Document Information
Preface
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
Planning for Security in Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding Solaris Trusted Extensions Software to the Solaris OS (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
6. Configuring a Headless System With Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
7. Trusted Extensions Administration Concepts
8. Trusted Extensions Administration Tools
9. Getting Started as a Trusted Extensions Administrator (Tasks)
10. Security Requirements on a Trusted Extensions System (Overview)
11. Administering Security Requirements in Trusted Extensions (Tasks)
12. Users, Rights, and Roles in Trusted Extensions (Overview)
13. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
14. Remote Administration in Trusted Extensions (Tasks)
15. Trusted Extensions and LDAP (Overview)
16. Managing Zones in Trusted Extensions (Tasks)
17. Managing and Mounting Files in Trusted Extensions (Tasks)
18. Trusted Networking (Overview)
19. Managing Networks in Trusted Extensions (Tasks)
20. Multilevel Mail in Trusted Extensions (Overview)
21. Managing Labeled Printing (Tasks)
22. Devices in Trusted Extensions (Overview)
23. Managing Devices for Trusted Extensions (Tasks)
24. Trusted Extensions Auditing (Overview)
25. Software Management in Trusted Extensions (Tasks)
A. Site Security Policy
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Common Security Violations
Additional Security References
B. Using CDE Actions to Install Zones in Trusted Extensions
Associating Network Interfaces With Zones by Using CDE Actions (Task Map)
Preparing to Create Zones by Using CDE Actions (Task Map)
Creating Labeled Zones by Using CDE Actions (Task Map)
C. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
D. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
E. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Solaris Man Pages That Are Modified by Trusted Extensions
Glossary
Index
|
Results of Enabling Trusted Extensions From an Administrator's Perspective
After the Trusted Extensions software is enabled and the system is rebooted, the
following security features are in place. Many features are configurable by the security
administrator.
Auditing is enabled. A Sun label_encodings file is installed and configured. Two trusted desktops are added. Solaris Trusted Extensions (CDE) is the trusted version of CDE. Solaris Trusted Extensions (JDS) is the trusted version of the Sun Java Desktop System. Each windowing environment creates Trusted Path workspaces in the global zone. As in the Solaris OS, rights profiles for roles are defined. As in the Solaris OS, roles are not defined. To use roles to administer Trusted Extensions, you must create the roles. During configuration, you create the Security Administrator role. Three Trusted Extensions network databases, tnrhdb, tnrhtp, and tnzonecfg are added. The databases are administered by using the Security Templates tool and the Trusted Network Zones tool in the Solaris Management Console. Trusted Extensions provides GUIs to administer the system. Some GUIs are extensions to a Solaris OS GUI.
In Trusted CDE, administrative actions are provided in the Trusted_Extensions folder. Some of these actions are used when you initially configure Trusted Extensions. The tools are introduced in Chapter 8, Trusted Extensions Administration Tools. A trusted editor enables administrators to modify local administrative files. In Trusted CDE, the Admin Editor action invokes a trusted editor. The Device Allocation Manager manages attached devices. The Solaris Management Console provides Java-based tools to manage local and network administrative databases. The use of these tools is required for managing the trusted network, zones, and users.
|
