For this article it is helpful to understand the background of public key cryptograph. Data that travels across a network can easily be snooped, or its point of origin can be faked. When the data contains sensitive information, such as domain passwords, steps must be taken to protect the data from unauthorized parties. The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols were designed to help protect privacy and integrity of data while it is transferred.
SSL must be installed and enabled to configure secure Sun Fire Link software. We provide the instructions for how to configure Java Secure Socket Extension (JSSE). This is a reference implementation for a Java version of the SSL and TSL protocols and includes functionality for message integrity and data encryption.
Encryption is the process of using a complex algorithm to convert cleartext to an encoded message ciphertext. The ciphertext is meaningless without the algorithm and key. Decrypting is the inverse of encrypting. It produces a cleartext message from a ciphertext message. Their are two types of methods of encryption; public/private and secret key cryptograph. Public key cryptography uses an encryption algorithm in which two keys are produced. One key is made public while the other key is kept private. The public key and private key are cryptographic inverses; what one key encrypts only the other key can decrypt. It is also computationally infeasible to compute the private key from the public key. Secret Key Cryptograph uses an encryption algorithm in which the same key is used both to encrypt and decrypt the data. A digital signature is a computed value which can be used to validate the origin and integrity of a message. The originator of a message uses a key to compute a unique signature for the message. Both the message and the digital signature is sent to the recipient. The recipient uses a verification key to verify that the message and the signature match. If the signature and the message are verified then we can be confident about the source and the content of the message. SSL uses public key cryptograph to provide authentication, secret key cryptograph, and digital signatures to provide for privacy and data integrity. To use SSL you must create a keystore. A keystore is a database of public and private keys. Typically there are two categories of keystore information: key entries and trusted certificate entries. A key entry consist of an identity and its private key. The private key is very sensitive data and must be protected. In contrast, a trusted certificate entry contains only a public key in addition to the entity's identity. Therefore a trusted certificate entry cannot be used where a private key is required.
In the Sun Fire Link system there are a few security risks:
Insecure system controllers.
Network traffic between the FM and the system controllers
Network traffic between the FM and the FM proxy
Cleartext password information
Rogue FM clients
The procedures in this article resolve these issues by deploying the MSP and using SSL.
The insecure system controllers are placed on a private management network. Access is restricted by the MSP. Since these system controllers are protected by the MSP, they are no longer a security risk.
The network traffic between the FM and the system controllers is only on the private management network behind the MSP. This traffic is protected by the MSP.
The network traffic between the FM and FM Proxy will be protected by SSL. SSL is used to authenticate the endpoints and protect against privacy attacks. SSL is a widely used and understood security protocol. The cleartext password information is controlled by using SSL and the FM password.
The FM stores passwords for both system controllers and domains. When SSL is deployed the domain passwords are no longer needed; the authentication is by public key cryptography. When you install the FM password, the cleartext password is encrypted in a file.
Another potential issue is the RMI access to the FM. This access is restricted to the local host with root access because the machine on which the FM is running is the MSP. The FM security is protected by the security of the MSP.