Migrate to Trusted Solaris
Hi everyone,
Due to security reasons, we've been asked to look for more secured systems than 'plain' Solaris. That's how I discovered Trusted Solaris.
I've read quite a few pages on it, and still have some questions that could not be answered, and I hope you could bring me answers, or at least clues to find those.
First of all, I have to say all machines are running Solaris 8, and most of those do not run on Solaris 10.
So, do you think moving to TS 8 would be interesting for us, or is this system depracated ?
Lots of information available make me think that configuring TS is quite hard. I agree to say we need someone to be trained for that, but is the system quite understandable for everyone familiar to Solaris, or is it so different that only trained people are aware of what to do ?
Sorry if my questions seems odd to you, but I really cound not find answers on it.
And also excuse my english, as it is not my mother language ;)
Thanks in advance,
Fabrice
[1041 byte] By [
fabrice] at [2007-11-25 23:04:33]
# 1
TSOL 8 can be difficult to configure, especially if you want to use some of the more advanced features.
The biggest question you should ask yourself is how much more security do you want than vanilla Solaris offers?
If all you need is role base access controls (RBAC), you can do that with vanilla Solaris; but if you need a labeled environment and mandatory access controls, then you will need to go to TSOL.
You may want to look at attending Sun's Trusted Solaris training course. Its a good first step if you've never administered a trusted operating system before.
# 2
THanks for this response.
First of all, I guess what you call "vanilla solaris" is the basic Solaris 8 ; am I wrong ?
I'm quite sure I can reach a good security level with Solaris and some tools (maybe somme toi be developped), but I think TSOL already includes all those tools.
That's why I was wondering if the best solution was to migrate to TSOL, or to stay with Solaris, and developp and/or install a few more security tools (which may become hard to manage too)...
