Sun Microsystems 2005Q1 Server User Manual

Open as PDF

of 192

Designing Portal Security Strategies

104 Portal Server 6 2005Q1 • Deployment Planning Guide

The user nobody does not have a password, which prevents a regular user

from becoming nobody. Only the superuser can change users without being

prompted for a password. Thus, you still need

root access to start and stop

Portal Server services.

See the Java Enterprise System Installation Guide for more information.

• Non-

root user. You can run Portal Server as a regular UNIX user. The security

benefits of a regular user are similar to the security benefits provided by the

user

nobody

. A regular UNIX user has additional benefits as this type of user

can start, stop, and configure services. After installation, you need to change

ownership of some files.

See the Java Enterprise System Installation Guide for more information.

Limiting Access Control

While the traditional security UNIX model is typically viewed as all-or-nothing,

you can use alternative tools to provide some additional flexibility. These tools

provide the mechanisms needed to create a fine grain access control to individual

resources, such as different UNIX commands. For example, this toolset enables

Portal Server to be run as

root, while allowing certain users and roles superuser

privileges to start, stop, and maintain the Portal Server framework.

These tools include:

• Role-Based Access Control (RBAC). Solaris™ 8 and Solaris™ 9 include the

Role-Based Access Control (RBAC) to package superuser privileges and assign

them to user accounts. RBAC enables separation of powers, controlled

delegation of privileged operations to users, and a variable degree of access

control.

• Sudo. Sudo is publicly available software, which enables a system

administrator to give certain users the ability to execute a command as another

user. Please see:

http://www.courtesan.com/sudo/sudo.html

Using a Demilitarized Zone (DMZ)

For maximum security, the Gateway is installed in the DMZ between two firewalls.

The outermost firewall enables only SSL traffic from the Internet to the Gateways,

which then direct traffic to servers on the internal network.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Sun Microsystems 2005Q1 Server User Manual