Solaris security solutions

1. gSNAP Primer
Kevin Mayo
–Chief Architect – Global Government
●Sun Microsystems, Inc.
●

2. Introduction – What is gSNAP?
• (government) Secure Network Access Platform
• Reference Architecture for secure collaboration at
the desktop
■ “70% solution” developed specifically for govt
customers
• Competitive advantage for Sun in specific markets
■ Sun unique products and technology
■ CSO technical engagements
■ Complimentary partner products and integration
Sun Confidential: Internal or Partner Use Only

3. How We Use IT is Also Changing
Dynamic Coalition and
Interoperability
Formation
Standards
Best of Class
Threat of Global
Security
Terrorism
Access Anytime
Technology As Major
Anywhere
Element of Operations
Sun Confidential: Internal or Partner Use Only

4. gSNAP Market Drivers
• Government agencies have increasing need to collaborate
■ Within agency
■ With other agencies
■ With trusted partners (suppliers, research centres)
■ With agencies of other nations
• Government users have increasing need to access
information from anywhere, anytime
• Security and privacy are key requirements
• Sources of information are increasingly diverse
Sun Confidential: Internal or Partner Use Only

5. gSNAP Market Positioning
• Government agencies with collaboration needs
■ Defence (NATO)
■ Public security/ public safety (Interpol)
■ Emergency response (central, provincial, city)
■ Public health (CDC, WHO)
■ Government research centres and universities
Sun Confidential: Internal or Partner Use Only

6. Government System Requirements
• Trusted computing environment
• Single Virtual Switch to Multiple Networks
■
■
Single desktop with connections to multiple security
domains implemented as physically separated networks
(without enabling intra-domain routing)
End-users have controlled access to domains based on
security level, compartmentalization
• Secure Inter-Domain Data Transfer
■
Automated and manual auditing based on pre-defined
policies and procedures
• Remote Access Protocol Options
■
Tarantella, Citrix, RDP, X Windows or Browser.
Sun Confidential: Internal or Partner Use Only

7. Changing the Game—
Single Multi-Tiered Secure Communications
SINGLE-POINT FOR INFO ASSURANCE
Secure Domain A, Apps 1,2,3
Secure Domain B, Apps 4,5,6
Secure Domain C, Apps 7,8,9
Secure Domain D, Apps 10,11
Secure Domains A to Z
On ONE Terminal
With data assurance across security
domains
Sun Confidential: Internal or Partner Use Only

8. Desktop Consolidation:
Ultra-Thin Client Front-End
Before:
After:
To ensure a high level of security
physically isolated clients were
deployed often resulting in up to 10
different Desktops in a single office
Full Session Mobility enabled by a
single stateless Sun Ray TM frontend and protected by a Trusted
Solaris TM based back-end
Sun Confidential: Internal or Partner Use Only

9. The Sun Solution:
Secure Network Access Platform
User
Community
A
Switch
User
Community
B
Switch
Switch
User
Community
C
User
Community
D
Switch
Switch
Trusted Solaris
● Sun Ray Session
● Server
●
Switch
Switch
Switch
●
●
●
●
●
24/7 remote management
Sun Ray stateless
Clients Java
Card identity
Network attached storage
for audit logs
Sun Jumpstart Software
for automated site replication
Sun Confidential: Internal or Partner Use Only
• Highly scalable
• Multi-network
consolidation
• Ultra secure
• Identity/Role-based
access
• Audit ability
• Session mobility

10. Secure Network Access Platform for
Government Solution
3rd Party Security
Extensions
TCS, TNE, AC Tech,
Cryptek, Tenix, RSA, Maxim, etc.
Integration to Legacy
Systems
Tarantella, Citrix, RDP, Thinsoft
Java Ultra-Thin Client
Environment
SunRay 1G, 170; Sun Ray Session Server,
Trusted CDE, Java Cards
Government Accredited
Trusted Operating Env
Trusted Solaris Certified EAL4 (B1):
CAPP, LSPP, RBPP
Sun Solaris
Enterprise StorEdge ™ 9
RAS Compute Platform
Consulting, Training,
and Support Services
Sun Servers
Sun Open Work Practice, Workshop, POC,
Architecture and Implementation + Training
and Support
Sun Confidential: Internal or Partner Use Only

11. Trusted Solaris Direction
Trusted Solaris
BSM
Solaris
Solaris
2.3
Trusted Networking
Trusted Desktop
RBAC
Trusted
Solaris
layered
on Solaris
Process Attributes
Device Allocation
Virtualization
Privilege Policy
Solaris
8/9
Sun Confidential: Internal or Partner Use Only
Solaris 10

12. Secure Foundation of Dramatic Improvements
Solaris 10 Security
Digital Certificates Everywhere
Secure Execution
User Rights Management
Process Rights Management
Cryptographic Framework
IPFilter
Kerberos Single Sign On
Easily Activated Security Profiles
Sun Confidential: Internal or Partner Use Only

13. Multi-Level Labeled Security
Trusted Extensions
Adds labeled security to Solaris 10
Multi-level networking, printing
Multi-level CDE GUI
Leverages User & Process RM
Uses Containers
Compatible with all Solaris apps
Target of CAPP, RBACPP, LSPP @
EAL 4+
Available 1HCY2006
Sun Confidential: Internal or Partner Use Only

14. Sun Confidential: Internal or Partner Use Only

15. Based on Best
Practices From
Innovative Customer
Solutions:
DTW—DODIIS Trusted Workstation
●
Proven solution developed at Joint
Intelligence Center Pacific—JICPAC
●
Mandated by DIA as standard secure
desktop access solution for DODIIS
community
Coalition
Sun Confidential: Internal or Partner Use Only
DEA
INS
Circa 2000 seats deployed, multi-year
program managed by JEDI
Sun Network Access Platform
Solution
military
Intelligence
●
Government
Control
Center

16. DTW Components
JEDI JUMPSTART IMAGE:
Trusted Solaris 8 (12/02)
SunRay Software 2.0 w/Failover Groups
JMDI (JEDI) Extensions
Jumpstart support
- Streamlined User & Host management
Audit Management
- Authorized application Mgmt.
TCS software
●
●
●
SunRay thin Clients with 24” Flat-Panel monitors
Load Balanced Sun Servers
Windows 2003 servers connected via RDP
Sun Confidential: Internal or Partner Use Only