Solaris 10 8/07 Installation Guide: Planning for Installation and Upgrade

Enhanced Security Using the Restricted Networking Profile

Starting with the Solaris 10 11/06 release, you can, during installation, set the default behavior for network services to run in a much more secured manner. During an interactive installation (hands on), this new security option is provided in the installation configuration selection screens. For automated JumpStart installations (hands off), you can select a restricted network profile by using a new service_profile keyword in the sysidcfg file. This security option is only available for initial installations. An upgrade maintains all previously set services. If necessary, you can restrict network services after an upgrade by using the netservices command.

If you choose to restrict network security, numerous services are fully disabled. Other services are still enabled, but these services are restricted to local connections only. Secure Shell remains available for remote administrative access to the system.

With this restricted networking profile, you reduce your risk of exposure on the Internet or LAN. The system retains full graphical desktop use and outbound network access. For example, you can still access your graphical interface, use browsers or email clients, and mount NFSv4 file shares.

The network services can be enabled after installation by using the netservices open command or by enabling individual services by using SMF commands. See Revising Security Settings After Installation.

For additional information about this security option, see the following references.

Table 2–1 Additional Information About the Limited Network Profile

Description 

For More Information 

Administer security for network services 

How to Create an SMF Profile in System Administration Guide: Basic Administration

Reopen network services after installation 

Revising Security Settings After Installation

Plan installation configuration 

Planning Network Security

Select restricted network security during a hands-on installation 

Chapter 2, Installing With the Solaris Installation Program (Tasks), in Solaris 10 8/07 Installation Guide: Basic Installations

Set up restricted network security for a JumpStart installation 

service_profile Keyword in Solaris 10 8/07 Installation Guide: Network-Based Installations