Information Technology Reference
In-Depth Information
unwanted intrusion. Disabling services limits the external attack surface of the
Container. An attacker who can take advantage of a weakness in the service being
provided, such as web server software, will find that the
internal
attack surface is
also very small, because so little of the Container can be modified. If the Container
is configured appropriately, an intruder who somehow gains entry cannot access
other systems via the network, or can access only a specific list of systems and
services provided by those systems.
The combination of the ability to enforce those limitations and the resource con-
trols that are part of the functionality of Containers is very powerful. Collectively,
they enable you to configure an application environment that can do little more
than fulfill the role you choose for it.
This section describes a method that can be used to slightly expand a
Container's abilities, and then tighten the security boundary tightly around the
Container's intended application. This section combines individual steps and
knowledge from Chapter 6. The example in this section uses the Network Time
Protocol (NTP) service. Because this section is intended as a platform for a discus-
sion of security, however, we do not provide a complete description of the configura-
the proper use of NTP. Many other services can be hardened by using this method.
The command examples in this section use the prompt
GZ#
to indicate a com-
mand that must be entered by the root user in the global zone. The prompt
timelord#
shows that a command will be entered as the root user of the Container
named
timelord
.
Imagine that you want to run an application on an Oracle Solaris system but
the workload running on this system must not be accessible from the Internet.
Further, imagine that the application needs an accurate sense of time, a feat that
can be achieved without Containers by using multiple systems and a firewall. With
Containers, you can accomplish those goals with one system and offer additional
protection as well.
Yo u w i l l n e e d t w o C o n t a i n e r s . O n e p r o v i d e s a t r a d i t i o n a l e n v i r o n m e n t f o r t h e
application, and will not be discussed further in this section. The other one has
the ability to change the system's clock, but has been made extremely secure by
meeting the following requirements:
The Container can make outbound network requests and accept responses
to those requests.
■
The Container does not allow any inbound network requests (even secure
ones like SSH).
■
Search WWH ::
Custom Search