1 / 28

Oracle Solaris 11 Security and Data Management: Reduce Risk and Deliver

Oracle Solaris 11 Security and Data Management: Reduce Risk and Deliver. Lei Gu Oracle University Senior Instructor .

evadne
Télécharger la présentation

Oracle Solaris 11 Security and Data Management: Reduce Risk and Deliver

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Oracle Solaris 11 Security and Data Management: Reduce Risk and Deliver Lei Gu Oracle University Senior Instructor

  2. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

  3. Program Agenda • Oracle Solaris Auditing • Basic Audit Reporting Tool • Oracle Solaris Cryptographic Services • Password and Password Constraints • Pluggable Authentication Module

  4. Program Agenda • Privileges in Oracle Solaris 11 • Oracle Solaris Trusted Extensions

  5. Security Workflow Orientation

  6. Oracle Solaris 11 The first cloud OS • #1 Oracle database deployment platform • #1 UNIX operation system in shipments(IDC) • Supported by 11,000+ applications • Oracle Solaris used at the top 10 banks and telecom companies

  7. Oracle Solaris Auditing Provides record of security-related system events

  8. Oracle Solaris Auditing • Audit Events • /etc/security/audit_event • Audit Classes • /etc/security/audit_class • Audit Plug-in Modules • audit_binfile • audit_remote • audit_syslog • Audit Records and Audit Tokens • auditreduceand praudit

  9. Basic Audit Reporting Tool Perform file-level checks of a system over time • Collects information (UID,GID,permissions,ACL,mtime,size) • Generates an MD5 checksum from the contents of the file • BART Main Components • BART Manifest • BART Report • BART Rules File

  10. Oracle Solaris Cryptographic Services • Cryptographic Framework • Provides cryptographic services to applications and kernel modules • Key Management Framework(KMF) • Provides tools and programming interfaces for managing public key objects.

  11. Cryptographic Framework • Based on the RSA PKCS#11 public key cryptography standard • The power of advanced,streamlined encryption algorithms and hardware acceleration to applications

  12. Key Management Framework • Unifies the management of public key technologies (PKI) with the following interfaces: • pktoolcommand • kmfcfgcommand • KMF library • Provides methods for managing the storage of keys • Provides the overall policy for using the stored keys • Manages the policy, keys, and certificates

  13. Password and Password Constraints • Strong user passwords help defend against hacking. • Password length, content, frequency of change and modification requirements can be set, and a password history can be kept. • A password dictionary of passwords to be avoided is provided. • Several possible password algorithms are available.

  14. Pluggable Authentication Module • Pluggable Authentication Module (PAM) framework: • Allows you to plug in new authentication services without changing system entry services, such as login, gdm, and ssh • Allows you to plug in mechanisms for account, credential, session, and password management • Integrates UNIX login with other security mechanisms such as Kerberos

  15. Pluggable Authentication Module

  16. Privileges in Oracle Solaris 11 Enforced in the kernel • Privileges are grouped into sets: • By name,which shows the type of process affected,such as cpu_,proc_,and file_ • Basic set of privileges that allow ordinary users to use the system:proc_fork,proc_exec,proc_session,file_read,file_write • Privilege sets on a process: Effective, Inheritable, Permitted, and Limit sets • You can assign privileges to an executable using: • Rights profile • SMF:Assigns privileges to a service

  17. Oracle Solaris Trusted Extensions Labeled System • Protects against intruders • Provides discretionary and mandatory access control • Separates information by label • Enables secure administration

  18. Labels in Trusted Extensions Software • Labels determine which users can access which programs, files, and directories. • Labels determine access to other system resources such as allocatable devices, networks, framebuffers, and other systems. • Labels and clearances form a vital part of Mandatory Access Control (MAC) in Trusted Extensions. • Labels and clearances consist of a classification component and zero or more compartment components.

  19. Adding the Trusted Extensions Feature to Oracle Solaris • # pkg install system/trusted/trusted-extensions • # svcadm enable -s labeld • # reboot

  20. “With an ever-expanding portfolio of tools and applications, Oracle University is strongly oriented toward the individual learner.” 2013 leader inIT EducationAccording toIndustry Analyst Firm IDC “Of the vendors evaluated, Oracle is most adept at describing the value of training at multiple parts of the technology deployment life cycle.” “This decentralized control [of the curricula development] helps maximize the relevance of the training offering to the elements that are most useful to end users.”

  21. One of the World’s Largest Training Organizations Worldwide classrooms: 200+ in 89 countries Courses: 2000+ Languages supported: 28 Classes per week: 600+, 90+ Virtual Classes On Demand Courses: 100 and growing Students trained per year:400,000+ Global education partnerships:500+ Oracle certified professionals: 1.6+ million

  22. Training & Certification for the Entire Stack ROLE-BASED TRAINING Administrators Developers Business Users Architects Implementers WHEN AND HOW YOU NEED IT In-Class Training On Demand Private Live Virtual Class VALIDATED BY INDUSTRY-RECOGNIZED CERTIFICATIONS Oracle Certified Professional Oracle Certified Expert Oracle Certified Associate Oracle Certified Master

  23. More than 2000 Courses Across 50+ Products

  24. 160+ Certification Credentials Available

  25. Contact Oracle University at: Telephone: 800 810 9931 orEmail: OUChina_CN@oracle.com Website: www.oracle.com/cn/education 2013 leader in IT Education education.oracle.com

More Related