Document Information
Preface
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding Solaris Trusted Extensions Software to the Solaris OS (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
6. Configuring a Headless System With Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
7. Trusted Extensions Administration Concepts
Basic Concepts of Trusted Extensions
8. Trusted Extensions Administration Tools
9. Getting Started as a Trusted Extensions Administrator (Tasks)
10. Security Requirements on a Trusted Extensions System (Overview)
11. Administering Security Requirements in Trusted Extensions (Tasks)
12. Users, Rights, and Roles in Trusted Extensions (Overview)
13. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
14. Remote Administration in Trusted Extensions (Tasks)
15. Trusted Extensions and LDAP (Overview)
16. Managing Zones in Trusted Extensions (Tasks)
17. Managing and Mounting Files in Trusted Extensions (Tasks)
18. Trusted Networking (Overview)
19. Managing Networks in Trusted Extensions (Tasks)
20. Multilevel Mail in Trusted Extensions (Overview)
21. Managing Labeled Printing (Tasks)
22. Devices in Trusted Extensions (Overview)
23. Managing Devices for Trusted Extensions (Tasks)
24. Trusted Extensions Auditing (Overview)
25. Software Management in Trusted Extensions (Tasks)
A. Site Security Policy
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Common Security Violations
Additional Security References
B. Using CDE Actions to Install Zones in Trusted Extensions
Associating Network Interfaces With Zones by Using CDE Actions (Task Map)
Preparing to Create Zones by Using CDE Actions (Task Map)
Creating Labeled Zones by Using CDE Actions (Task Map)
C. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
D. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
E. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Solaris Man Pages That Are Modified by Trusted Extensions
Glossary
Index
|
Trusted Extensions Software and the Solaris OS
Trusted Extensions software adds labels to a system that is running the Solaris
Operating System (Solaris OS). Labels implement mandatory access control (MAC). MAC, along with discretionary access control
(DAC), protects system subjects (processes) and objects (data). Trusted Extensions software provides interfaces
to handle label configuration, label assignment, and label policy.
Similarities Between Trusted Extensions and the Solaris OS
Trusted Extensions software uses rights profiles, roles, auditing, privileges, and other security features
of the Solaris OS. You can use Solaris Secure Shell (SSH), BART, the
Solaris cryptographic framework, IPsec, and IPfilter with Trusted Extensions.
As in the Solaris OS, users can be limited to using applications that are necessary for performing their jobs. Other users can be authorized to do more.
As in the Solaris OS, capabilities that were formerly assigned to superuser are assigned to separate, discrete “roles.”
As in the Solaris OS, privileges protect processes. Zones are also used to separate processes.
As in the Solaris OS, events on the system can be audited.
Trusted Extensions uses the system configuration files of the Solaris OS, such as policy.conf and exec_attr.
Differences Between Trusted Extensions and the Solaris OS
Trusted Extensions software extends the Solaris OS. The following list provides an overview.
For a quick reference, see Appendix D, Quick Reference to Trusted Extensions Administration.
Trusted Extensions controls access to data with special security tags that are called labels. Labels provide mandatory access control (MAC). MAC protection is in addition to UNIX® file permissions, or discretionary access control (DAC). Labels are directly assigned to users, zones, devices, windows, and network endpoints. Labels are implicitly assigned to processes, files, and other system objects. MAC cannot be overridden by regular users. Trusted Extensions requires regular users to operate in labeled zones. By default, no users or processes in labeled zones can override MAC. As in the Solaris OS, the ability to override security policy can be assigned to specific processes or users when MAC can be overridden. For example, users can be authorized to change the label of a file. Such an action upgrades or downgrades the sensitivity of the information in that file.
Trusted Extensions adds to existing configuration files and commands. For example, Trusted Extensions adds audit events, authorizations, privileges, and rights profiles.
Some features that are optional on a Solaris system are required on a Trusted Extensions system. For example, zones and roles are required on a system that is configured with Trusted Extensions.
Some features that are optional on a Solaris system are recommended on a Trusted Extensions system. For example, in Trusted Extensions the root user should be turned into the root role.
Trusted Extensions can change the default behavior of the Solaris OS. For example, on a system that is configured with Trusted Extensions, auditing is enabled by default. In addition, device allocation is required.
Trusted Extensions can narrow the options that are available in the Solaris OS. For example, on a system that is configured with Trusted Extensions, the NIS+ naming service is not supported. Also, in Trusted Extensions, all zones are labeled zones. Unlike the Solaris OS, labeled zones must use the same pool of user IDs and group IDs. Additionally, in Trusted Extensions, labeled zones can share one IP address.
Trusted Extensions provides trusted versions of two desktops. To work in a labeled environment, desktop users of Trusted Extensions must use one of these desktops:
Solaris Trusted Extensions (CDE) – Is the trusted version of Common Desktop Environment (CDE). The name can be shortened to Trusted CDE.
Solaris Trusted Extensions (GNOME) – Is the trusted version of the GNOME desktop. The name can be shortened to Trusted GNOME.
Trusted Extensions provides additional graphical user interfaces (GUIs) and command line interfaces (CLIs). For example, Trusted Extensions provides the Device Allocation Manager to administer devices. In addition, the updatehome command is used to place startup files in an regular user's home directory at every label.
Trusted Extensions requires the use of particular GUIs for administration. For example, on a system that is configured with Trusted Extensions, the Solaris Management Console is used to administer users, roles, and the network. Similarly, in Trusted CDE, the Admin Editor is used to edit system files.
Trusted Extensions limits what users can see. For example, a device that cannot be allocated by a user cannot be seen by that user.
Trusted Extensions limits users' desktop options. For example, users are allowed a limited time of workstation inactivity before the screen locks.
Multiheaded Systems and the Trusted Extensions Desktop
When the monitors of a multiheaded Trusted Extensions system are configured horizontally, the
trusted stripe stretches across the monitors. When the monitors are configured vertically, the
trusted stripe appears in the lowest monitor. When different workspaces are displayed on the monitors of a multiheaded system, Trusted
CDE and Trusted GNOME render the trusted stripe differently.
On a Trusted GNOME desktop, each monitor displays a trusted stripe.
On a Trusted CDE desktop, one trusted stripe appears on the primary monitor.
Caution - If a second trusted stripe appears on a Trusted CDE multiheaded system, the stripe is not generated by the operating system. You might have an unauthorized program on your system. Contact your security administrator immediately. To determine the correct trusted stripe, see How to Regain Control of the Desktop's Current Focus.
|