JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle VM Server for SPARC 3.1 Security Guide
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Using This Documentation

Chapter 1 Oracle VM Server for SPARC Security Overview

Security Features Used by Oracle VM Server for SPARC

Oracle VM Server for SPARC Product Overview

Applying General Security Principles to Oracle VM Server for SPARC

Security in a Virtualized Environment

Execution Environment

Securing the Execution Environment

Defending Against Attacks

Operational Environment

Threat: Unintentional Misconfiguration

Countermeasure: Creating Operational Guidelines

Threat: Errors in the Architecture of the Virtual Environment

Countermeasure: Carefully Assigning Guests to Hardware Platforms

Countermeasure: Planning an Oracle VM Server for SPARC Domain Migration

Countermeasure: Correctly Configuring Virtual Connections

Countermeasure: Using VLAN Tagging

Countermeasure: Using Virtual Security Appliances

Threat: Side Effects of Sharing Resources

Evaluation: Side Effects Through Shared Resources

Countermeasure: Carefully Assigning Hardware Resources

Countermeasure: Carefully Assigning Shared Resources

Summary: Side Effects Through Shared Resources

Execution Environment

Threat: Manipulation of the Execution Environment

Evaluation: Manipulation of the Execution Environment

Countermeasure: Securing Interactive Access Paths

Countermeasure: Minimizing the Oracle Solaris OS

Countermeasure: Hardening the Oracle Solaris OS

Countermeasure: Using Role Separation and Application Isolation

Countermeasure: Configuring a Dedicated Management Network

ILOM

Threat: Complete System Denial-of-Service

Evaluation: Complete System Denial-of-Service

Countermeasure: Securing the ILOM

Hypervisor

Threat: Breaking the Isolation

Evaluation: Breaking the Isolation

Countermeasure: Validating Firmware and Software Signatures

Countermeasure: Validating Kernel Modules

Control Domain

Threat: Control Domain Denial-of-Service

Evaluation: Control Domain Denial-of-Service

Countermeasure: Securing Console Access

Logical Domains Manager

Threat: Unauthorized Use of Configuration Utilities

Evaluation: Unauthorized Use of Configuration Utilities

Countermeasure: Applying the Two-Person Rule

Countermeasure: Using Rights for the Logical Domains Manager

Countermeasure: Hardening the Logical Domains Manager

Countermeasure: Auditing the Logical Domains Manager

Service Domain

Threat: Manipulation of a Service Domain

Evaluation: Manipulation of a Service Domain

Countermeasure: Granularly Segregating Service Domains

Countermeasure: Isolating Service Domains and Guest Domains

Countermeasure: Restricting Access to Virtual Consoles

I/O Domain

Threat: Experiencing a Denial-of-Service of an I/O Domain or a Service Domain

Evaluation: Experiencing a Denial-of-Service of an I/O Domain or a Service Domain

Countermeasure: Granularly Configuring I/O Domains

Countermeasure: Configuring Redundant Hardware and Root Domains

Threat: Manipulation of an I/O Domain

Evaluation: Manipulation in an I/O Domain

Countermeasure: Protecting Virtual Disks

Guest Domains

Countermeasure: Securing the Guest Domain OS

Chapter 2 Secure Installation and Configuration of Oracle VM Server for SPARC

Chapter 3 Security Considerations for Developers

Appendix A Secure Deployment Checklist

Logical Domains Manager

The Logical Domains Manager runs in the control domain and is used to configure the hypervisor, and create and configure all domains and their hardware resources. Ensure that Logical Domains Manager use is logged and monitored.

Threat: Unauthorized Use of Configuration Utilities

An attacker might take control of an administrator's user ID or an administrator from a different group might gain unauthorized access to another system.

Evaluation: Unauthorized Use of Configuration Utilities

Ensure that an administrator does not have unnecessary access to a system by implementing well-maintained identity management. Also, implement strict, fine-grained access control and other measures such as the two-person rule.

Countermeasure: Applying the Two-Person Rule

Consider implementing a two-person rule for Logical Domains Manager and other administrative tools by using rights. See Enforcing the Two-Person Rule Via Role-Based Access Control in the Oracle Solaris 10 Operating System. This rule protects against social engineering attacks, compromised administrative accounts, and human error.

Countermeasure: Using Rights for the Logical Domains Manager

By using rights for the ldm command, you can implement fine-grained access control and maintain complete retraceability. For information about configuring rights, see Oracle VM Server for SPARC 3.1 Administration Guide . Using rights helps safeguard against human errors because not all features of the ldm command are available to all administrators.

Countermeasure: Hardening the Logical Domains Manager

Disable unnecessary domain manager services. The Logical Domains Manager provides network services for domain access, monitoring, and migration. Disabling network services reduces the attack surface of Logical Domains Manager to the minimum required to operate it normally. This scenario counters denial of service attacks and other attempts to misuse these network services.


Note - While disabling domain manager services help to minimize the attack surface, all of the side effects of doing so in any particular configuration cannot be known before hand.

Also see Countermeasure: Securing the ILOM.

Countermeasure: Auditing the Logical Domains Manager

Protecting the Logical Domains Manager is vital to the security of the overall system. Any changes to the Oracle VM Server for SPARC configuration must be logged for tracing hostile actions. Scan the audit logs regularly and copy the logs to a separate system for secure archival. For more information, see Chapter 3, Oracle VM Server for SPARC Security, in Oracle VM Server for SPARC 3.1 Administration Guide .