Securing Applications and Services

You can configure Oracle Solaris security features to protect your applications.

Creating Zones to Contain Critical Applications

Zones are containers that isolate processes. They are useful containers for applications and parts of applications. For example, zones can be used to separate a web site's database from the site's web server.

For information and procedures see the following:

• Chapter 15, Introduction to Oracle Solaris Zones, in Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management

• Summary of Zones by Function in Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management

• Capabilities Provided by Non-Global Zones in Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management

• Setting Up Zones on Your System (Task Map) in Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management.

• Chapter 16, Non-Global Zone Configuration (Overview), in Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management.

Managing Resources in Zones

Zones provide a number of tools to manage zone resources.

For information and procedures see the following:

• Chapter 14, Resource Management Configuration Example, in Oracle Solaris 11.1 Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management

• Part I, Oracle Solaris Resource Management, in Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management

Configuring IPsec and IKE

IPsec and IKE protect network transmissions between nodes and networks that are jointly configured with IPsec and IKE.

For information and procedures see the following:

• Chapter 6, IP Security Architecture (Overview), in Securing the Network in Oracle Solaris 11.1

• Chapter 9, Internet Key Exchange (Overview), in Securing the Network in Oracle Solaris 11.1

• Chapter 7, Configuring IPsec (Tasks), in Securing the Network in Oracle Solaris 11.1

• Chapter 10, Configuring IKE (Tasks), in Securing the Network in Oracle Solaris 11.1

Configuring IP Filter

The IP Filter feature provides a firewall.

For information and procedures see the following:

• Chapter 4, IP Filter in Oracle Solaris (Overview), in Securing the Network in Oracle Solaris 11.1

• Chapter 5, IP Filter (Tasks), in Securing the Network in Oracle Solaris 11.1

Configuring Kerberos

You can protect your network with the Kerberos service. This client-server architecture provides secure transactions over networks. The service offers strong user authentication, as well as integrity and privacy. Using the Kerberos service, you can log in to other systems, execute commands, exchange data, and transfer files securely. Additionally, the service enables administrators to restrict access to services and systems. As a Kerberos user, you can regulate other people's access to your account.

For information and procedures see the following:

• Chapter 20, Planning for the Kerberos Service, in Oracle Solaris 11.1 Administration: Security Services

• Chapter 21, Configuring the Kerberos Service (Tasks), in Oracle Solaris 11.1 Administration: Security Services

• Selected man pages include kadmin(1M), pam_krb5(5), and kclient(1M).

Adding SMF to a Legacy Service

You can limit application configuration to trusted users or roles by adding the application to the Service Management Facility (SMF) feature of Oracle Solaris.

For information and procedures see the following:

• How to Add RBAC Properties to Legacy Applications in Oracle Solaris 11.1 Administration: Security Services

• Securing MySQL using SMF - the Ultimate Manifest.

• Selected man pages include smf(5), smf_security(5), svcadm(1M), and svccfg(1M).