Secure Labeling Functionality Is Ideal for Customers in the Financial,
Government and Healthcare Sectors and Available for the First Time on SPARC,
AMD Opteron Processor-based and Other x86 Systems
SAN JOSE, Calif., RSA Conference, Booth 515, Feb. 14
/PRNewswire-FirstCall/ -- Sun Microsystems, Inc. (Nasdaq: SUNW) announced
Solaris(TM) Trusted Extensions for the Solaris(TM) 10 Operating System (OS).
Solaris has a well known track record of exceeding government mandated
security certifications, and Solaris 10, the latest commercially available
release of Solaris, is the most secure operating system on the planet. Solaris
Trusted Extensions will allow existing Solaris 10 customers who have specific
regulatory or information protection requirements to take advantage of
labeling features previously only available in highly specialized operating
systems or appliances.
Solaris Trusted Extensions is an optional layer of secure labeling
technology that allows data security policies to be separated from data
ownership in environments where the ability of the OS to support multi-level
data access policies is a requirement. Delivering Solaris Trusted Extensions
as an optional layer means that existing Solaris 10 customers can meet strict
government regulatory compliance goals without the need to modify their
existing applications or underlying hardware platforms.
"Solaris has been the platform of choice for protecting some of the most
sensitive organizations in the world," said Tom Goguen, vice president of
System Software at Sun Microsystems. "For the first time ever, this highest
level of security is available on the broadest range of industry standard
hardware."
Solaris Trusted Extensions will be Common Criteria certified against
Labeled Security Protection Profile (LSPP) at EAL 4+, an absolute requirement
for some financial, healthcare and government customers who want to protect
multiple classifications of data on the same system. This adds to the
certification of Solaris 10, also currently in evaluation, against Controlled
Access Protection Profile (CAPP) and Role Based Access Control Protection
Profile (RBACPP) at EAL 4+. Sun's comprehensive Common Criteria certification,
the submission for Solaris Trusted Extensions, and previously for the Solaris
10 OS, includes all the enterprise grade components necessary to help
businesses and governments to run highly secure OS configurations.
Solaris Trusted Extensions for the Solaris 10 OS is the only multi-level
OS to support full enterprise-class solutions which gives customers a choice
of multi-level desktops through the GNOME-based Java(TM) Desktop System or
CDE, multi-level printing, networking and file systems with full binary
compatibility for existing applications.
By April 2006, Solaris Trusted Extensions will become available in beta
and simultaneously enter evaluation for Common Criteria certification at EAL
4+, the highest globally recognized level of certification for any commercial
OS component. Today, Solaris Trusted Extensions is available to customers
through an early access program.
Solaris Trusted Extensions Labeling Capabilities
The labeled security capabilities in Solaris Trusted Extensions allow a
strong Mandatory Access Control (MAC) security policy to be implemented in
Solaris 10. This policy ensures that all objects in the OS have a
well-defined, easily audited relationship to each other and access to
communication between objects is strictly controlled. For example, every
organization has at least two levels of information. The first is available to
everyone, while the second is available only to authorized users. Solaris
Trusted Extensions allows information to be processed at multiple sensitivity
levels.
MAC hierarchical and compartmentalized labels correspond to the
sensitivity of information that must be kept separate, even when it is stored
on a single system. Since information labeling happens automatically, MAC is
mandatory. Ordinary users cannot change labels unless the system administrator
gives them special authorization. In fact, users with labels in separate
compartments are not allowed to share information.
Additional security features provided by Solaris Trusted Extensions for
the Solaris 10 OS include:
-- Labeled File System - The ability to actually store files on different
parts of the disk based upon their security classification, such as Top
Secret, Secret and Unclassified. Owners of files cannot arbitrarily
share information outside of its security classification.
-- Labeled Networking - The ability to exchange data with other multi-
level (labeled) systems as well as the ability to offer services, such
as Web, printing and NFS that respond uniquely to a client based upon
that client's classification level.
-- Labeled Printing - The ability to assign a range of security
classifications to a printer and thus limit what files can be sent to
that printer based upon a files' security label. For example,
prohibited printing of any Top Secret data or restricted Secret
Printing on a public printer.
-- Labeled Desktop - The ability for the Graphical User Interface (GUI) to
enforce and display classifications of data. The GNOME-based Trusted
Sun Java Desktop System and CDE will both support this functionality
and will allow, for example, someone with the appropriate privileges to
see Top Secret data and Secret data, but not accidentally drag-and-drop
data from one classification to another.
Support for CIS Benchmark
Sun has also extended support services for Solaris 10 OS deployments that
adhere to the Center for Internet Security (CIS) Benchmark. Named "best
benchmarking effort" by Information Security Magazine, CIS Benchmarks are
developed through a global consensus process involving hundreds of security
professionals to determine best-practice security configurations. The CIS
Level-I Benchmark for the Solaris 10 OS is a compilation of security
configuration actions and settings introduced in March 2005. As a result of a
close partnership between Sun and the members of CIS, Solaris 10 Service Plan
customers who now implement the CIS security recommendations will have Sun
support for their resulting configurations. Complementing Sun's freely
available Solaris(TM) Security Toolkit, CIS will also introduce a Scoring Tool
for the Solaris 10 OS later this month, giving users a quick and easy way to
evaluate systems and compare their security configuration against the CIS
Benchmark criteria.
Solaris 10 OS Security
Solaris 10 is the most advanced and secure operating system on the planet
with security features that include:
-- Standards-based Cryptographic Framework - Makes life simpler for
developers by integrating high speed, high strength cryptographic
libraries directly into the OS. Use of open and industry standard APIs
allows almost all applications to utilize the framework without any
modification.
-- Integrated Firewall - A fully supported firewall to protect systems
from unwanted intrusion is built right into the Solaris IP Stack and is
based on the popular IP Filter open source firewall.
-- Verification of Secure Execution - An upcoming feature of Solaris 10
that allows the OS itself to validate any application, script, etc.
before it runs. Hacked, trojaned or modified applications simply won't
run on Solaris 10. The system protects itself at all times, not just
when the virus scanner was last updated.
-- Basic Audit and Reporting Tools (BART) - The Solaris 10 OS introduced a
file integrity checking application for data files and customer
applications known as BART. In addition, Sun continues to publicly
provide digital hashes for all files shipped in the Solaris OS as part
of the Solaris Fingerprint Database project. These signatures allow
customers to check the integrity of Solaris files to ensure that no
hacker has modified critical system files. Together, these tools give
users powerful, flexible ways to monitor and protect against changes to
the OS platform.
-- Services Secured With Least Privileges - Solaris 10 utilizes Process
Rights Management on almost all of its services, such as printing and
file sharing, so that critical system services or applications do not
have full super-user rights to the system. No system administration or
training is required; it's the out-of-the-box configuration for all
Solaris 10 systems.
-- Flexible Enterprise Authentication - The Solaris 10 OS delivers
flexible and commonly requested authentication features. Kerberos-based
protocols allow for enterprise single sign-on and have been enhanced
for better scalability, a truly standards-based way of providing
enterprise single sign on across multiple platforms. Solaris includes
all components (server, client, applications) to achieve Kerberos-based
single sign on out-of-the-box. In addition, Pluggable Authentication
Modules (PAMs) allow you to add your own authentication services and
support smart card-based authentication.
-- Secure Data Center Consolidation - Solaris Containers provide a way to
consolidate multiple users and applications onto a single system, while
actually reducing the security risk by isolating data and processes
from each other.
-- Centrally Managed User Rights Management (URM) - Solaris URM allows for
delegated administration and creation of roles that are stored in a
central naming service (NIS, NIS+ or LDAP), so that errors are reduced,
administration is simplified and auditability is enhanced. Competing
offerings typically use a per-system 'sudo' profile that is very error
prone at the enterprise scale.
-- Minimized Install Option - The Reduced Networking Metacluster install
option creates a minimized Solaris OS image to which security
administrators can then add functionality. Additionally, the Service
Manager technology is designed for administrators to create dynamic
profiles for all Solaris users of just those network services needed.
-- Fine grained Process Rights Management - Solaris 10 does away with the
concept that operating systems must have one all-powerful super-user
with the ability to do much harm to the system. Process Rights
Management is an expandable privileges based system that allows
applications to be granted just the privileges they need to operate,
but no more than is necessary. This reduces risk and exposure of the
application and system.
The addition of Solaris Trusted Extensions for the Solaris 10 OS
strengthens the Solaris(TM) Enterprise System. The Solaris Enterprise System
is the only comprehensive and open infrastructure software platform available
today. It consists of the Solaris OS, Sun Java(TM) Enterprise System, Sun
developer tools and Sun N1(TM) management software. The Solaris Enterprise
System provides a single, complete and integrated platform that includes the
operating system, infrastructure software, system management and developer
tools, available at no cost for unlimited use to developers and users.
The Center for Internet Security
The Center for Internet Security is a non-profit enterprise whose mission
is to help organizations reduce the risk of business and e-commerce
disruptions resulting from inadequate technical security controls. CIS members
develop and encourage the widespread use of security configuration benchmarks
through a global consensus process involving participants from the public and
private sectors. For additional information: http://www.cisecurity.org
About Sun Microsystems, Inc.
A singular vision -- "The Network Is The Computer"(TM) -- guides Sun in
the development of technologies that power the world's most important markets.
Sun's philosophy of sharing innovation and building communities is at the
forefront of the next wave of computing: the Participation Age. Sun can be
found in more than 100 countries and on the Web at sun.com.
FOR MORE INFORMATION
Amber Rensen
Sun Microsystems, Inc.
650-786-3566
amber.rensen@sun.com
Contact: allpress@sun.com
(650) 786-7737
NOTE: All rights reserved. Sun, Sun Microsystems, the Sun logo, Solaris,
Trusted Solaris, Java, and The Network Is The Computer are trademarks or
registered trademarks of Sun Microsystems, Inc. in the United States and other
countries. All SPARC trademarks are used under license and are trademarks or
registered trademarks of SPARC International, Inc. in the United States and
other countries. Products bearing SPARC trademarks are based upon an
architecture developed by Sun Microsystems, Inc. AMD, Opteron, the AMD logo,
the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro
Devices.
SOURCE Sun Microsystems, Inc.
 back to top
Related links:
http://sun.com
CONTACT:
Amber Rensen of Sun Microsystems, Inc.,
+1-650-786-3566, or amber.rensen@sun.com
|
