Re: Security for SUN-Cluster 3.0/2.2 with OPS (8.1.7)

From: Alex Noordergraaf (Alex.Noordergraaf@sun.com)
Date: 10/29/01


Message-ID: <3BDD8327.25C0FF40@sun.com>
Date: Mon, 29 Oct 2001 11:26:15 -0500
From: Alex Noordergraaf <Alex.Noordergraaf@sun.com>
To: Markus.Fleischmann@ConSors.de
Subject: Re: Security for SUN-Cluster 3.0/2.2 with OPS (8.1.7)

Markus.Fleischmann@ConSors.de wrote:
>
> Hello,
>
> we, at our company, use two Sun Clusters (one 3.0, the other 2.2) with OPS
> (8.1.7) running on both
> and like to make them (at least more) secure. Now the question is, if there
> are any restrictions (f.e. with
> respect to the communication between the two Cluster nodes) which prevent
> the usage of the
> Solaris Security Toolkit (formerly known as JASS) to secure the whole
> thing?
> Has anybody made experiences with securing a Sun Cluster and can tell me
> which ports, services,
> etc. can be deactivated without any problems?

There are two parts to your question - which may or may not be important
to you:

a) what SunCluster configurations are supported by Sun?

b) what security modifications can I made if I don't care about support?

There are no secured configurations of SC2.2 or SC3.0 available today
which are supported. I can say that this is going to change - but can't
give any specifics yet as legal doesn't let us talk about futures.

That being said I'm not going to go into details on securing SC2.2 or
SC3.0 except to say that both products will break if hardened with the
default JASS 'secure.driver'. Please don't run JASS (or any other
hardening tool) on a SunCluster without understanding your support
issues and being willing/able to deal with the problems that come up as
a result of the hardening.

-Alex

>
> Thanks in advance,
>
> Markus

-- 
Alex Noordergraaf                  (voice) 781.442.3447
Enterprise Eng. Security Architect (email) alex.noordergraaf@sun.com
BluePrints Security articles       http://sun.com/security/blueprints



Relevant Pages

  • Re: Ten least secure programs
    ... it's probably better you leave the topic alone ... I said I do not have security issues with the programs I code. ... I didn't realize you were a Linux user, ... > the most widely used and secure UNIX flavors? ...
    (Security-Basics)
  • "An Asp.Net accident waiting to happen" - Draft article
    ... In a time where Security ... in shared hosting environments. ... technologies that allow the creation and deployment of secure ... IIS 6 web server and windows 2003 also provide some tools to deploy ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Why Easy To Use Software Is Putting You At Risk
    ... I do agree that the additions and changes to Solarius will make it more secure and that this is good. ... Why Easy To Use Software Is Putting You At Risk ... instead I would say that the view that security is ... Four Construction Workers Died after Crane Collapse in Toledo, ...
    (Security-Basics)
  • Why Easy To Use Software Is Putting You At Risk
    ... Anyone who has been working with computers for a long time will have noticed ... because DNS does not configure properly or security permissions are relaxed ... Is It Also Secure ... guarantee that no one really knows for sure, not even Microsoft developers. ...
    (Security-Basics)
  • Re: Screensaver takes too much time to fade-out...
    ... If you are serious about making your machine secure, ... learn a thing or two about security. ... These logs are mailed to the root user at 3am. ... Setup dovecot and use a local email client to fetch it. ...
    (Fedora)