Professional Web Applications Themes

Question: C2 Security Configuration for general Unix and Solaris/Trusted Solaris (Auditing) - Linux / Unix Administration

While reviewing the DoD 5200.28-STD "DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA" doent and looking over "Security Requirements for Automatic Data Processing (ADP) Systems," for Federal systems requiring C2 compliance I realized that I do not understand the distinction between Solaris and Trusted Solaris. On the issue of Accountability(auditing) 1. Can Unix machines using only the syslogd facility meet 'C2' or higher? 2. Does Trusted Solaris offer any system resource advantage (CPU and Disk utilization) over Solaris using BSM when the need for accountability requires 'C2' level of logging? SolarisOE SunSHIELD™ Basic Security Module (BSM)...

  1. #1

    Default Question: C2 Security Configuration for general Unix and Solaris/Trusted Solaris (Auditing)

    While reviewing the DoD 5200.28-STD "DEPARTMENT OF DEFENSE TRUSTED
    COMPUTER SYSTEM EVALUATION CRITERIA" doent and looking over
    "Security Requirements for Automatic Data Processing (ADP)
    Systems," for Federal systems requiring C2 compliance I realized
    that I do not understand the distinction between Solaris and
    Trusted Solaris.

    On the issue of Accountability(auditing)

    1. Can Unix machines using only the syslogd facility meet 'C2'
    or higher?

    2. Does Trusted Solaris offer any system resource advantage
    (CPU and Disk utilization) over Solaris using BSM when
    the need for accountability requires 'C2' level of logging?

    SolarisOE SunSHIELD™ Basic Security Module (BSM)
    William Arens Guest

  2. #2

    Default Re: Question: C2 Security Configuration for general Unix and Solaris/Trusted Solaris (Auditing)

    In article <48f7af9b.0402201510.c73a38fposting.google.com> ,
    [email]william_arensemainc.com[/email] says...
    > While reviewing the DoD 5200.28-STD "DEPARTMENT OF DEFENSE TRUSTED
    > COMPUTER SYSTEM EVALUATION CRITERIA" doent and looking over
    > "Security Requirements for Automatic Data Processing (ADP)
    > Systems," for Federal systems requiring C2 compliance I realized
    > that I do not understand the distinction between Solaris and
    > Trusted Solaris.
    Trusted Solaris assigns "labels" to all the files, data, devices, users
    and processes and takes great pains to make sure that everything with
    the same label is isolated from stuff with other labels, subject to
    exceptions defined by a user called the "security manager". This is
    called mandatory security because the users have no choice in what the
    labels are or how they are managed. (Well, the security manager can
    specify all that when the OS is first installed, but that's it.) In
    addition to that, TSOL employs the familiar concepts of users, groups
    and permissions (the discretionary security stuff).

    Regular Solaris has no concept of labels. It simply employs the
    concepts of users, groups and permission settings.
    > On the issue of Accountability(auditing)
    >
    > 1. Can Unix machines using only the syslogd facility meet 'C2'
    > or higher?
    Not sure, but I doubt it. I think you need to log more detail than
    syslog offers. (We need a syslog expert for this one.)
    > 2. Does Trusted Solaris offer any system resource advantage
    > (CPU and Disk utilization) over Solaris using BSM when
    > the need for accountability requires 'C2' level of logging?
    Not that I've seen.
    grog Guest

  3. #3

    Default Re: Question: C2 Security Configuration for general Unix and Solaris/Trusted Solaris (Auditing)

    Thanks for the clarification. I am starting to understand the
    trusted solaris distinction.

    About the syslog issue, it turns out that without "kernel level logging",
    you cannot get the necessary auditing that is called for to meet C2.

    For Solaris, turning on BSM and rebooting the server provides C2 logging,
    but has the potential to consume your resources.

    grog <gregor.y> wrote in message news:<MPG.1aa10a68b3ca556598a9e2news.alt.net>...
    > In article <48f7af9b.0402201510.c73a38fposting.google.com> ,
    > [email]william_arensemainc.com[/email] says...
    > > While reviewing the DoD 5200.28-STD "DEPARTMENT OF DEFENSE TRUSTED
    > > COMPUTER SYSTEM EVALUATION CRITERIA" doent and looking over
    > > "Security Requirements for Automatic Data Processing (ADP)
    > > Systems," for Federal systems requiring C2 compliance I realized
    > > that I do not understand the distinction between Solaris and
    > > Trusted Solaris.
    >
    > Trusted Solaris assigns "labels" to all the files, data, devices, users
    > and processes and takes great pains to make sure that everything with
    > the same label is isolated from stuff with other labels, subject to
    > exceptions defined by a user called the "security manager". This is
    > called mandatory security because the users have no choice in what the
    > labels are or how they are managed. (Well, the security manager can
    > specify all that when the OS is first installed, but that's it.) In
    > addition to that, TSOL employs the familiar concepts of users, groups
    > and permissions (the discretionary security stuff).
    >
    > Regular Solaris has no concept of labels. It simply employs the
    > concepts of users, groups and permission settings.
    >
    > > On the issue of Accountability(auditing)
    > >
    > > 1. Can Unix machines using only the syslogd facility meet 'C2'
    > > or higher?
    >
    > Not sure, but I doubt it. I think you need to log more detail than
    > syslog offers. (We need a syslog expert for this one.)
    >
    > > 2. Does Trusted Solaris offer any system resource advantage
    > > (CPU and Disk utilization) over Solaris using BSM when
    > > the need for accountability requires 'C2' level of logging?
    >
    > Not that I've seen.
    William Arens Guest

  4. #4

    Default Re: Question: C2 Security Configuration for general Unix and Solaris/Trusted Solaris (Auditing)

    Just FYI, I know that within NATO, you can get C2 certification by using an
    evaluated verison of Solaris (the latest is Solaris 8 02/02) and then set it
    up according to the Security Release Notes:

    [url]http://wwws.sun.com/software/security/securitycert/docs/SRN_1.1.pdf[/url]

    This includes a lot of settings (and also BSM), but is pretty
    straightforward. You are stuck with Solaris 8 though.

    See [url]http://wwws.sun.com/software/security/securitycert/[/url] for more details.

    - Erlend Leganger


    Erlend Leganger Guest

  5. #5

    Default Re: Question: C2 Security Configuration for general Unix and Solaris/Trusted Solaris (Auditing)

    You can also install an access control product like Access Control For
    Unix from CA. Properly configured, it is rated all the way up to B2.



    "Erlend Leganger" <elegaremove.this.online.no> wrote in message news:<k5t%b.6711$rj4.92645news2.e.nsc.no>...
    > Just FYI, I know that within NATO, you can get C2 certification by using an
    > evaluated verison of Solaris (the latest is Solaris 8 02/02) and then set it
    > up according to the Security Release Notes:
    >
    > [url]http://wwws.sun.com/software/security/securitycert/docs/SRN_1.1.pdf[/url]
    >
    > This includes a lot of settings (and also BSM), but is pretty
    > straightforward. You are stuck with Solaris 8 though.
    >
    > See [url]http://wwws.sun.com/software/security/securitycert/[/url] for more details.
    >
    > - Erlend Leganger
    jspears@tevora.com Guest

  6. #6

    Default Re: Question: C2 Security Configuration for general Unix and Solaris/TrustedSolaris (Auditing)

    Erlend Leganger wrote: 
    syslogd is just a messaging system, it does not log any detail at all.
    applications and programs send messages to syslogd using either the
    logger application or the syslog api.
    syslog.conf specifies where each class of log is sent to by syslogd.
    you need to configure applications using syslogd to make use of their
    syslogapi functions .
    for example inetd can have connection tracking reported to syslog with
    the nessasary switch, ftpd can log more detail with the nessasary
    switch, and ssh has some config options to vary the detail reported via
    the syslog api.
    syslog is not C2, it is basic security logging.

    dont even consider process accounting for security logging!

    C2 security logging ie BSM in solaris assigns a tracking number to a
    user when they log in. every event they carry out even when they switch
    user is logged against that tracking number. creation, and deletion of
    files, updates, anything that requires a kernel system call is recorded
    through BSM against that tracking ID.
    yes it consumes lots of resources, upto 10% of CPU based on a box being
    properly utilised, and potentialy many gigabytes of data a day of
    logging information.
    BSM is no good on its own as no human could possibly review this vast
    amount of data and should be used in conjunction with a product such as
    ISS real secure to pull the data off and yse it in real time.

    regards peter
    peter Guest

Similar Threads

  1. Acrobat SDK 8.0 support for Unix and Solaris
    By chaituraju@rediffmail.com in forum Adobe Acrobat SDK
    Replies: 0
    Last Post: September 24th, 02:03 PM
  2. what is latest Flash for Solaris/UNIX?
    By xgoaltender in forum Macromedia Flash Player
    Replies: 0
    Last Post: November 20th, 04:42 AM
  3. solaris 10 zone / container question (or Solaris 9)
    By anna in forum Linux / Unix Administration
    Replies: 6
    Last Post: June 23rd, 04:24 PM
  4. Help choose Unix: Solaris or HPUX or AIX or ???
    By root2038@yahoo.com in forum Linux / Unix Administration
    Replies: 2
    Last Post: June 14th, 03:21 PM
  5. Where is the charter for comp.unix.solaris?
    By Mike Mann in forum Sun Solaris
    Replies: 9
    Last Post: July 22nd, 06:34 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139