and the compliance 1M and compliance tailor 1M man pages Protecting executables

And the compliance 1m and compliance tailor 1m man

This preview shows page 15 - 16 out of 84 pages.

and the compliance (1M) and compliance-tailor (1M) man pages. Protecting executables from stack corruption is now a security extension in Oracle Solaris rather than the no_exec_userstack system variable that previously was set in the /etc/ system file. The nxstack security extension is set by default. In addition, the nxheap security extension protects from heap corruption. For more information, see the “Protecting the Process Heap and Executable Stacks From Compromise” in Securing Systems and Attached Devices in Oracle Solaris 11.3 . The Cryptographic Framework now includes the Camellia algorithm. To view the mechanisms that Camellia supports, run the cryptoadm list -m | grep camellia command. The SPARC T4 Series and SPARC T8 Series servers provide hardware acceleration for this algorithm. The Kernel SSL proxy supports SSLv3, but disables it by default. See “SSL Kernel Proxy Encrypts Web Server Communications” in Securing the Network in Oracle Solaris 11.3 . The pktool gencsr command can now create certificates for certificate authorities that do not follow the standard PKCS #10: Certification Request Syntax Specification ( http:// ) . See the pktool (1) man page. When a certificate from a Certificate Authority (CA) is missing or corrupted, you can fix the resulting problem by adding or removing certificates from the Oracle Solaris keystore. For more information, see “Adding CA Certificates to the Oracle Solaris CA Keystore” in Managing Encryption and Certificates in Oracle Solaris 11.3 . Oracle Solaris provides client support for KMIP version 1.1, enabling clients to communicate with Key Management Interoperability Protocol (KMIP)-compliant servers such as the Oracle Key Vault (OKV). PKCS #11 applications, as clients, can communicate with KMIP-compliant servers to create and use asymmetric keys. See Chapter 5, “KMIP and PKCS #11 Client Applications” in Managing Encryption and Certificates in Oracle Solaris 11.3 . Oracle Solaris offers an openssh implementation of Secure Shell. This OpenSSH implementation is built on OpenSSH 7.2p2 plus additional features. The sunssh implementation is still the default. You use the pkg mediator command to switch between the two implementations. For more information, see “OpenSSH Implementation of Secure Shell” in Managing Secure Shell Access in Oracle Solaris 11.3 . To aid in making the transition to IPsec and IKEv2, Oracle Solaris provides the pass action and the ike_version option. The pass action enables a server to support IPsec and non- IPsec clients, and the ike_version option enables you to specify the version of the IKE protocol that an IPsec policy rule must use. This option helps a network run two versions of the IKE protocol and require the newer IKE protocol on only those systems that can support it. For information and links to examples, see “What’s New in Network Security in Oracle Solaris 11.3” in Securing the Network in Oracle Solaris 11.3 .
Image of page 15
Image of page 16

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture