Information Technology Reference
In-Depth Information
services greatly decreases the security risk. You can also use many of the other
features of Oracle Solaris to enhance the security of a Container. Table 8.1 reviews
the security features and capabilities used in the example described in this section.
Table 8.1
Security Controls
Security Control
Benefit
IP Filter
Prevents unwanted connection requests from reaching applications; prevents
network attacks
from
this Container
Limited network services
Reduces the number of programs listening to network ports
Disabled SSH
Prevents network login
No device access
Prevents ARP and IP spoofing attacks; prevents modification of Physical, Data
Link, and Network Layer parameters; prevents access to other networks via
other NICs
No device access
Prevents attacks on other types of devices
No kernel access
Prevents attacks on the OS and on other Containers
Sparse-root configuration
Prevents modification of the operating system
Reduced privilege set
Reduces the set of actions that can be performed in the Container
Resource controls
Further limits the ability of processes in this Container to affect other
Containers
Before using a security method like the one described in this section, you should
validate its ability to handle the types of attacks you want to defend against.
against the method described in this section and did not find any weaknesses.
However, the method described in this section may or may not be suitable for your
particular security needs.
Solaris Containers offer significant security capabilities not available with other
virtualization technologies. An understanding of security issues and the features
of Containers will help you to balance security and functionality.
Yo u c a n l e a r n m o r e a b o u t t h e s e c u r i t y - r e l a t e d t o p i c s d i s c u s s e d i n t h i s s e c t i o n a t
the following web pages:
Search WWH ::
Custom Search