Tuesday Apr 24, 2012

Oracle at the DISA Partnership conference, May 7-10

Join the Oracle hardware and software team in booth 1323 at the DISA Partnership Conference, May 7-10 in Tampa, FL.  A wide variety of Oracle technology and staff will be available to answer your questions and offer solutions to your information processing problems.

Oracle's President Mark Hurd will deliver a keynote address. 

On display will be:

Come see us across from the DISA pavilion.

Thursday Dec 01, 2011

Solaris 11 compliance with DISA Security guidance

Disclaimer

This article should not be construed as a statement of compliance by Oracle or by DISA.  It is simply the result of a casual review of Solaris 11 against current DISA Security Guidelines

Some of my dedicated readers (I know you're out there) remember that back in Janauary of this year, I reviewed Solaris 11 for compliance to the DISA Security Technical Implementation Guidelines (STIGs).  The STIGs are written by DISA and used by the DoD community to ensure that systems are secured properly before connecting to the network.

With the release of Solaris 11 in November, I decided to update the document. 

Update: Thanks to Darren Moffat's comments I've updated the document as of 12/9/11. 

Download the PDF document to review

The great news is that the one item that I listed as RED in January has been fixed in the release of Solaris 11.  At that time, the installation scripts did not provide any way for /var to be mounted as a separate file systems as required by the scripts.  The default installation now automatically sets of /var as a separate ZFS data set.

Friday Aug 05, 2011

Oracle at the DISA Customer Conference

Each year the Defense Information Systems Agency has a great conference hosting their customer, employees and industry partners for four days of technology talk and networking.  Oracle will be attending as usual this year and can be found at booth #1320.  We will be representing all of Oracle's technologies including Database, Middleware, Applications, Sun Servers, Storage and Operating Systems.

Oracle technologies are a key part of DISA Computer Services Directorate offerings as well as their Command and Control programs. 

Come see me and the rest of the Oracle team to learn more about our Exadata and Exalogic Integrated Systems, security software, advanced virtualization options and development tools.

See you in Baltimore, August 15-18th.

Friday Jan 07, 2011

Solaris 11 Express and US DoD Security guides

Disclaimer

This article should not be construed as a statement of compliance by Oracle or by DISA.  It is simply the result of a casual review of Solaris 11 against current DISA Security Guidelines

With the release of Solaris 11 Express, I decided to compare it against the current US DoD Security Technical Implementation Guidelines (STIGs) as maintained by my customer DISA. Solaris 11 Express is a production ready and fully supported OS from Oracle.  It was released in September 2010 at Oracle OpenWorld and provides a preview to the features and capabilities that will be available later this year in Solaris 11.  It supports SPARC and X86 platforms from Oracle as well as other vendors.  See the Hardware Compatibility List for options.

DISA owns and operates the DoD datacenters, develops a number of command and control applications, runs the DoD networks and is responsible for enforcing DoD security mandates.  The STIG checklist is a comprehensive set of requirements that system adminstrators are expected to follow in order to attach and maintain a system on DoD networks.  There are STIG documents for enclaves, dabatases, firewalls, web servers and more, but obviously, I'm only concerning myself here with the STIG document for Unix/Linux operating systems.

The DISA STIG checklist is a public document that describes specific permissions settings, password policies, administrative record keeping and more. Section 3 is 546 pages long and is where all the specific requirements can be found. There is a collection of Security Readiness Review (SRR) scripts that automate portions of the review process to assist a system administrator in evaluating the completion of the process.  These are not publicly available.

For my review, I downloaded the documents and the SRR scripts.  I then compared Solaris 11 Express feature sets to the checklist, ran the scripts and documented where Solaris 11 Express was in compliance as well as the areas in which it differed from Solaris 10.  

Some items of note:

  • The SRR scripts will sometimes generate false positive or negative results because they are looking at files that are no longer used in Solaris 11.
  • Solaris 11 features the root home directory in /root therefore complying without any extra action
  • Solaris 11 auditing is managed as an SMF service making it easier to use but causing problems in the SRR scripts
  • Solaris 11 includes a native in-kernel CIFS service rather than using Samba
  • The default ZFS root file system currently does NOT allow /var to be mounted as a separate filesystem as required by one of the STIG items.  I have made Solaris engineering aware of this requirement.
  • I had to modify only one line of the SRR scripts to allow it to run on Solaris 11.
  • Solaris 11 has a number of new privileged user accounts that cause false finding in the SRR scripts.
  • Solaris 11 by default does NOT allow a user to login as root.  root is a role.
  • Solaris 11 implements "Secure by default" upon installation allowing only SSH access.

In summary, with the exception of the /var filesystem issue, it should be possible to bring a Solaris 11 express system in compliance with DISA STIGs. Download the detailed document.  As always, comments, clarifications and corrections are welcome!

For those who are still running Solaris 10, please refer to my earlier blog entry on using the Solaris Security toolkit to facilitate the STIG process. 

Tuesday Apr 14, 2009

Sun at the DISA Customer Conference in Anaheim CA

Once again Sun will be showing a variety of our products and services at the DISA customer conference this year being held in Anaheim, CA. Come see us in booth #924

Sun's systems and blades based on Intel's new Nehalem processors

Find the fastest, most cost effective and energy efficient Intel processors that can run Solaris 10, Open Solaris, VMware, MS Windows, Red hat and Suse platforms.

Sun ATCA Blade chassis

As a leader it open systems design, it makes sense that Sun would offer a blade chassis compliant with the Advanced Telecommunications Computing Architecture.  Sun offers Intel, AMD and Sparc chip designs in a single blade chassis.

Here's a photo of the traveling exhibit that we will be bringing.  Learn more about Sun's ATCA products as well as our competitive Blade 6000 products now features the new Intel Nehalem family of processors.

Thin Clients

Our Sun Ray Thin client technology allows you to save money, "be green" and reduce operating costs whether you are runing a Solaris, Linux or Windows environment. Read about the many customers who have deployed thin clients successfully replacing existing PC environments.

Identity Management and SOA software

Sun's Identity Management and SOA solutions allow customers to get a handle on their users, data and programs making them more agile, responsive and secure while helping them comply to government regulations.

This popular, open source database can cost as much as 10% of the traditional vendors, reducing your cost while extending your reach to the internet. Download and try MySQL today.  It installs in less than 15 minutes on all the popular OS platforms.

Sun 7000 Unified Storage System

Sun's newest, network attached storage system, the 7000 series provides high performance, low cost storage with the advantages of solid state disk and detailed analytic tools.

OpenSolaris

Experience the next generation of Solaris technology by downloading OpenSolaris or Solaris 10 today for Sparc, Intel or AMD based platforms.

Dynamic Systems

Dynamic Systems Inc is a Sun partner with the  capability of providing all of Sun's products and service via GSA contract, Enterprise Software Iniative contract or their BPA with DISA known as SSTEW.

CopperEye

CopperEye is a leading provider of enterprise data management solutions that eliminate the economic, technical and operational barriers to storing and accessing massive volumes of data.

And more....

Ask any of our booth personnel (including me) for any information about these or any other Sun products or services in which you are interested.

About

Jim Laurent is an Oracle Sales consultant based in Reston, Virginia. He supports US DoD customers as part of the North American Public Sector hardware organization. With over 17 years experience at Sun and Oracle, he specializes in Solaris and server technologies. Prior to Oracle, Jim worked 11 years for Gould Computer Systems (later known as Encore).

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today