Tuesday Aug 05, 2008

NEW: Solaris 10 Security Deep Dive Presentation

Way back when, I posted an update to the original Solaris 10 Security Deep Dive presentation that included support for Solaris 10 Update 3 (11/06). Well, it has been entirely too long since the last update, so I am happy to say that the wait has ended! A new version of the talk is ready for download! This has been quite a journey and a lot has changed in Solaris since it was first released back in 2005. If you have not taken a look into what Solaris can offer recently, I am sure you will be in for a pleasant surprise. Give it a look, and as always feedback is appreciated! Take care!

Glenn

Technorati Tag:

Tuesday Nov 13, 2007

NEW: Hack-Fu - Deconstructing the Security Capabilities of the Solaris 10 OS

For the Sun CEC 2007 conference this year, I revamped my originalPractical Solaris 10 Security presentation that I had originally mentioned here. The new version of the presentation is titled Hack-Fu - Deconstructing the Security Capabilities of the Solaris 10 OS.

While the title is a little more "catchy", the real change is that the presentation was enhanced to provide a more complete practical demonstration of Solaris 10 security capabilities. The presentation is structured from the viewpoint of a potential attacker examining the system from the network. As each new capability is discussed, barriers are lifted -- one by one -- until the attacker is given root access inside a Solaris 10 non-global zone.

While I have not had a chance to record the talk putting audio to the slides, you can still follow along as many of the examples in the presentation are based upon Sun BluePrints and HOWTOs that have already been published such as:

and a few others. I am always tuning and tweaking these presentations to address new features, improve their clarity, and make the examples more realistic. So, be sure to give it a look and send along your feedback. Also, don't forget to check out the OpenSolaris Security Community Presentations Library for other presentations featuring Solaris 10 and OpenSolaris content!

Take care,

Glenn

Technorati Tag:

Saturday Nov 04, 2006

OpenSolaris/Solaris Security Presentations Page

I just wanted to take a quick moment to announce the creation of a new Presentations page in the OpenSolaris Security Community. This page has grouped together a bunch of the known Solaris 10 and OpenSolaris presentations all into one easy to find place.

To help kick this off, I have also uploaded a few new presentations including:

  • Practical Solaris 10 Security. This presentation was originally given at the NSA Red Team/Blue Team Symposium and focuses on security controls from the viewpoint of someone attacking a Solaris 10 system. The goal of this presentation is to highlight the various protections that exist as well as highlight how they can be used together (in the spirit of defense in depth) to better protect systems, services and data from attackers.
  • Enhancing Security Awareness and Control with DTrace. This presentation was given at the Sun Conference Engineering Conference and looks at how DTrace can potentially be used to provide greater (and more focused) insight into security-related events happening on a system. This presentation was given with a hands-on demonstration. The code for that demonstration will be made available shortly.
  • Solaris 10 Security Technical Deep Dive. This is an updated version of a presentation that I have shared earlier. It has been tweaked and updated to account for functionality in Solaris 10 11/06 (Update 3).

If you have any feedback on these or any of the other presentations or if you are aware of Solaris 10 or OpenSolaris presentations that exist and can be referenced on the OpenSolaris Security Presentations page, please drop us a note.

Take care!

Glenn

Technorati Tag:

New Presentations: Sun Systemic Security

Way back in February, I made a posting about Sun Systemic Security. Since it has been a while since that posting, and since I had developed some fresh material for our Customer Engineering Conference, I wanted to do a follow up so that I could share this new material with you.

I have posted two new presentations on the topic of Sun Systemic Security. The first is a general overview that is intended for use in executive settings or to provide a very high level introduction to the material. The second presentation is a deeper dive into architectural security patterns. This second talk was the basis for my presentation at CEC and provides a more in-depth treatment of various security patterns and how they can be instantiated with Sun products and solutions.

What I like about the second presentation is that it demonstrates, in I believe a very compelling way, the security value proposition for Sun by illustrating how Sun can help support customer security and assurance goals at every level of the stack and how using a pattern-based approach, a reinforcing architecture can be constructed (or an existing one adapted) to better embody a variety of security principles such as self-preservation, compartmentalization, least privilege, defense in depth and others.

The Sun Systemic Security program is always growing and evolving and so we are always looking for feedback from our customers and partners. Be sure to let us know what you think!

Take care,

Glenn

Technorati Tag:

Wednesday Aug 23, 2006

New Solaris Secure by Default Presentation



Scott Rotondo just posted a new Solaris Secure by Default presentation that is being used to raise awareness of SBD including what it is, why it is important and how it is implemented and used. Check it out!

For more information check out these other SBD references:

References: Part 1 of 3 Part 2 of 3 Part 3 of 3

Technorati Tag:

Thursday Aug 17, 2006

Solaris 10 Security - Technical Presentation

A while back, I posted a version of my Solaris 10 technical deep-dive presentation. Well, I have finally had a chance to update it based on all of the latest goodies in Solaris 10 Update 1 and 2 as well as Nevada. I have also added a bunch of new examples and screenshots.

For those who may have missed it, the goal of this presentation is to provide a technical "deep dive" overview for those interested in learning more about the security capabilities and features of Solaris 10. This presentation serves as a bridge between the higher level marketing presentations and technical presentations that are specific to individual technologies.

I would like to thank Mark Thacker, Darren Moffat, Casper Dik, and Shawn Emery for their contributions to this presentation! So if this topic interests you, please download the latest version and send me your feedback! I will use the comments received to help guide future updates of the presentation. Also, be sure to let your sales team know if you would like to have someone from Sun come and talk with you about Solaris 10 security or any of the content in this presentation. Thanks in advance!

Take care!

Glenn

Technorati Tag:

Saturday Feb 11, 2006

Updated Solaris 10 Security TOI

While I am at it, how about an update to the Solaris 10 Technical TOI that I had posted a while back. This new version of the TOI includes support for Solaris 10 Update 1 as well as a bunch of other new additions and examples.

I would love to hear what you think about this new version. Remeber, if you would be interested in having someone from Sun come out and talk to you and your organization on this topic, please let us know. We have been giving this (or similar) Solaris 10 Security deep dive talks to customers for some time now, and there has always been a lot of great interaction, discussion and Q&A. Honestly, they are always a lot of fun.

Take care!

Glenn

Technorati Tag:

Sun Systemic Security

In advance of the RSA Security Conference, I wanted to give everyone a heads-up regarding the updated Sun BluePrint article and presentation just posted on the Sun Systemic Security Program. Some may remember that I have talked about systemically secure architectures previously. This new content is more comprehensive and includes more specifics about the overall program and several architectural design building blocks and patterns.

You can find even more information on Sun Systemic Security at Sun's Security Homepage.

If you are going to be at the RSA conference, be sure to stop by the Sun booth and look me up!

Take care!

Glenn

Technorati Tag:

Wednesday Apr 06, 2005

Solaris 10 Security Technical TOI

In a recent posting, I talked about a presentation that I gave on Solaris 10 at a set of "boot camps" in Somerset, NJ and New York City. The presentation was a deep dive into Solaris 10 security that talked about a variety of capabilities in depth and covered many other features and enhancements that you may not have heard about. The version of this talk that I gave at the boot camp has been posted if you are interested. I would love to hear what you think.

If you would be interested in having Sun come out and deliver this presentations to your and your organizations, please let us know. We have been giving this (or similar) Solaris 10 Security deep dive talks to customers for some time now, and there has always been a lot of great interaction, discussion and Q&A focused on how this great technology can be applied to solve problems facing their organizations.

Take care!

Technorati Tag:

Monday Oct 04, 2004

Solaris 10 Security Net Talk and Live Q&A

FYI... Be sure to check out this Net Talk and get your questions ready for this upcoming live Q&A session on Solaris 10 security!

Glenn

---

Sun Net Talk: Online Seminars for IT Professionals

Let's Talk --> About Security
OS Security: Solaris 10 Breaks New Ground

Keep the bad guys out; let the good guys in. No operating system does
it better than Solaris and with the upcoming release of the Solaris 10
OS, the bad guys might want to think about a new line of work. View  this
Sun Net Talk on Demand to find out how you can better protect your
software environment with the ground-breaking, out-of-the-box security
capabilities of Solaris 10. All viewers will receive early access to a  new
security white paper, discounts on selected security publications and
free security blueprints.

https://see.sun.com/Apps/DCS/mcp? q=STTW1gTFwS$vzG&eventid=652&classcode=SNTA-20040820

Got more security questions? Then register for the Sun Expert Exchange
on October 20th. It's your chance to grill our experts in a live Q&A
forum.

https://see.sun.com/Apps/DCS/mcp? q=STTW1gTFwS$vzG&eventid=652&classcode=SNTA-20040820

If you have any questions or feedback please send an e-mail to:
sunnettalk@sun.com.

Thank you,
Sun Microsystems

----------------------------------------------------------------------- ----
OS Security: Solaris 10 Breaks New Ground
----------------------------------------------------------------------- ----

View Net Talk Now
https://see.sun.com/Apps/DCS/mcp? q=STTW1gTFwS$vzG&eventid=652&classcode=SNTA-20040820

NET TALK SPEAKERS

  \* Graham Lovell
    Senior Director, Solaris Marketing

  \* Mark Thacker
    Product Line Manager, Solaris Security

  \* Paul Sangster
    Senior Security Architect, Solaris Operating System

NET TALK AGENDA

  \* Sun's Approach to Security
  \* Solaris 10 Security Architecture
  \* Trusted Solaris
  \* Certification and Services
  \* Next Steps

View now...

https://see.sun.com/Apps/DCS/mcp? q=STTW1gTFwS$vzG&eventid=652&classcode=SNTA-20040820

----------------------------------------------------------------------------

Ask Questions Later

EXPERT EXCHANGE: October 20th at 10 am PT

After watching the Net Talk, you can get any and all of your remaining
security questions answered at a Sun Expert Exchange on October 20th.
Sign up now for this hour of online Q&A with a panel of Sun's business
and technical experts.


Date: Wednesday, October 20th
Time: 10-11 am PT/1-2 pm ET

LIVE Q&A EXPERTS

  \* Paul Sangster
    Senior Security Architect, Solaris Operating System

  \* Mark Thacker
    Product Line Manager, Solaris Security

  \* Angel Camacho
    Technical Product Manager, Solaris Operating System

  \* Larry Wake
    Product Marketing Manager, Solaris Operating System

  \* Smita Thakur
    Product Line Manager, Solaris Operating System

Sign up now... 

Technorati Tag:

About

gbrunett

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today