- Recommendations for Applying Preferred Practices
- Principals of Mission-Critical Implementations
- Physical Environment
- Internal Network Planning
- External Network Planning
- System Controller Configuration
- Platform and Domain Administration
- Error Analysis and Diagnosis
- Platform and Domain Configuration
- Dynamic Reconfiguration
- Related Resources
This section provides information about securing Sun Fire 15K/12K domains, system controllers, and any external networks running Sun Fire 15K/12K servers. This topic has been covered in great detail in many other Sun BluePrints OnLine articles and these references are provided accordingly.
Securing System Controllers
The Sun Fire 15K/12K system controller are vital and critical components of the platform. They are the central control points for all Sun Fire 15K/12K management activities and, therefore, require the highest level of security hardening. Because all domains can be brought down if system controller procedures or access is compromised, only certain administrators should have access to the system controllers. To protect system controllers, restrict access to the system controllers as much as possible, using access control configurations. At some sites, administrators need to administer all domains, which is okay as long as privileges and access is given only to administrators who really need them. We recommend provisioning a separate and dedicated network for the system controllers, which only administrators can access.
All administrators should implement the recommendations documented in the Sun BluePrints OnLine article, "Securing the Sun Fire 15K Controller." The topics in this document include the Solaris Security Toolkit, supportability, SMS software, setting up administration accounts, system controller network interfaces, Solaris_ Secure Shell (SSH) configuration, and a summary of security recommendations.
Each domain of the Sun Fire 15K/12K servers run a separate instance of the Solaris OE. Therefore, the rules for security apply as they would for securing other Sun servers. The tools and processes for securing a Solaris OE should include, but should not be limited to, firewall solutions, Solaris Security Toolkit, data encryption, role-based access control, SSH, and IPsec. The specifics for securing the Solaris OE are beyond the scope of this document but can be referenced in the Sun BluePrints OnLine article "Securing the Sun Fire 15K/12K Domains."
The Sun Fire 15K/12K servers should be configured to provide separate isolated domains where users accessing one domain should not be allowed to access other domains and the system controller. Therefore, the security model you implement should prevent users from gaining access to domains, unless they are permitted to access them. This can be accomplished using multilayered access control. When creating domains, ensure that domain administrators have access only to administer their specific domains and that they do not have access to the entire platform. The Sun Fire 15K/12K server platforms have the ability to grant access control at multiple levels by assigning certain administrators non-root user IDs with different UNIX® groups. This gives these administrators certain SMS capabilities, but does not give them all capabilities. These administration groups can be broken down as follows:
Platform administrator group. Hardware administration, platform configuration, environmental status, and power management, but no access to individual domains.
Platform operator group. Platform status and power only.
Platform service group. Platform operator, plus limited platform configuration privileges.
Domain administrator groups. Can manage only their respective domains, but they have no access or control of the platform.
Domain operator group. Can manage only power and domain board configuration for their respective domains, but have no other domain control capability.
System controller root user. Has root access to the system controller and associated functions.
We recommend that you implement a secure shell tool as a means to encrypt data being communicated to and from the system controllers and any administration servers and networks. Solaris 9 OE includes Solaris Secure Shell as a supported utility, or SSH can be obtained as freeware or a commercial product. An SSH implementation can be used to prevent security risks such as password theft and session intrusion, and can replace risky UNIX security commands such as rlogin, rsh, rcp, ftp, and telnet. For information about implementing and configuring OpenSSH in the Sun Fire 15K environment, reference the Sun BluePrints OnLine article, "Building and Deploying OpenSSH for the Solaris Environment."
In addition to hardening the Solaris OE against security attacks, it is important to secure the Sun Fire 15K/12K server's external network. At a high level, this includes developing company-wide network security policies, security assessments, and audits, and identifying how to fix known security risks and vulnerabilities. This should also include, but should not be limited to, applications, firewalls, switches, servers, intrusion detection, and authentication. For information about this topic, reference the documents listed in "Related Resources" on page 31.