Re: C2 security standards

From: Alex Noordergraaf (alex.noordergraaf@sun.com)
Date: 05/21/02


Date: Tue, 21 May 2002 17:15:09 -0400
From: Alex Noordergraaf <alex.noordergraaf@sun.com>
To: Juan Ignacio Trentalance <TRENTALANCE@crm.com.ar>


Juan Ignacio Trentalance wrote:
>
> Hi,
>
> Recently, I have been assigned the task of cheking that a group of sun
> solaris machines meet the C2 security standard.
>
> I have searched the focus lists and other security sites for something like
> a "C2 security checklist for solaris" whithout any luck.

And you answer why that is later in your original email. C2 doesn't mean
that systems are secure - nor do Common Criteria evals ;-(.

If you are, in fact, interested in improving the security of your
Solaris servers then you should be determining if your Solaris systems
follow security best practices and your corporate security policies.
Being C2 compliant just doesn't mean much as all the insecure protocols
can still be enabled on the system.

Would suggest you take a look at the security best practices available
from the BluePrint OnLine articles at http://sun.com/security/blueprints
and how they are implemented by the Solaris Security Toolkit (JASS)
available at http://sun.com/security/jass

There are lots of other security docs available from SecurityFocus and
other Internet sites as well...

Now - if this is just to meet some requirement which states that systems
must be C2 compliant ignore and not an attempt to improve the security
of an environment just ignore this email...
 
Hope this helps.

-Alex

>
> Thanks in advance,
>
> Juan



Relevant Pages

  • [NEWS] Hardening Solaris for MGC
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The Media Gateway Controller product is installed on top of Solaris ... In the default installation, Solaris has several known ... Since vulnerabilities are in the underlying Operating System customers do ...
    (Securiteam)
  • [UNIX] Remote Root Exploitation of Default Solaris sadmind Setting
    ... Get your security news from a reliable source. ... its Solaris operating system to help administrators manage systems ... The sadmind daemon is used by Solstice AdminSuite applications to ... documented to some extent in Sun documentation, ...
    (Securiteam)
  • [EXPL] Solaris Xlock Heap Overflow Vulnerability (Exploit, XUSERFILESEARCHPATH)
    ... Solaris Xlock Heap Overflow Vulnerability ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... * sol_x86_xlockex.c - Proof of Concept Code for xlock heap overflow bug. ...
    (Securiteam)
  • Cisco Security Advisory: Hardening of Solaris OS for MGC
    ... Solaris operating system. ... In order to guarantee the stability of the application Cisco must ... The second issue is the security of the default Solaris installation. ...
    (Bugtraq)
  • [UNIX] William LeFebvre "top" Format String Vulnerability
    ... Get your security news from a reliable source. ... Over four years later the vulnerability ... bug and the issue has since been patched. ... OpenBSD, FreeBSD, SCO Skunkware, and Solaris have all been subject to this ...
    (Securiteam)