Data on Trusted Solaris systems?

Posted on 2006-04-30
Last Modified: 2013-12-27
On a Trusted Solaris OS system or any Trusted UNIX OS, should very sensitive data be online or connected to the Internet?
Question by:slajoh01
    LVL 10

    Accepted Solution

    No - as you put it - very sensitive data should not be accessible to the Internet.  Trusted Solaris or any OS will not guarentee protection cuz the environment is designed, built, and managed by humans and therefore has flaws in the architecture, security design, and operational best practices.

    Usually the highly sensitive data would be behind several layers of access controls, phsyical layers in an environment, identity and role based permissions would be used to the EXTREME, encryption, authentication, signed communication channels, etc - all this is *an effort* to never allow direct physical access to the data.  Notice I said " an effort" - its not a guarantee.

    Have you missed all the news articles about 10s of thousands peoples credit card information being exposed and stolen and abused over that last several years ????  A recent article just came out about how high-quality data (e.g. very sensitive data) on over 2000 credit cards was acquired and used to charge between $500 and $700 against the credit cards.  They know the data was of high-quality because the charges were made to the credit cards immediately without first trying charges of something like 10 cents to see if the accounts were valid.  The charges were simply made e.g. the theives KNEW the data was already correct.  The legal battles will fly on this one and the losers as usual will be the people whose accounts were exposed.

    If you have highly sensitive data, you and your organization better think LONG and HARD about the risks you are getting into by exposing that sensitive data to the Internet.  If this highly sensitive data involves consumer personal data that could lead to identity fraud is stolen, .... ahh the horror.
    LVL 38

    Expert Comment

    Agreed with Nukfror, when your box is accessible to the world, you sensitive data
    is at risk. Hackers, OS bugs etc can cause problem.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
    A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
    This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
    In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now