Java Solaris Communities About Sun How to Buy United States Worldwide

Feature Story

 
»   See all Feature Stories
 

A secure future.

Sun's all-encompassing approach creates a solid foundation for preventing--not just fixing--security problems.

20.Apr.04--Sun has always taken an entirely different approach to security than other vendors. We know that security must be built into every product, not bolted on as an afterthought. No business can wall itself off from hackers completely, and no operating system can protect against every possible threat. But by focusing on security as an integral part of all our hardware, software, and networking products, Sun provides a solid foundation for preventing, not just fixing, security problems.

This approach helps explain why the Sun environment has been generally considered more secure than other operating platforms. The Solaris 9 Operating System (Solaris OS) offers outstanding security features. Plus, Sun's Trusted Solaris OS (based on the Solaris 8 OS 07/03 release) extends the rock-solid security of the Solaris OS into a military-grade platform.

In addition, the Sun Java Desktop System leverages both the Java platform security model and the secure infrastructure of Linux and UNIX software for extensive and powerful security. And looking ahead, the next-generation Solaris 10 OS integrates even more new features and capabilities for ever-higher levels of security.

It all adds up to something you might not have expected from your computing environment: Peace of mind.

Find Out More
Take an in-depth look at how Sun security stacks up against its competition with these "Reality Check: Security for Your Information Assets" articles: "Part I - Operating System Does Matter," "Part II - The Solaris Operating System Is Simply Safer," and "Part III - The Trusted Solaris Advantage."

Security at Every Level

Administrators and developers know that the Solaris 9 OS provides security features and capabilities that Microsoft Windows (Windows) doesn't. (For details about the Solaris OS's security advantages over Windows, take a look at this Reality Check article.)

What you might not know is that the Solaris 9 OS also provides security advantages over other UNIX-based systems:

  • The Solaris 9 OS ships with an enterprise-class firewall that offers advanced features, such as stealth and routing modes, support for IPSec/IKE, a centralized management facility, failover functionality, network address translation, and proxy services for Telnet, FTP, HTTP, and SMTP--all to protect your systems from hackers and unauthorized network connections.

  • The Solaris Secure Shell software and IPSec/IKE technologies provide authentication of hosts that are communicating to each other and encryption of data exchanged among the hosts, so communications are secure. And because the Solaris 9 OS uses the Kerberos v5 authentication standard, it provides a distributed, enterprise-wide authentication mechanism for single sign-on, reducing the number of times each user must go through a log-in sequence (and the number of passwords each user must remember).

  • To simplify identity management on heterogeneous platforms, the Solaris 9 OS uses standards-based LDAPv3 directory servers for authentication, based on the Internet standard specification RFC 2307. The Solaris 9 OS also includes a license for the Sun Java System Directory Server to store user identities.

  • The Solaris 9 OS offers fine-grained user control through role-based access control (RBAC), which lets administrators assign rights to individual users who need to perform specific administrative actions, such as to manage log-ins, printer access, or system shutdowns. Unlike other UNIX operating systems that provide a "pseudo" version of this capability, the Solaris OS RBAC roles are centrally managed, so they can be used from any Solaris OS system in the network.

  • The Solaris 9 OS can reduce platform vulnerabilities through system-wide Stack Buffer Overflow Protection. This can prevent malicious code from being executed, derailing a common tactic used by attackers.

  • The Solaris 9 OS is being evaluated for certification under the Controlled Access Protection Profile (CAPP) and Role-Based Access Control Protection Profile (RBAC PP) at Evaluation Assurance Level 4 (EAL 4) using the Common Criteria scheme, providing a high level of security assurance. Common Criteria certification is recognized worldwide by governments and other organizations as one of the highest levels of independent third-party validation of operating system security.

  • Sun maintains a database of more than 2 million signed patches--essentially a fingerprint database--dating back to the Solaris 2 Operating System, and we provide tools that leverage that database to verify the integrity of signed patches as well as make it easier to remove and restore patches.

Taking Security to a Higher Level

The Trusted Solaris OS is a security-enhanced, optional extension of the Solaris OS that further increases security for organizations that need even more privacy, accountability, access control, and protection from hackers. No other UNIX operating system vendor approaches this level of security. The Trusted Solaris OS has many key features above and beyond the capabilities of the Solaris 9 OS; here are some:

  • The use of fine-grained role-based access controls (RBACs) provides more granular user control, and the Least Privilege principle helps ensure that no one application has complete access or control over the system. These features are designed to make all administrative actions traceable to an authenticated individual instead of just the root account, providing greater accountability.

  • The combination of labeling of all objects, clearance levels for each user, and strong audit capabilities make all users accountable and all actions traceable, greatly diminishing the risk of security violations. The Trusted Solaris OS also enables data separation, adding yet another layer of protection from hackers.

  • The Trusted Solaris OS offers a mandatory access control feature that allows information to be processed at multiple sensitivity levels, so users can share files with other users of the same security level.

  • The Trusted Solaris OS has passed Common Criteria certification at EAL 4 with a combination of Labeled Security Protection Profile (LSPP), RBAC PP, and CAPP certification. This is a higher level than any other general-purpose operating system.

The Platform for Secure Desktop Computing

Designed to be a secure and reliable desktop solution on Linux and the Solaris OS platforms, the Sun Java Desktop System leverages Java technology's "sandbox" security model and the secure infrastructure of the Linux operating system.

The Sun Java Desktop System offers a safer platform than Windows for several reasons. First, the vast majority of the world's viruses are built to exploit Windows. Although part of the reason for this might be due to the common use of Windows, it is also true that operating systems such as the Solaris OS and Linux, unlike Windows, are designed with security as a critical function. Even if a virus does attack a Solaris OS or Linux system, the damage is likely to be minimized because of the way the file structure and kernel have been built.

Second, the Java platform sandbox model is battle-proven to be secure. Which trusted, proven architecture is running on more than 500 million smart cards? Not Microsoft's .NET, but Java software.

Building on the Foundation

As attacks on network infrastructure become increasingly sophisticated, the Solaris OS will become increasingly adept at nullifying security threats. With the Solaris 10 OS, Sun continues to raise the bar by offering key technologies that protect against buffer overflow attacks launched from the network or security violations by trusted insiders. Some of the new security enhancements include the following:

  • The groundbreaking N1 Grid Containers technology enables you to create thousands of secure, fault-isolated partitions (or containers) within a single Solaris OS instance. Each container is shielded from the outside world, and no other users on the same system can see or access the contents.

  • A new security feature called Process Rights Management limits the risk of hackers accessing and making changes to applications. Even if a hacker gains access to an application server, the hacker will be unable to increase operating privileges, thus limiting the opportunity to inject malicious code or otherwise damage data.

  • The Solaris 10 OS introduces an encryption infrastructure based on industry standards such as PKCS #11, enabling application developers to write to a common API without worrying about the underlying cryptographic implementation.

It takes only one security breach to convince most people that security is a critical issue. Just ask anyone who was victimized by the "SoBig" virus, the "Blaster" worm, or any of the hundreds of other exploits foisted upon the computing world by cybervandals in a single year. Yet it takes many years of skilled engineering to root out and eradicate vulnerabilities and build a secure computing environment. Just ask Sun.

Find out more»

Reader Survey
I found this article...
Not Informative   Informative   Very Informative
Comments:

Back to top

Contact About Sun News & Events Employment Site Map Privacy Terms of Use Trademarks Copyright 1994-2008 Sun Microsystems, Inc.