| Skip Navigation Links | |
| Exit Print View | |
|
Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library |
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding the Trusted Extensions Feature to Oracle Solaris (Tasks)
Initial Setup Team Responsibilities
Preparing an Oracle Solaris System and Adding Trusted Extensions
Install an Oracle Solaris System Securely
Prepare an Installed Oracle Solaris System for Trusted Extensions
Add Trusted Extensions Packages to an Oracle Solaris System
Resolving Security Issues Before Enabling Trusted Extensions
Secure System Hardware and Make Security Decisions Before Enabling Trusted Extensions
Enabling the Trusted Extensions Service and Logging In
Enable Trusted Extensions and Reboot
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
6. Trusted Extensions Administration Concepts
7. Trusted Extensions Administration Tools
8. Security Requirements on a Trusted Extensions System (Overview)
9. Performing Common Tasks in Trusted Extensions
10. Users, Rights, and Roles in Trusted Extensions (Overview)
11. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
12. Remote Administration in Trusted Extensions (Tasks)
13. Managing Zones in Trusted Extensions
14. Managing and Mounting Files in Trusted Extensions
15. Trusted Networking (Overview)
16. Managing Networks in Trusted Extensions (Tasks)
17. Trusted Extensions and LDAP (Overview)
18. Multilevel Mail in Trusted Extensions (Overview)
19. Managing Labeled Printing (Tasks)
20. Devices in Trusted Extensions (Overview)
21. Managing Devices for Trusted Extensions (Tasks)
22. Trusted Extensions Auditing (Overview)
23. Software Management in Trusted Extensions
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Additional Security References
B. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
C. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
D. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
For each system on which Trusted Extensions will be configured, you need to make some configuration decisions. For example, you need to decide whether to install the default Trusted Extensions configuration or customize your configuration.
For each system on which Trusted Extensions is going to be configured, make these configuration decisions before enabling the software.
At a secure site, this step is performed on every Oracle Solaris system.
For SPARC systems, choose a PROM security level and provide a password.
For x86 systems, protect the BIOS.
On all systems, protect root with a password.
If you have a site-specific label_encodings file, the file must be checked and installed before other configuration tasks can be started. If your site does not have a label_encodings file, you can use the default file that Oracle supplies. Oracle also supplies other label_encodings files, which you can find in the /etc/security/tsol directory. The Oracle files are demonstration files. They might not be suitable for production systems.
To customize a file for your site, see Trusted Extensions Label Administration.
For the default label_encodings file, the labels are the following, and the zone names can be similar to the following:
|
Note - The automatic configuration method creates the public and internal zones.
Your site's security policy can require you to administer Trusted Extensions by assuming a role. If so, or if you are configuring the system to satisfy criteria for an evaluated configuration, you must create these roles early in the configuration process.
If you are not required to configure the system by using discrete roles, you can choose to configure the system in the root role. This method of configuration is less secure. The root role can perform all tasks on the system, while other roles typically perform a more limited set of tasks. Therefore, configuration is more controlled when being performed by the roles that you create.
For example, you might want to consider the following security issues:
Determine which devices can be attached to the system and allocated for use.
Identify which printers at what labels are accessible from the system.
Identify any systems that have a limited label range, such as a gateway system or a public kiosk.
Identify which labeled systems can communicate with particular unlabeled systems.
|