Designing Portal Security Strategies

Minimize the size of the operating environment installation. When installing a Sun server in an environment that is exposed to the Internet, or any untrusted network, reduce the Solaris installation to the minimum number of packages necessary to support the applications to be hosted. Achieving minimization in services, libraries, and applications helps increase security by reducing the number of subsystems that must be maintained.

The Solaris™ Security Toolkit software provides a flexible and extensible mechanism to minimize, harden, and secure Solaris Operating Environment systems. The primary goal behind the development of this toolkit is to simplify and automate the process of securing Solaris systems. Please see:

http://www.sun.com/software/security/jass/

Track and monitor file system changes. Within systems that require inclusion of security, a file change control and audit tool is indispensable as it tracks changes in files and detects possible intrusion. You can use a product such as Tripwire for Servers, or Solaris Fingerprint Database (available from SunSolve Online).

Using Platform Security

Usually you install Portal Servers in a trusted network. However, even in this secure environment, security of these servers requires special attention.

UNIX User Installation

You can install and configure Portal Server to run under three different UNIX users:

root. This is the default option. All Portal Server components are installed and configured to run as the system superuser. Some security implications arise from this configuration:

An application bug can be exploited to gain root access to the system.

You need root access to modify some of the templates. This raises potential security concerns as this responsibility is typically delegated to non-system administrators who can pose a threat to the system.

User nobody. You can install Portal Server as the user nobody (uid 60001). This can improve the security of the system, because the user nobody does not have any privileges and cannot create, read, or modify the system files. This feature prevents user nobody from using Portal Server to gain access to system files and break into the system.

Chapter 5 Creating Your Portal Design 103

Page 102 Page 104
Page 103
Image 103
Sun Microsystems 2005Q1 manual Using Platform Security, Unix User Installation
Page 102 Page 104
Top Page Image Contents