Document Information
Preface
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding Solaris Trusted Extensions Software to the Solaris OS (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
6. Configuring a Headless System With Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
7. Trusted Extensions Administration Concepts
8. Trusted Extensions Administration Tools
9. Getting Started as a Trusted Extensions Administrator (Tasks)
10. Security Requirements on a Trusted Extensions System (Overview)
11. Administering Security Requirements in Trusted Extensions (Tasks)
12. Users, Rights, and Roles in Trusted Extensions (Overview)
13. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
14. Remote Administration in Trusted Extensions (Tasks)
15. Trusted Extensions and LDAP (Overview)
16. Managing Zones in Trusted Extensions (Tasks)
17. Managing and Mounting Files in Trusted Extensions (Tasks)
18. Trusted Networking (Overview)
19. Managing Networks in Trusted Extensions (Tasks)
20. Multilevel Mail in Trusted Extensions (Overview)
21. Managing Labeled Printing (Tasks)
22. Devices in Trusted Extensions (Overview)
23. Managing Devices for Trusted Extensions (Tasks)
24. Trusted Extensions Auditing (Overview)
25. Software Management in Trusted Extensions (Tasks)
A. Site Security Policy
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Physical Security Recommendations
Personnel Security Recommendations
Common Security Violations
Additional Security References
B. Using CDE Actions to Install Zones in Trusted Extensions
Associating Network Interfaces With Zones by Using CDE Actions (Task Map)
Preparing to Create Zones by Using CDE Actions (Task Map)
Creating Labeled Zones by Using CDE Actions (Task Map)
C. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
D. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
E. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Solaris Man Pages That Are Modified by Trusted Extensions
Glossary
Index
|
Computer Security Recommendations
Consider the following list of guidelines when you develop a security policy for
your site.
Assign the maximum label of a system that is configured with Trusted Extensions to not be greater than the maximum security level of work being done at the site. Manually record system reboots, power failures, and shutdowns in a site log. Document file system damage, and analyze all affected files for potential security policy violations. Restrict operating manuals and administrator documentation to individuals with a valid need for access to that information. Report and document unusual or unexpected behavior of any Trusted Extensions software, and determine the cause. If possible, assign at least two individuals to administer systems that are configured with Trusted Extensions. Assign one person the security administrator authorization for security-related decisions. Assign the other person the system administrator authorization for system management tasks. Establish a regular backup routine. Assign authorizations only to users who need them and who can be trusted to use them properly. Assign privileges to programs only they need the privileges to do their work, and only when the programs have been scrutinized and proven to be trustworthy in their use of privilege. Review the privileges on existing Trusted Extensions programs as a guide to setting privileges on new programs. Review and analyze audit information regularly. Investigate any irregular events to determine the cause of the event. Minimize the number of administration IDs. Minimize the number of setuid and setgid programs. Use authorizations, privileges, and roles to execute the program and to prevent misuse. Ensure that an administrator regularly verifies that regular users have a valid login shell. Ensure that an administrator must regularly verifies that regular users have valid user ID values and not system administration ID values.
|
