The Logical Domains Manager runs in the control domain and is used to configure the hypervisor, and create and configure all domains and their hardware resources. Ensure that Logical Domains Manager use is logged and monitored.
An attacker might take control of an administrator's user ID or an administrator from a different group might gain unauthorized access to another system.
Ensure that an administrator does not have unnecessary access to a system by implementing well-maintained identity management. Also, implement strict, fine-grained access control and other measures such as the two-person rule.
Consider implementing a two-person rule for Logical Domains Manager and other administrative tools by using rights. See Enforcing the Two-Person Rule Via Role-Based Access Control in the Oracle Solaris 10 Operating System. This rule protects against social engineering attacks, compromised administrative accounts, and human error.
By using rights for the ldm command, you can implement fine-grained access control and maintain complete retraceability. For information about configuring rights, see Oracle VM Server for SPARC 3.1 Administration Guide . Using rights helps safeguard against human errors because not all features of the ldm command are available to all administrators.
Disable unnecessary domain manager services. The Logical Domains Manager provides network services for domain access, monitoring, and migration. Disabling network services reduces the attack surface of Logical Domains Manager to the minimum required to operate it normally. This scenario counters denial of service attacks and other attempts to misuse these network services.
Disable any of the following network services when they are not being used:
Migration service on TCP port 8101
To disable this service, see the description of the ldmd/incoming_migration_enabled and ldmd/outgoing_migration_enabled properties in the ldmd(1M) man page.
Extensible Messaging and Presence Protocol (XMPP) support on TCP port 6482
For information about how to disable this service, see XML Transport in Oracle VM Server for SPARC 3.1 Administration Guide .
Note that disabling XMPP prevents you from using some key Oracle VM Server for SPARC features such as domain migration, memory dynamic reconfiguration, and the ldm init-system command. Disabling XMPP also prevents Oracle VM Manager or Ops Center from managing the system.
Simple Network Management Protocol (SNMP) on UDP port 161
Determine whether you want to use the Oracle VM Server for SPARC Management Information Base (MIB) to observe domains. This feature requires that the SNMP service is enabled. Based on your choice, do one of the following:
Enable the SNMP service to use the Oracle VM Server for SPARC MIB. Securely install the Oracle VM Server for SPARC MIB. See How to Install the Oracle VM Server for SPARC MIB Software Package in Oracle VM Server for SPARC 3.1 Administration Guide and Managing Security in Oracle VM Server for SPARC 3.1 Administration Guide .
Disable the SNMP service. For information about how to disable this service, see How to Remove the Oracle VM Server for SPARC MIB Software Package in Oracle VM Server for SPARC 3.1 Administration Guide .
Discovery service on multicast address 188.8.131.52 and port 64535
You cannot disable this service while the Logical Domains Manager daemon, ldmd, is running. Instead, use the IP Filter feature of Oracle Solaris to block access to this service, which minimizes the attack surface of the Logical Domains Manager. Blocking access prevents unauthorized use of the utility, which effectively counters denial-of-service attacks and other attempts to misuse these network services. See Chapter 20, IP Filter in Oracle Solaris (Overview), in Oracle Solaris Administration: IP Services and Using IP Filter Rule Sets in Oracle Solaris Administration: IP Services.
Also see Countermeasure: Securing the ILOM.
Protecting the Logical Domains Manager is vital to the security of the overall system. Any changes to the Oracle VM Server for SPARC configuration must be logged for tracing hostile actions. Scan the audit logs regularly and copy the logs to a separate system for secure archival. For more information, see Chapter 3, Oracle VM Server for SPARC Security, in Oracle VM Server for SPARC 3.1 Administration Guide .