|
AcIS Unix Servers require differing levels of security, according to
requirements, both legacy and reasonable. The intent of this document
is to consolidate these requirements into a fixed set of security
levels to make these requirements more understandable. Five security
levels are identified here, with Level 1 being the most secure.
- Secure Level 5
Secure Level 5 servers offer secure means of establishing logins,
via SSH, SSL, Kerberos, or equivalent technologies.
- Secure Level 4
Secure Level 4 servers meet all the requirements of Secure Level 5
servers, and additionally permit no password-based logins over
plaintext connections.
- Secure Level 3
Formerly known as paranoid. Secure Level 3 servers
meet all the requirements of Secure Level 4 servers, and
additionally permit no plain text connections at all (eg:
unkerberized rsh).
- Secure Level 2
Secure Level 2 servers meet all the requirements of Secure Level
3 servers, and additionally permit no passwordless connections
(eg: kerberized rsh) except to service accounts with restricted
shells.
- Secure Level 1
Also known as standalone. Secure Level 1 servers meet
all the requirements of Secure Level 2 servers, and additionally
are not managed by the ID system, do not receive automatic updates
of system files, do not use any network file services (eg: nfs),
and do not permit any logins other than on console or via ssh.
All AcIS Solaris 2.5 servers are Secure Level 5. Most AcIS Solaris
FHS servers are Secure Level 4. FHS servers that offer plaintext FTP,
IMAP, etc are Secure Level 5.
Secure Level 5 is deprecated. No new servers may be established that
are Secure Level 5.
|
