Protecting research stored in the computer network of Dartmouth College's psychology department is a top priority for James Dobson, a system architect for the Hanover, N.H.-based institution. The department is using a test version of the soon-to-be-released Solaris 10 operating system, and so far he's pleased with the results.
"One of the main areas of research the psychology department focuses on is cognitive 'neuroimaging' -- the development of scientific approaches for the comprehensive mapping of brain structure and function," Dobson said. "The department relies on student volunteers for research work, necessitating a high level of security and information protection."
He praised Solaris 10's security muscle and compatibility with other systems during a discussion Monday at the Burlington, Mass., offices of Sun Microsystems, which is preparing the product for release by year's end. Sun said Solaris 10's security highlights include N1 grid container technology, extensive cryptographic services; stronger user rights management and a stronger IP filter.
In a paper distributed during the discussion, Dobson wrote that Solaris 10 helps maintain that high level of protection because it "delivers new military-grade security features" that include increased identity, data and access security with "much stronger login controls, all helping ensure that no one outside the psychology department gains access to any research or personal data."
Jonathan Eunice, principal analyst and IT advisor for Nashua, N.H.-based research firm Illuminata Inc., listened to what Dobson and several Sun executives had to say Monday, and he was impressed. In particular, he liked what he heard about the N1 grid container technology, which will allow users to create up to 4,000 secure, fault-isolated software partitions, each with its own IP address, memory space, file area, host name and root password.
"The container concept is a lightweight, simple way to have security," Eunice said. "It's not perfect, not 100%. But unlike mandatory access controls, which prohibit activity where you need to share data, the container concept allows shared access. Think of it as firewalling individual applications from one another. It offers a balance people look for -- security that isn't so all-encompassing that you can't get work done."
While it's not perfect, Eunice said the containers are a significant step in the right direction because it blinds the potential attacker. "It puts up a wall," he said. "An attacker can't see through the wall, and when you can't see something, you can't mess with it."
Paul Sangster, senior Solaris security architect for Sun, described the container technology as one of Solaris 10's most significant features, and also cited other improvements he believes will attract IT practitioners.
"I expect IT administrators will greatly appreciate the N1 grid container zone feature and the user rights management privilege feature," Sangster said. "These features enable (them) to much more tightly protect their services, even in the face of an attacker exploiting a known hole in some third-party software that was deployed but not yet patched. The combination of these features will greatly limit the potential damage to the system down to the contents of a single zone and greatly restrict which, if any, resource can be affected. It also allows customers to run intrusion detection software on the end system, which attackers can't detect or tamper with."
This story is from the e-newsletter Security Wire Perspectives.