| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Enforcing a Two Man Rule Using Solaris 10 RBAC Whether you are talking about physical or logical access controls, the "two man rule" has been applied to help secure IT assets for quite some time. Whether you want to protect access to key data sets or restrict who may perform sensitive or high impact operations on a system, using the "two man rule" may be an option. That said, in many circumstances, more traditional IT security controls are likely appropriate. Using the "two man rule" is most often reserved for restricting the most sensitive IT security operations performed within an organization. Whether and where you could apply the "two man rule" to your organization will depend on your policy, architecture, processes and requirements.
Glenn Brunette,
05/11/2005
|
|
Integrating Solaris 10 BART and the Solaris Fingerprint Database I would like to talk about how you can quickly and easily validate BART manifests for file integrity against the Solaris Fingerprint Database (or the "sfpDB"). Before jumping into the details, I would first like to talk about BART and the sfpDB including what they are, how they differ and how they can be used to complement one another. These are important considerations that must be understand in order to be able to use these technologies effectively.
Glenn M. Brunette, Jr.,
11/08/2004
|
|
Automating Solaris 10 File Integrity Checks Today's tip talks about how you can automate the collection of file integrity information using Solaris Secure Shell, Role-based Access Control, Process Privileges and the new Solaris 10 Basic Auditing and Reporting Tool. This sounds like quite a bit of work, but I can assure that it is simple. Allow me to demonstrate...
Glenn M. Brunette, Jr.,
10/22/2004
|
|
Solaris 10 Password History Today's topic is short and sweet: password history - For those who are not aware, the concept of password history is to prevent users from repeatedly selecting the same (set) of passwords over and over again (within some fixed time window). The actual time window will depend on the configuration of the system.
By Glenn M. Brunette, Jr., 10/20/2004
|
|
Foundation for Minimal Solaris 10 Systems The topic for this article is the Solaris 10 Reduced Networking Software Group (also commonly known as the Solaris 10 Reduced Networking Meta Cluster). This software group is new and joins the five existing software groups available in Solaris today: Core, End User, Developer, Entire and Entire + OEM software groups. The Reduced Networking Software Group is positioned as a subset of Core and represents the smallest amount of Solaris that can or should be installed and have a working and supported system.
Glenn M. Brunette, Jr.,
10/19/2004
|
|
How to Limit Display of Other User's Processes in Solaris 10 This entry is a continuation of my list of lesser known and/or publicized security enhancements to the Solaris 10 OS. In this update, I will be talking about how to restrict the output of the ps(1) command such that users can only see processes that they own. This is a very useful capability especially for ISPs and other organizations that do not want to allow users to see what other users are doing.
Glenn M. Brunette, Jr.,
10/13/2004
|
|
Solaris 10 Account Lockout ( Account lockout can be enabled in one of two ways. The first way will enable account lockout globally for all users. The second method will all more granular control of which users will or will not be subject to account lockout policy. Note that the account lockout capability will only apply to accounts local to the system. We will look at both in a little more detail below.
Glenn M. Brunette, Jr.,
10/11/2004
|
|
Managing Non-Login and Locked Solaris 10 Accounts Today's entry will focus on enhancements to the passwd(1) command to better support the distinction between locked and non-login accounts. Specifically, we will be looking at the new -u and -N options to the passwd(1) command as well as how they relate to the much older -l option. These new capabilities will help administrators obtain better control over how their accounts are accessed and how they can in fact manage those accounts. In the past, some of the interfaces discussed below could only be achieved through manual editing of password files. The addition of these new command line options provides a much safer option for administrators to use.
Glenn M. Brunette, Jr.,
10/08/2004
|
|
Automation of the OS Installation and Security Hardening Process Many systems and security administrators have often longed for a practical method to generate new or upgraded operating system installations based on best security practices in conjunction with system preparation guidelines set by one’s company.
By Kyle Martin, 07/08/2004
|
|
Solaris C2 Auditing with BSM This article is intended to introduce the C2 auditing capabilities of Solaris BSM. It will also discuss the process of setting up BSM for common auditing policies and the process of doing the analysis of the resulted audit trail.
By Mohd Fared Abdul Khir, 07/08/2004
|
|
Page: 1 23 |
