Cloud Computing on Ulitzer
Back in June, we released the very first security hardened virtual machine
images for the Amazon Web Services Elastic Compute Cloud (EC2) environment.
These original images were based upon the OpenSolaris 2008.11 release and
were configured in accordance with the guidelines published by Sun the Center
for Internet Security.
Since its initial release, we have provided an update to offer this image in
the European Region. In August, we took another step forward with the release
of a security-enhanced image based upon the OpenSolaris 2009.06 release.
This image went beyond just the simple hardening of its predecessor to add
functionality such as encrypted swap, non-executable stacks and auditing that
was enabled by default. With such a strong foundation, it should have been no
surprise that it was likely to be used as a foundation for layere... (more)
For some reason, the links to things on SunSolve like the Solaris Fingerprint
Database have changed and as a result, tools like my Solaris Fingerprint
Companion stopped working. I would like to publicly thank Richard Mayebo for
being the first to let me know of this issue. In addition to just fixing the
links, it felt like an excellent opportunity to re-test the tool with the
latest versions of Perl shipping on both Nevada as well as Ubuntu. I am very
happy to report that the Solaris Fingerprint Database Companion tool
continues to work just fine (after the required add-ons are ... (more)
It is with great pleasure that I can announce the availability of security
enhanced OpenSolaris 2009.06 on Amazon EC2! This release builds upon the work
previously completed for the hardened OpenSolaris 2008.11 images as well as
recent advances from the Immutable Service Container project. The end result
is a OpenSolaris 2009.06 virtual machine image that is hardened, leverages a
non-executable stack, encrypted swap as well as auditing enabled and
pre-configured to record administrative events, logins, logouts, and all
command executions. Just as with the OpenSolaris 2008.11 imag... (more)
Since publishing my two part series on non-executable stacks in the Solaris
operating system, I received some very useful feedback and clarifications
that I wanted to share with everyone. First, Vladimir Kotal commented on my
first article that:
Having to grep(1) for the CPU features is really clumsy. Maybe psrinfo(1M)
could be extended to print them out? (for every (virtual) CPU present in the
system)
Frankly, I agree. After asking around however, today there does not appear to
be a cleaner interface (although there is a bunch of discussion around adding
one). Sherry Moore ... (more)
For the Sun CEC 2007 conference this year, I revamped my originalPractical
Solaris 10 Security presentation that I had originally mentioned here. The
new version of the presentation is titled Hack-Fu - Deconstructing the
Security Capabilities of the Solaris 10 OS.
While the title is a little more "catchy", the real change is that the
presentation was enhanced to provide a more complete practical demonstration
of Solaris 10 security capabilities. The presentation is structured from the
viewpoint of a potential attacker examining the system from the network. As
each new capabili... (more)
Glenn Brunette is a Distinguished Engineer and Chief Security Architect at Sun Microsystems. For over 15 years, he has designed and delivered security architectures and solutions supporting a wide array of global customers. Currently, he has focused his efforts on improving security for cloud computing and other highly dynamic and scalable architectures. 
Jeremy Geelan
Whitfield Diffie
Reuven Cohen
Werner Vogels
Elizabeth White
David Lucas
Shaul Efraim
Terence Martin Breslin
Cory Marchand
David Hughes
James Carlini
John Iffert
Dan Stolts
Joe Zeto
