NEW: Solaris 10 Security Deep Dive Presentation

It has sure been a busy month and really it has just begun. Today, I am happy to announce the availability of my Solaris 10 Security Deep Dive presentation, updated for the just released Solaris 10 05/2009 (Update 7). From a security perspective, there have only been a few updates since my last posted version, for Solaris 10 10/2008 (Update 6), but it is always good to be current. Of particular interest is a new slide focused on IPsec and IKE. As usual, I have made this content available in both OpenDocument Format (ODF) and PDF. If you are using Microsoft Office, you can use the Sun MS Office ODF Plugin to read the source document.

For those of you who have downloaded one of the previous versions, thank you! There have been nearly 5,000 downloads of this presentation so far! If you have not had a chance, I would encourage you to download and check out a copy today. It is really amazing how many new and updated security features and capabilities there are in Solaris 10. If you have been away from Solaris (even Solaris 10) for a while, I am sure you will be shocked with what you can do today! As always, feedback is greatly appreciated!

Take care!

Glenn

Technorati Tag:

Comments:

the only thing i miss from either Linux or AIX is the ability to audit what happens to a single file leaving the rest out. For example, audit /etc/passwd and /etc/shadow and leave everything else out. in solaris i have to audit everything and filter it with auditreduce. will that other part ever be implemented in solaris?

Posted by nacho on June 15, 2009 at 04:33 AM EDT #

Nacho, hard to say. There is an open RFE to add this kind of functionality:

6490547 Provide fine-grained auditing in BSM

Customers interested in this functionality should contact Sun Support to have themselves added to the customer call record for this RFE so that we can better gauge customer interest in this functionality.

Thank you for sharing your feedback!

Glenn

Posted by Glenn Brunette on June 15, 2009 at 04:55 AM EDT #

it seems that the bugid doesnt exist in boo...
http://bugs.opensolaris.org/view_bug.do?bug_id=6490547
i also found out that jbk showed some interest in the feature.
In any case, other than that i'm very happy with RBAC and SMF when it comes to security and i'm also eagerly waiting for stuff like FMAC to integrate into opensolaris.
Some operating systems have Address space layout randomization (ASLR) besides an nx stack, i dont think solaris has that, does it?
Thank you for the great work, i'm a happy opensolaris user because of it

Posted by nacho on June 15, 2009 at 06:29 AM EDT #

Nacho,

The bugid does exist even if it is not publicly available. Support services should be able to add you to the call record. +1 for FMAC! As far as ASLR, no it is not available in Solaris. I am not aware of an RFE either, but I may not have found the right search terms. Thank you so much for your feedback and comments! They are very much appreciated!

Glenn

Posted by Glenn Brunette on June 15, 2009 at 06:50 AM EDT #

[Trackback] Glenn Brunette updated Solaris 10 Security Deep Dive presentation to represent the changes in Solaris 10 U7.

Posted by c0t0d0s0.org on June 16, 2009 at 09:29 AM EDT #

Post a Comment:
Comments are closed for this entry.
About

gbrunett

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today