- Sun Cluster 3.0 12/01 Security with the Apache and iPlanet Web and Messaging Agents
- Assumptions and Limitations
- Solaris OE Service Restriction
- Sun Cluster 3.0 Daemons
- Terminal Server Usage
- Node Authentication
- Securing Sun Cluster 3.0 12/01 Software
- Verifying Node Hardening
- Maintaining a Secure System
- Solaris Security Toolkit Software Backout Capabilities
Sun Cluster 3.0 software is used to provide mission-critical capabilities to an organization. While the Sun Cluster 3.0 software addresses issues such as fault tolerance, failover, and performance, it is very important that the systems running Sun Cluster 3.0 software are protected against malicious misuse and other attacks such as denial of service. The most effective mechanism for doing this is to configure the nodes in a cluster so that they can protect themselves against attack.
This article describes a supported procedure by which certain Sun Cluster 3.0 12/01 software agents can be run on secured and hardened Solaris OE systems. By implementing these recommendations for the iPlanet Enterprise Server, Apache Web server, and iPlanet Messaging Server, those systems will increase their reliability, availability, and serviceability as the servers will not be as susceptible to attack. This article takes the recommendations made in other Solaris OE security Sun BluePrints articles and provides a specific configuration for the supported agents to improve the overall security posture. This improvement in overall security is made by dramatically reducing potential access points to the Sun Cluster 3.0 nodes and installing secure access mechanisms. In addition, the implementation of these recommendations can be automatically installed by Solaris Security Toolkit software.