Oracle® VM Server for SPARC 3.2 Security Guide

Exit Print View

Updated: March 2015
 
 

Logical Domains Manager

The Logical Domains Manager runs in the control domain and is used to configure the hypervisor, and create and configure all domains and their hardware resources. Ensure that Logical Domains Manager use is logged and monitored.

Threat: Unauthorized Use of Configuration Utilities

An attacker might take control of an administrator's user ID or an administrator from a different group might gain unauthorized access to another system.

Evaluation: Unauthorized Use of Configuration Utilities

Ensure that an administrator does not have unnecessary access to a system by implementing well-maintained identity management. Also, implement strict, fine-grained access control and other measures such as the two-person rule.

Countermeasure: Applying the Two-Person Rule

Consider implementing a two-person rule for Logical Domains Manager and other administrative tools by using rights. Enforcing a Two Man Rule Using Solaris 10 RBAC. This rule protects against social engineering attacks, compromised administrative accounts, and human error.

Countermeasure: Using Rights for the Logical Domains Manager

By using rights for the ldm command, you can implement fine-grained access control and maintain complete retraceability. For information about configuring rights, see Oracle VM Server for SPARC 3.2 Administration Guide . Using rights helps safeguard against human errors because not all features of the ldm command are available to all administrators.

Countermeasure: Hardening the Logical Domains Manager

Disable unnecessary domain manager services. The Logical Domains Manager provides network services for domain access, monitoring, and migration. Disabling network services reduces the attack surface of Logical Domains Manager to the minimum required to operate it normally. This scenario counters denial of service attacks and other attempts to misuse these network services.


Note - While disabling domain manager services help to minimize the attack surface, all of the side effects of doing so in any particular configuration cannot be known before hand.

Also see Countermeasure: Securing the ILOM.

Countermeasure: Auditing the Logical Domains Manager

Protecting the Logical Domains Manager is vital to the security of the overall system. Any changes to the Oracle VM Server for SPARC configuration must be logged for tracing hostile actions. Scan the audit logs regularly and copy the logs to a separate system for secure archival. For more information, see Chapter 2, Oracle VM Server for SPARC Security, in Oracle VM Server for SPARC 3.2 Administration Guide .