for your site.

Common Security Violations

Because no computer is completely secure, a computer facility is only as secure as the people who use it. Most actions that violate security are easily resolved by careful users or additional equipment. However, the following list gives examples of problems that can occur:

Additional Security References

Government publications describe in detail the standards, policies, methods, and terminology associated with computer security. Other publications listed here are guides for system administrators of UNIX® systems and are useful in gaining a thorough understanding of UNIX security problems and solutions.

The web also provides resources. In particular, the CERT web site alerts companies and users to security holes in the software. The SANS Institute offers training, an extensive glossary of terms, and an updated list of top threats from the Internet.

U.S. Government Publications

The U.S. government offers many of its publications on the web. The Computer Security Resource Center (CSRC) of the National Institute of Standards and Technology (NIST) publishes articles on computer security. The following are a sample of the publications that can be downloaded from the NIST site.

UNIX Security Publications

Chirillo, John and Edgar Danielyan. SunTM Certified Security Administration for SolarisTM 9 & 10 Study Guide. McGraw-Hill/Osborne, 2005.

Garfinkel, Simson, Gene Spafford, and Alan Schwartz. Practical UNIX and Internet Security, 3rd Edition. O'Reilly & Associates, Inc, Sebastopol, CA, 2006.

General Computer Security Publications

Brunette, Glenn M. and Christoph L. Toward Systemically Secure IT Architectures. Sun Microsystems, Inc, June 2005.

Kaufman, Charlie, Radia Perlman, and Mike Speciner. Network Security: Private Communication in a Public World, 2nd Edition. Prentice-Hall, 2002.

Pfleeger, Charles P. and Shari Lawrence Pfleeger. Security in Computing. Prentice Hall PTR, 2006.

Privacy for Pragmatists: A Privacy Practitioner's Guide to Sustainable Compliance. Sun Microsystems, Inc, August 2005.

Rhodes-Ousley, Mark, Roberta Bragg, and Keith Strassberg. Network Security: The Complete Reference. McGraw-Hill/Osborne, 2004.

Stoll, Cliff. The Cuckoo's Egg. Doubleday, 1989.

General UNIX Publications

Bach, Maurice J. The Design of the UNIX Operating System. Prentice Hall, Englewood Cliffs, NJ, 1986.

Nemeth, Evi, Garth Snyder, and Scott Seebas. UNIX System Administration Handbook. Prentice Hall, Englewood Cliffs, NJ, 1989.