Fighting the threat within

A geographic information system is a tool that combines data with a visual display.

It seems that nearly every week there are news reports of Web sites being vandalized or a new virus making the rounds. Those external threats are widely covered by the press, but many security breaches actually occur within an agency's walls. That happens when staff members gain access to resources—data, applications, network routing—that are supposed to be off limits.

Sun Microsystems Inc.'s Solaris operating system is used by several federal agencies and is widely regarded as more secure than many other operating systems. Trusted Solaris 8, an extended version of the Solaris 8 operating system, enhances security policies by enforcing multiple sensitivity levels that limit users' access to information.

Trusted Solaris 8 adds Java tools that enable administrators to manage Trusted Solaris systems from any computer running Solaris Management Console 2.0 software. Administrators can implement common role-based access control that lets them manage rights attributes on Solaris 8 and Trusted Solaris 8 clients. Trusted Solaris 8 systems can also be a name server for Solaris 8 or Trusted Solaris 8 clients.

Before beginning an installation of Trusted Solaris 8, we'd recommend planning your security strategy carefully. You can control all interaction with programs, files and utilities on a user-by-user basis. The singular superuser functionality found in the regular version of the Solaris operating system is divided into multiple roles to make intrusion less likely. What's more, you can control access to devices.

The installation of Trusted Solaris 8 is straightforward and well documented. The configuration process will take some time, but step-by-step instructions are included. This release is supported on both the SPARC and Intel Corp. architectures as long as you have at least 128M of memory (more is needed for servers and for systems that run large applications), 1G of disk space for desktop systems and 2G of disk space for servers. We installed Trusted Solaris 8 on a SPARC platform that had 256M of memory and 8G of disk space. Besides the lengthy configuration process that was required to secure our test network, Trusted Solaris 8 worked wonderfully.

We especially liked the Mandatory Access Control (MAC) functionality. Our test environment mim-icked activities in a typical financial institution, where transactions and information must be accessible by people with various authorization levels. The MAC functionality let us configure account information so that customer-service representatives and voice-response applications had access to account balance information, while credit information on customers was available only to the loan department. The biggest change for administrators used to managing Solaris systems will be the move to role-based access control. RBAC splits system management tasks among several roles, which are quite specific and lessen the chances of unauthorized personnel assuming superuser rights. Administrators will need to log in as themselves and then assume one or more roles that they are authorized to perform. That also provides a better way to audit exactly who is doing what on the system. Administrators can provide users with specific rights that may be outside the normal security policies without giving unnecessary authorities in the process. You can also combine rights in a hierarchical manner using the Rights Manager Tool and create profiles that can be assigned to various users or multiple administrators who perform specific functions. Also useful is Trusted Solaris 8's support for device allocation. Administrators can set sensitivity labels for specific devices that allow or deny their use. Even windowing activities can be controlled. For example, you might let some users copy and paste text, graphics or binary data between windows. They can preview the data being transferred, and you can log all activity that occurs between windows.

Our work with Trusted Solaris 8 showed that it is flexible enough to support nearly any security requirement. Careful planning and configuration, and regular audits—which are supported within Trusted Solaris 8—will yield a security process that can stand up in even the most sensitive environments.

Biggs (maggie@biggs.com) has more than 15 years of business and IT experience in the financial sector.

REPORT CARD

Trusted Solaris 8

Score: A Sun Microsystems Inc.
(800) 786-0404
www.sun.com

Price and availability: Trusted Solaris 8 costs $2,595 for one or two CPUs; $1,295 to upgrade one or two CPUs; $11,995 for three to eight CPUs; and $5,995 to upgrade three to eight CPU systems.

Remarks: An extension to the Solaris 8 operating system, Trusted Solaris 8—when used with other security measures, such as firewalls and access control lists—provides a solid solution for sites that require a high degree of, security.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.