Planning Your Trusted Network - Trusted Extensions Configuration and Administration

Trusted Extensions Configuration and Administration

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Trusted Extensions Configuration and ... » Initial Configuration of Trusted Extensions » Security Planning for Trusted Extensions » Planning for Security in Trusted Extensions » Planning Your Trusted Network

Updated: July 2014

Trusted Extensions Configuration and Administration

Document Information

Using This Documentation

Part I Initial Configuration of Trusted Extensions

Chapter 1 Security Planning for Trusted Extensions

What's New in Trusted Extensions in Oracle Solaris 11.2

Planning for Security in Trusted Extensions

Understanding Trusted Extensions

Understanding Your Site's Security Policy

Planning Who Will Configure Trusted Extensions

Devising a Label Strategy

Planning System Hardware and Capacity for Trusted Extensions

Planning Your Trusted Network

Planning Your Labeled Zones in Trusted Extensions

Planning for Multilevel Services

Planning for the LDAP Naming Service in Trusted Extensions

Planning for Auditing in Trusted Extensions

Planning User Security in Trusted Extensions

Forming an Install Team for Trusted Extensions

Resolving Additional Issues Before Enabling??Trusted Extensions

Backing Up the System Before Enabling Trusted Extensions

Results of Enabling Trusted Extensions From an Administrator's Perspective

Chapter 2 Configuration Roadmap for Trusted Extensions

Task Map: Preparing for and Enabling Trusted Extensions

Task Map: Choosing a Trusted Extensions Configuration

Task Map: Configuring Trusted Extensions With the Provided Defaults

Task Map: Configuring Trusted Extensions to Meet Your Site's Requirements

Chapter 3 Adding the Trusted Extensions Feature to Oracle Solaris

Initial Setup Team Responsibilities

Resolving Security Issues Before Installing Trusted Extensions

Installing and Enabling Trusted Extensions

Chapter 4 Configuring Trusted Extensions

Setting Up the Global Zone in Trusted Extensions

Creating Labeled Zones

Configuring the Network Interfaces in Trusted Extensions

Creating Roles and Users in Trusted Extensions

Creating Centralized Home Directories in Trusted Extensions

Troubleshooting Your Trusted Extensions Configuration

Additional Trusted Extensions Configuration Tasks

Chapter 5 Configuring LDAP for Trusted Extensions

Configuring LDAP on a Trusted Extensions Network

Configuring an LDAP Proxy Server on a Trusted Extensions System

Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System

Creating a Trusted Extensions Proxy for an Existing Oracle Directory Server Enterprise Edition

Creating a Trusted Extensions LDAP Client

Part II Administration of Trusted Extensions

Appendix A Site Security Policy

Appendix B Configuration Checklist for Trusted Extensions

Appendix C Quick Reference to Trusted Extensions Administration

Appendix D List of Trusted Extensions Man Pages

Language:

Planning Your Trusted Network

For assistance in planning network hardware, see Planning for Network Deployment in Oracle Solaris 11.2 .

Trusted Extensions software recognizes four host types. Each host type has a default security template, as shown in Table 1–1.

Table 1-1 Default Host Templates in Trusted Extensions

Host Type	Template Name	Purpose
`unlabeled`	`admin_low`	Identifies untrusted hosts that can communicate with the global zone. Such hosts send packets that do not include labels. For more information, see unlabeled system.
`cipso`	`cipso`	Identifies hosts or networks that send CIPSO packets. CIPSO packets are labeled.
`netif`	`netif`	Identifies hosts that receive packets on a specific network interface from `adaptive` hosts.
`adaptive`	`adapt`	Identifies hosts or networks that are not labeled, but send unlabeled packets to a specific interface on a `netif` host.

If your network can be reached by other networks, you need to specify accessible domains and hosts. You also need to identify which Trusted Extensions hosts are going to serve as gateways. You need to identify the label accreditation range for these gateways, and the sensitivity label at which data from other hosts can be viewed.

The labeling of hosts, gateways, and networks is explained in Chapter 16, Managing Networks in Trusted Extensions. Assigning labels to remote systems is performed after initial setup.

Copyright © 1992, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices