- Sun Cluster 3.0 12/01 Security with the Apache and iPlanet Web and Messaging Agents
- Assumptions and Limitations
- Solaris OE Service Restriction
- Sun Cluster 3.0 Daemons
- Terminal Server Usage
- Node Authentication
- Securing Sun Cluster 3.0 12/01 Software
- Verifying Node Hardening
- Maintaining a Secure System
- Solaris Security Toolkit Software Backout Capabilities
Terminal Server Usage
Sun Cluster 3.0 software does not require a terminal server as Sun Cluster 2.x software did. This is a significant improvement from a security perspective. Terminal server connections frequently do not use encryption. This lack of encryption allows a malicious individual to sniff the network and 'read' the commands being issued to the client. Frequently, these commands will include an administrator logging in as root and providing the root password.
We strongly recommend that you use a terminal server that supports encryption. Specifically, we recommend the use of a terminal server that implements Secure Shell (SSH). Terminal servers that support SSH are currently available from both Cisco (http://www.cisco.com) and Perle (http://www.perle.com).
If you cannot use a terminal server that supports encryption, only connect terminal servers to a private management network. While this helps isolate network traffic to the terminal servers, it is not as secure as the use of a terminal server supporting SSH.