Understanding Your Site's Security Policy
Trusted Extensions effectively enables you to integrate your site's security policy with the Solaris OS. Thus, you need to have a good understanding of the scope of your policy and the ability of Trusted Extensions software to accommodate that policy. A well-planned configuration must provide a balance between consistency with your site security policy and convenience for users who are working on the system.
Trusted Extensions is configured by default to conform with the Common Criteria for Information Technology Security Evaluation (ISO/IEC 15408) at Assurance Level EAL4 against the following protection profiles:
-
Labeled Security Protection Profile
-
Controlled Access Protection Profile
-
Role-Based Access Control Protection Profile
To meet these evaluated levels, you must configure LDAP as the naming service. Note that your configuration might no longer conform with the evaluation if you do any of the following:
-
Change the kernel switch settings in the /etc/system file.
-
Turn off auditing or device allocation.
-
Change the default entries in the following configurable files:
-
/usr/openwin/server/etc/*
-
/usr/dt/app-defaults/C/Dt
-
/usr/dt/app-defaults/C/Dtwm
-
/usr/dt/app-defaults/C/SelectionManager
-
/usr/dt/bin/Xsession
-
/usr/dt/bin/Xtsolsession
-
/usr/dt/bin/Xtsolusersession
-
/usr/dt/config/sel_config
-
/usr/X11/lib/X11/xserver/TrustedExtensionsPolicy
-
For more information, see the Common Criteria web site.
- © 2010, Oracle Corporation and/or its affiliates