Short Items of Interest on Security
Paper Examines Issues With Commonly Used Practices, Offers Solution
A review of best practices on securing companies’ and government agencies’ operating systems is presented in the six-page PDF “Securing the Foundation of IT Systems.” The paper covers commonly used and oftentimes problematic practices adopted by system administrators, and offers some insights on ways to improve security, including a look at Trusted Computer Solutions’ (TCS) Security Blanket - a tool that automatically locks down operating systems.
Paper Recommends It as a Building Block for System Security
“Using the (Open) Solaris Service Management Facility as a Building Block for System Security,” a paper by Christoph Schuba, examines how the Solaris Service Management Facility (SMF) can be used as a fundamental building block to improve system security. The Service Management Facility is a backwards-compatible extension to the traditional way UNIX services are managed with the rc (run command) utility command scripts.
It Doesn’t Have to Be Complicated
The Sun BluePrints paper “Taking Advantage of Wire-Speed Cryptography” provides an overview of how to off-load application security functions that include cryptographic operations in conjunction with Oracle WebLogic Server and Java Platform, Enterprise Edition (Java EE platform) application environments in order to accelerate performance while minimizing compromises.
Horizontal Implementation vs. Vertical Implementation
At its outset the blog “IDM Project Methodology” outlines the main goals of an Identity Management (IDM) methodology, including such aspects as basing project decisions on empirical experience rather than abstract formulations and containing all the complexities, and costs of corporate ID management projects as early as possible during the course of a project. Author Kostas Stamatakis writes that IDM methodology should, first and foremost, provide solutions to repeatable problems appearing during Identity Access Management project lifecycles.
Implementing Security Standards, Principles Delivers Confidence 
A 25-page Sun white paper introduces the concept of transparent security and makes the case that the intelligent disclosure of security design, practices, and procedures can help improve customer confidence while protecting critical security features and data, thereby improving overall governance. Written for prospective cloud computing customers, the paper presents a model leveraging the ISO 27000 series standards as a commonly understood framework for disclosure.
Mandatory Access Control and the Solaris OS
President and COO of Sun Microsystems Federal Bill Vass writes about developments at Sun in the area of enforcing Mandatory Access Control (MAC) with virtualization to confine Internet services with simple security configurations using the Solaris OS. Featured in the blog are the remarks of senior Sun researchers John Weeks and John Totah that explain how, in addition to enforcing MAC provisions, they also layered the MAC protection with what users ordinarily expect from employing all of the other Solaris security features combined with virtualization, eg. zones, and Internet community sponsored configuration guidelines such as the Center for Internet Security (CIS) benchmarks.
Guide to Deploying and Managing Secure Computer Environments 
“Solaris 10 Security Essentials” describes the various security technologies contained in the Solaris and OpenSolaris operating systems. The book describes how to make installations secure and how to configure the OS to the particular needs of your environment. The authors present the material in a straightforward way that makes it accessible to system administrators at all levels.
Several New Features and Enhancements Included
With the announced release of Sun OpenDS Standard Edition 2.2 also comes the OpenDS 2.2.0. The open source directory server is LDAPv3 compliant and written entirely in Java. The new release brings several new features and enhancements including scalable import and indexing, external changelog, fractional replication, and more.
Help Manage Risk, Safeguard Assets in the Cloud
Leveraging the built-in security capabilities of the Solaris Operating System, including Solaris ZFS and Solaris Containers, Sun reports some of its open source security tools can help in securing data in transit, data at rest, and data in use in the cloud. Sun also has announced its support for the latest security guidance from the Cloud Security Alliance.
You are currently browsing the archives for the Security category.