RealTime IT News

Solaris Gets Secured

Sun's Solaris 10 Unix operating system got its third major update, and it includes the long-anticipated Trusted Extensions, which replaces the legacy Trusted Solaris operating system.

Trusted Solaris Extensions have been in development at Sun for over a year as a new approach to creating a Trusted Solaris OS.

In September of 2005, Mark Thacker, product line manager of Solaris security at Sun Microsystems, explained to internetnews.com that Trusted Solaris has always been a separate OS.

With Trusted Solaris Extensions, instead of an entirely separate operating system, the extensions are overlays on top of Solaris 10 that do not require a separate kernel. They provide additional high-security labeling features to meet regulatory and compliance requirements.

Solaris 10 with Trusted Extensions is currently in evaluation for the Common Criteria Certification Labeled Security Protection Profile (LSPP) at Evaluation Assurance Level 4+ (EAL 4+).

The updated also includes the "secure by default" feature, which first appeared in an OpenSolaris build earlier this year. With secure by default, most external-facing services are turned off at the point of initial installation. Only services required to login and boot the OS are enabled by default.

"The whole thing is about making Solaris install in a mode that is secure out of the box," OpenSolaris developer Martin Englund wrote in a blog posting earlier this year. "This should be a no brainer, but since Solaris always strive to be backward compatible it is not easy doing a change like this."

Solaris 10 was originally released in 2004 and was last updated in June. Update 2 included the new ZettaByte File System (ZFS), as well as optimizations in the network stack around SSL and UDP performance.