Tuesday Aug 05, 2008

NEW: Solaris 10 Security Deep Dive Presentation

Way back when, I posted an update to the original Solaris 10 Security Deep Dive presentation that included support for Solaris 10 Update 3 (11/06). Well, it has been entirely too long since the last update, so I am happy to say that the wait has ended! A new version of the talk is ready for download! This has been quite a journey and a lot has changed in Solaris since it was first released back in 2005. If you have not taken a look into what Solaris can offer recently, I am sure you will be in for a pleasant surprise. Give it a look, and as always feedback is appreciated! Take care!


Technorati Tag:

Tuesday Nov 13, 2007

NEW: Hack-Fu - Deconstructing the Security Capabilities of the Solaris 10 OS

For the Sun CEC 2007 conference this year, I revamped my originalPractical Solaris 10 Security presentation that I had originally mentioned here. The new version of the presentation is titled Hack-Fu - Deconstructing the Security Capabilities of the Solaris 10 OS.

While the title is a little more "catchy", the real change is that the presentation was enhanced to provide a more complete practical demonstration of Solaris 10 security capabilities. The presentation is structured from the viewpoint of a potential attacker examining the system from the network. As each new capability is discussed, barriers are lifted -- one by one -- until the attacker is given root access inside a Solaris 10 non-global zone.

While I have not had a chance to record the talk putting audio to the slides, you can still follow along as many of the examples in the presentation are based upon Sun BluePrints and HOWTOs that have already been published such as:

and a few others. I am always tuning and tweaking these presentations to address new features, improve their clarity, and make the examples more realistic. So, be sure to give it a look and send along your feedback. Also, don't forget to check out the OpenSolaris Security Community Presentations Library for other presentations featuring Solaris 10 and OpenSolaris content!

Take care,


Technorati Tag:

Saturday Nov 04, 2006

OpenSolaris/Solaris Security Presentations Page

I just wanted to take a quick moment to announce the creation of a new Presentations page in the OpenSolaris Security Community. This page has grouped together a bunch of the known Solaris 10 and OpenSolaris presentations all into one easy to find place.

To help kick this off, I have also uploaded a few new presentations including:

  • Practical Solaris 10 Security. This presentation was originally given at the NSA Red Team/Blue Team Symposium and focuses on security controls from the viewpoint of someone attacking a Solaris 10 system. The goal of this presentation is to highlight the various protections that exist as well as highlight how they can be used together (in the spirit of defense in depth) to better protect systems, services and data from attackers.
  • Enhancing Security Awareness and Control with DTrace. This presentation was given at the Sun Conference Engineering Conference and looks at how DTrace can potentially be used to provide greater (and more focused) insight into security-related events happening on a system. This presentation was given with a hands-on demonstration. The code for that demonstration will be made available shortly.
  • Solaris 10 Security Technical Deep Dive. This is an updated version of a presentation that I have shared earlier. It has been tweaked and updated to account for functionality in Solaris 10 11/06 (Update 3).

If you have any feedback on these or any of the other presentations or if you are aware of Solaris 10 or OpenSolaris presentations that exist and can be referenced on the OpenSolaris Security Presentations page, please drop us a note.

Take care!


Technorati Tag:

New Presentations: Sun Systemic Security

Way back in February, I made a posting about Sun Systemic Security. Since it has been a while since that posting, and since I had developed some fresh material for our Customer Engineering Conference, I wanted to do a follow up so that I could share this new material with you.

I have posted two new presentations on the topic of Sun Systemic Security. The first is a general overview that is intended for use in executive settings or to provide a very high level introduction to the material. The second presentation is a deeper dive into architectural security patterns. This second talk was the basis for my presentation at CEC and provides a more in-depth treatment of various security patterns and how they can be instantiated with Sun products and solutions.

What I like about the second presentation is that it demonstrates, in I believe a very compelling way, the security value proposition for Sun by illustrating how Sun can help support customer security and assurance goals at every level of the stack and how using a pattern-based approach, a reinforcing architecture can be constructed (or an existing one adapted) to better embody a variety of security principles such as self-preservation, compartmentalization, least privilege, defense in depth and others.

The Sun Systemic Security program is always growing and evolving and so we are always looking for feedback from our customers and partners. Be sure to let us know what you think!

Take care,


Technorati Tag:

Wednesday Aug 23, 2006

New Solaris Secure by Default Presentation

Scott Rotondo just posted a new Solaris Secure by Default presentation that is being used to raise awareness of SBD including what it is, why it is important and how it is implemented and used. Check it out!

For more information check out these other SBD references:

References: Part 1 of 3 Part 2 of 3 Part 3 of 3

Technorati Tag:


This area of cyberspace is dedicated the goal of raising cybersecurity awareness. This blog will discuss cybersecurity risks, trends, news and best practices with a focus on improving mission assurance.


« October 2016