Sun Microsystems, Inc.
spacer |
black dot
  Previous   Contents   Next 
Chapter 1

Security Services (Overview)

This book focuses on the Solaris™ operating environment features that can help make a site more secure. This book is intended for system administrators and users of these security features. This is a list of the overview information in this chapter.

Introduction to Security Services

To help a site secure its computing environment, the Solaris operating environment software provides the following:

  • Authentication - The ability to securely identify a user, requiring the user's name and some form of proof (typically a password)

  • Access Control - The ability to restrict users to only those parts of the system that are necessary for their job

  • Secure Communication - The ability to ensure that authenticated parties can communicate without interception, modification, or spoofing

  • Auditing - The ability to identify the source of security changes to the system, including file access, security-related system calls, and authentication failures

For a general discussion of system security, see Chapter 14, Managing System Security (Overview).


Authentication is a mechanism that identifies a user or service based on predefined criteria. Authentication systems range from simple name-password pairs to more elaborate challenge-response systems, such as smart cards and biometrics. Strong authentication mechanisms rely on a user supplying information that only that person knows, such as a user name, and something that can be verified, such as a smart card or fingerprint. The Solaris operating environment features for authentication include the following:

  • Secure RPC - An authentication technique that is based on the Diffie-Hellman method. This topic is covered in "Overview of Secure RPC".

  • Pluggable Authentication Module (PAM) - A framework that enables various authentication technologies to be plugged in without disturbing system entry services, such as login or ftp. See "PAM (Overview)".

  • Sun Enterprise Authentication Module (SEAM) - A client/server architecture that provides authentication with encryption. See Chapter 6, Introduction to SEAM.

  • Smart Card - A plastic card with a microprocessor and memory that can be used with a card reader to access systems. See Solaris Smartcard Administration Guide.

  • Login Administration Tools - Various commands for administering a user's ability to log in or to abort a session. See Chapter 16, Securing Systems (Tasks).

Access Control

Access control enables users or administrators to restrict the users who are permitted access to resources on the system. The Solaris operating environment features for access control include the following:

Secure Communication

The basis of secure communication is requiring authentication with encryption. Authentication helps ensure that the source and destination are the intended parties. Encryption codes the communication at the source and decodes it at the target to prevent intruders from reading any transmissions that they might manage to intercept. The Solaris operating environment features for secure communication include the following:

  • Sun™ Enterprise Authentication Module (SEAM) - A client/server architecture that provides encryption with authentication. See Chapter 6, Introduction to SEAM.

  • Internet Protocol Security Architecture (IPsec) - An architecture that provides IP datagram protection including confidentiality, strong integrity of the data, partial sequence integrity (replay protection), and data authentication. See "IPsec (Overview)" in System Administration Guide: IP Services.

  • Solaris Secure Shell - A protocol for protecting data transfers and interactive user network sessions from eavesdropping, session hijacking, and man-in-the-middle attacks. Strong authentication is provided through public key cryptography. X windows services and other network services can be tunneled safely over Secure Shell connections for additional protection. See Chapter 4, Using Secure Shell (Tasks).


Auditing is a fundamental concept of system security and maintainability. Auditing is the process of examining the history of actions and events on a system to find out what happened. Auditing entails keeping a log of what was done, by whom, when it was done, and what was affected. For more information on Solaris operating environment auditing, see Chapter 22, BSM (Overview).

  Previous   Contents   Next