Miscellaneous Software

Sun Announces Plan for Trusted Extensions for Solaris 10, the Most Secure Operating System on the Planet

Sun Microsystems, Inc. Mar 29, 2006


Secure Labeling Functionality Is Ideal for Customers in the Financial, Government and Healthcare Sectors and Available for the First Time on SPARC, AMD Opteron Processor-based and Other x86 Systems

SAN JOSE, Calif., RSA Conference, Booth 515, Feb. 14 - Sun Microsystems, Inc. (NASDAQ:SUNW) announced Solaris(TM) Trusted Extensions for the Solaris(TM) 10 Operating System (OS). Solaris has a well known track record of exceeding government mandated security certifications, and Solaris 10, the latest commercially available release of Solaris, is the most secure operating system on the planet. Solaris Trusted Extensions will allow existing Solaris 10 customers who have specific regulatory or information protection requirements to take advantage of labeling features previously only available in highly specialized operating systems or appliances.

Solaris Trusted Extensions is an optional layer of secure labeling technology that allows data security policies to be separated from data ownership in environments where the ability of the OS to support multi-level data access policies is a requirement. Delivering Solaris Trusted Extensions as an optional layer means that existing Solaris 10 customers can meet strict government regulatory compliance goals without the need to modify their existing applications or underlying hardware platforms.

"Solaris has been the platform of choice for protecting some of the most sensitive organizations in the world," said Tom Goguen, vice president of System Software at Sun Microsystems. "For the first time ever, this highest level of security is available on the broadest range of industry standard hardware."

Solaris Trusted Extensions will be Common Criteria certified against Labeled Security Protection Profile (LSPP) at EAL 4+, an absolute requirement for some financial, healthcare and government customers who want to protect multiple classifications of data on the same system. This adds to the certification of Solaris 10, also currently in evaluation, against Controlled Access Protection Profile (CAPP) and Role Based Access Control Protection Profile (RBACPP) at EAL 4+. Sun's comprehensive Common Criteria certification, the submission for Solaris Trusted Extensions, and previously for the Solaris 10 OS, includes all the enterprise grade components necessary to help businesses and governments to run highly secure OS configurations.

Solaris Trusted Extensions for the Solaris 10 OS is the only multi-level OS to support full enterprise-class solutions which gives customers a choice of multi-level desktops through the GNOME-based Java(TM) Desktop System or CDE, multi-level printing, networking and file systems with full binary compatibility for existing applications.

By April 2006, Solaris Trusted Extensions will become available in beta and simultaneously enter evaluation for Common Criteria certification at EAL 4+, the highest globally recognized level of certification for any commercial OS component. Today, Solaris Trusted Extensions is available to customers through an early access program.

Solaris Trusted Extensions Labeling Capabilities

The labeled security capabilities in Solaris Trusted Extensions allow a strong Mandatory Access Control (MAC) security policy to be implemented in Solaris 10. This policy ensures that all objects in the OS have a well-defined, easily audited relationship to each other and access to communication between objects is strictly controlled. For example, every organization has at least two levels of information. The first is available to everyone, while the second is available only to authorized users. Solaris Trusted Extensions allows information to be processed at multiple sensitivity levels.

MAC hierarchical and compartmentalized labels correspond to the sensitivity of information that must be kept separate, even when it is stored on a single system. Since information labeling happens automatically, MAC is mandatory. Ordinary users cannot change labels unless the system administrator gives them special authorization. In fact, users with labels in separate compartments are not allowed to share information.

Additional security features provided by Solaris Trusted Extensions for the Solaris 10 OS include:

o Labeled File System - The ability to actually store files on different
parts of the disk based upon their security classification, such as Top
Secret, Secret and Unclassified. Owners of files cannot arbitrarily
share information outside of its security classification.
o Labeled Networking - The ability to exchange data with other multi-
level (labeled) systems as well as the ability to offer services, such
as Web, printing and NFS that respond uniquely to a client based upon
that client's classification level.
o Labeled Printing - The ability to assign a range of security
classifications to a printer and thus limit what files can be sent to
that printer based upon a files' security label. For example,
prohibited printing of any Top Secret data or restricted Secret
Printing on a public printer.
o Labeled Desktop - The ability for the Graphical User Interface (GUI) to
enforce and display classifications of data. The GNOME-based Trusted
Sun Java Desktop System and CDE will both support this functionality
and will allow, for example, someone with the appropriate privileges to
see Top Secret data and Secret data, but not accidentally drag-and-drop
data from one classification to another.

Support for CIS Benchmark

Sun has also extended support services for Solaris 10 OS deployments that adhere to the Center for Internet Security (CIS) Benchmark. Named "best benchmarking effort" by Information Security Magazine, CIS Benchmarks are developed through a global consensus process involving hundreds of security professionals to determine best-practice security configurations. The CIS Level-I Benchmark for the Solaris 10 OS is a compilation of security configuration actions and settings introduced in March 2005. As a result of a close partnership between Sun and the members of CIS, Solaris 10 Service Plan customers who now implement the CIS security recommendations will have Sun support for their resulting configurations. Complementing Sun's freely available Solaris(TM) Security Toolkit, CIS will also introduce a Scoring Tool for the Solaris 10 OS later this month, giving users a quick and easy way to evaluate systems and compare their security configuration against the CIS Benchmark criteria.

Solaris 10 OS Security

Solaris 10 is the most advanced and secure operating system on the planet with security features that include:

o Standards-based Cryptographic Framework - Makes life simpler for
developers by integrating high speed, high strength cryptographic
libraries directly into the OS. Use of open and industry standard APIs
allows almost all applications to utilize the framework without any
modification.
o Integrated Firewall - A fully supported firewall to protect systems
from unwanted intrusion is built right into the Solaris IP Stack and is
based on the popular IP Filter open source firewall.
o Verification of Secure Execution - An upcoming feature of Solaris 10
that allows the OS itself to validate any application, script, etc.
before it runs. Hacked, trojaned or modified applications simply won't
run on Solaris 10. The system protects itself at all times, not just
when the virus scanner was last updated.
o Basic Audit and Reporting Tools (BART) - The Solaris 10 OS introduced a
file integrity checking application for data files and customer
applications known as BART. In addition, Sun continues to publicly
provide digital hashes for all files shipped in the Solaris OS as part
of the Solaris Fingerprint Database project. These signatures allow
customers to check the integrity of Solaris files to ensure that no
hacker has modified critical system files. Together, these tools give
users powerful, flexible ways to monitor and protect against changes to
the OS platform.
o Services Secured With Least Privileges - Solaris 10 utilizes Process
Rights Management on almost all of its services, such as printing and
file sharing, so that critical system services or applications do not
have full super-user rights to the system. No system administration or
training is required; it's the out-of-the-box configuration for all
Solaris 10 systems.
o Flexible Enterprise Authentication - The Solaris 10 OS delivers
flexible and commonly requested authentication features. Kerberos-based
protocols allow for enterprise single sign-on and have been enhanced
for better scalability, a truly standards-based way of providing
enterprise single sign on across multiple platforms. Solaris includes
all components (server, client, applications) to achieve Kerberos-based
single sign on out-of-the-box. In addition, Pluggable Authentication
Modules (PAMs) allow you to add your own authentication services and
support smart card-based authentication.
o Secure Data Center Consolidation - Solaris Containers provide a way to
consolidate multiple users and applications onto a single system, while
actually reducing the security risk by isolating data and processes
from each other.
o Centrally Managed User Rights Management (URM) - Solaris URM allows for
delegated administration and creation of roles that are stored in a
central naming service (NIS, NIS+ or LDAP), so that errors are reduced,
administration is simplified and auditability is enhanced. Competing
offerings typically use a per-system 'sudo' profile that is very error
prone at the enterprise scale.
o Minimized Install Option - The Reduced Networking Metacluster install
option creates a minimized Solaris OS image to which security
administrators can then add functionality. Additionally, the Service
Manager technology is designed for administrators to create dynamic
profiles for all Solaris users of just those network services needed.
o Fine grained Process Rights Management - Solaris 10 does away with the
concept that operating systems must have one all-powerful super-user
with the ability to do much harm to the system. Process Rights
Management is an expandable privileges based system that allows
applications to be granted just the privileges they need to operate,
but no more than is necessary. This reduces risk and exposure of the
application and system.

The addition of Solaris Trusted Extensions for the Solaris 10 OS strengthens the Solaris(TM) Enterprise System. The Solaris Enterprise System is the only comprehensive and open infrastructure software platform available today. It consists of the Solaris OS, Sun Java(TM) Enterprise System, Sun developer tools and Sun N1(TM) management software. The Solaris Enterprise System provides a single, complete and integrated platform that includes the operating system, infrastructure software, system management and developer tools, available at no cost for unlimited use to developers and users.

The Center for Internet Security

The Center for Internet Security is a non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. CIS members develop and encourage the widespread use of security configuration benchmarks through a global consensus process involving participants from the public and private sectors. For additional information: www.cisecurity.org

About Sun Microsystems, Inc.

A singular vision -- "The Network Is The Computer"(TM) -- guides Sun in the development of technologies that power the world's most important markets. Sun's philosophy of sharing innovation and building communities is at the forefront of the next wave of computing: the Participation Age. Sun can be found in more than 100 countries and on the Web at sun.com.

FOR MORE INFORMATION
Amber Rensen
Sun Microsystems, Inc.
650-786-3566
amber.rensen@sun.com

Contact: allpress@sun.com,
(650) 786-7737

NOTE: All rights reserved. Sun, Sun Microsystems, the Sun logo, Solaris, Trusted Solaris, Java, and The Network Is The Computer are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. AMD, Opteron, the AMD logo, the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices.

Source: Sun Microsystems, Inc.

Web site: http://sun.com/

White Papers & Case Studies

View All White Papers & Case Studies

View All Resources

All Topics

Manufacturing Innovation

Industry Trends

Engineering & Design

Sales & Marketing

Supply Chain

Career & Workforce

Company News

New Products

Thomas Index

Daily Bite

Find Suppliers, Insights, Tools and More...

Become part of North America's largest and most active network of B2B buyers and industrial/commercial suppliers.

Select From Over 500,000
Industrial Suppliers

Find and evaluate OEMs, Custom Manufacturers, Service Companies and Distributors.

Receive Daily
Industry Updates

Stay up to date on industry news and trends, product announcements and the latest innovations.

Search Over
6 Million Products

Find materials, components, equipment, MRO supplies and more.

Download 2D & 3D
CAD Models

10+ million models from leading OEMs, compatible with all major CAD software systems.
Start Sourcing Suppliers Claim Your Company Profile ico-arrow-default-right
Cookie Policy
Close
Thomas uses cookies to ensure that we give you the best experience on our website. By using this site, you agree to our Privacy Statement and our Terms of Use.
Accept