Wednesday Sep 05, 2012

Is 'Old-School' the Wrong Way to Describe Reliable Security?


The Hotel Toronto apparently knows how to secure its environment.

"Built directly into the bedrock in 1913, the vault features an incredible 4-foot thick steel door that weighs 40 tonnes, yet can nonetheless be moved with a single finger. During construction, the gargantuan door was hauled up Yonge Street from the harbour by a team of 18 horses. "

1913. Those were the days. Sysadmins had to be strong as bulls and willing to shovel horse maneur. At least nowadays you don't have to be that strong. And, if you happen to be trying to secure your Oracle Linux environment, you may be able to avoid the shoveling, as well. Provided you know the tricks of the trade contained in these two recently published articles.

Tips for Hardening an Oracle Linux Server

General strategies for hardening an Oracle Linux server. Oracle Linux comes "secure by default," but the actions you take when deploying the server can increase or decrease its security. How to minimize active services, lock down network services, and many other tips. By Ginny Henningsen, James Morris and Lenz Grimmer.

Tips for Securing an Oracle Linux Environment

System logging with logwatch and process accounting with psacct can help detect intrusion attempts and determine whether a system has been compromised. So can using the RPM package manager to verifying the integrity of installed software. These and other tools are described in this second article, which takes a wider perspective and gives you tips for securing your entire Oracle Linux environment. Also by the crack team of Ginny Henningsen, James Morris and Lenz Grimmer.

- Rick

Website Newsletter Facebook Twitter

Tuesday Jan 25, 2011

Is Someone Spying on Your Virtualized Environment?


Virtualization is one of those hot topics that dominates the thoughts of systems architects. Of course, the newer and more visible a technology trend, the more likely it is cyber pests are looking to exploit some weakness.

Oracle VM Server for SPARC (previously called Sun Logical Domains or LDoms) technology is one implementation of virtualization based on the UltraSPARC T1, T2, T2 Plus and SPARC T3 processors. It's been around for a while, so we have the advantage of a more mature implementation with associated security best practices. Oracle engineer Stefan Hinker has written a comprehensive paper, Securing Oracle VM Server for SPARC, that addresses these issues in detail: it discusses the eleven threats you may encounter, along with a detailed discussion of the 28 countermeasures you can take.

Security Needs

Finally, this paper lays out three deployment scenarios based on your security needs. How do you assess that? Simple: Security Needs=Value of Data∗Probability of Breach. This paper is one of those critical references you should read and keep it close. Because, someone may be watching you...

- Kemer

Monday Jun 14, 2010

Loving This Book!

You know you're a closet geek when you get a secret thrill reading the stories of how technologies were developed.  OK, I may not not know all the arguments to the dumpadm(1M) command by heart, but I would get a kick out of learning why the engineers chose those particular arguments.

(By the way, in case you're not reading this on a Solaris system, here's the entire Oracle Solaris 10 manpage collection.)

Which is why I'm enjoying Solaris 10 Security Essentials so much.   It's written by the Sun (now Oracle) engineers who "conceptualized the services, wrote the specifications, and coded the security software" for Solaris 10. 

You couldn't get closer to the source even if you convinced Dick Cheney to write a book about the Bush presidency. 

Here's a peek...Chapter 1 includes two tables that list each of the security features in Solaris 10, what their default configurations are or why you might want to re-configure them, and the chapter in which they are described in detail.  They cover:

  • Passwords
  • User authentication
  • Roles and superuser
  • Authorizations
  • Cryptographic services
  • Privileges
  • Remote login
  • Key Management Framework (KMF)
  • File protection
  • File permissions and Access Control Lists (ACL's)
  • Service Management Facility (SMF)
  • NFS
  • Network security
  • Containers
  • Monitoring
  • Execution protection
  • Trusted extensions

It's a great birds-eye view, and makes you want to plunge into the rest of the book.

I'll find other cool things about the book to post in future blogs.

Be sure to also check out the excellent Solaris 10 System Administration Essentials, part of the same series of Solaris 10 Essentials books being published by InformIT.   

- Rick


Logan Rosenstein
and members of the OTN community


« July 2016
Blogs We Like