Motherboard Forums


Reply
Thread Tools Display Modes

Disk Encryption for Solaris 9

 
 
BertieBigBollox@gmail.com
Guest
Posts: n/a
 
      03-12-2008, 12:31 PM
Is there such a thing?

I know theres an encryption pack for Solaris 10. Would this do disk
encryption?

Basically, I need to build a few Jumpstart laptops which will be used
to build Solaris 9 systems. Trouble is the requirement is that they
must be encrypted.

Any suggestions?

I suppose I could run Solaris 10, along with encryption pack, on the
laptops but still build Solaris 9 using Jumpstart? Is that possible?

 
Reply With Quote
 
 
 
 
Pete
Guest
Posts: n/a
 
      03-12-2008, 02:52 PM
On 2008-03-12, (E-Mail Removed) <(E-Mail Removed)> wrote:
>
> I suppose I could run Solaris 10, along with encryption pack, on the
> laptops but still build Solaris 9 using Jumpstart? Is that possible?


Yes, you can have as many served OSs as you have disk space for.

I'm not aware of any whole-disk encryption products for Solaris though.
The Encryption 10 encryption kit doesn't do it as far as I can tell.

There was talk of having encryption support for zfs file systems and
support through lofi, both in OpenSolaris rather than Solaris 10. I'm
not sure how far these initiatives have got, but I guess that the kind
of customers you have who are mandating Solaris 10 will not be happy
with something as uncommercial as OpenSolaris.

I guess you could have a Windows or Linux system with encrypted file
system such as pointsec, safeboot or dm-crypt and run your jumpstart
server as a host under VMware, but it's rather messy to say the least.

--
------------------------------------------------------------------------
Pete Young (E-Mail Removed) Remove dot. to reply
"Just another crouton, floating on the bouillabaisse of life"

----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
 
Reply With Quote
 
 
 
 
BertieBigBollox@gmail.com
Guest
Posts: n/a
 
      03-12-2008, 03:03 PM
> Yes, you can have as many served OSs as you have disk space for.
>
> I'm not aware of any whole-disk encryption products for Solaris though.
> The Encryption 10 encryption kit doesn't do it as far as I can tell.


I'm surprised at that since theres a market for laptops with encrypted
disks...

>
> There was talk of having encryption support for zfs file systems and
> support through lofi, both in OpenSolaris rather than Solaris 10. I'm
> not sure how far these initiatives have got, but I guess that the kind
> of customers you have who are mandating Solaris 10 will not be happy
> with something as uncommercial as OpenSolaris.
>
> I guess you could have a Windows or Linux system with encrypted file
> system such as pointsec, safeboot or dm-crypt and run your jumpstart
> server as a host under VMware, but it's rather messy to say the least.


Although thinking about it - I dont suppose theres any reason why you
cant replace the disk in a laptop with a flagstone disk and install
Solaris on this?

From what I understand, a Flagstone disk is encrypted and asks the
user for a password before any OS gets involved at all....

 
Reply With Quote
 
Doug McIntyre
Guest
Posts: n/a
 
      03-12-2008, 04:19 PM
Pete <(E-Mail Removed)2net.com> writes:
>On 2008-03-12, (E-Mail Removed) <(E-Mail Removed)> wrote:
>>
>> I suppose I could run Solaris 10, along with encryption pack, on the
>> laptops but still build Solaris 9 using Jumpstart? Is that possible?


>Yes, you can have as many served OSs as you have disk space for.


>I'm not aware of any whole-disk encryption products for Solaris though.
>The Encryption 10 encryption kit doesn't do it as far as I can tell.



The encryption kit offers bigger-key and some new crypto algorithms
for some of the built-in library crypto functions on Solaris. Doesn't
do anything else... Most people don't need it.

Best bet is to port TrueCrypt or something simular to Solaris. I don't
know of anything already done out there.
There is a ZFS Crypto project, but if anything, thats for Solaris Express,
not Solaris9..
 
Reply With Quote
 
Michael Vilain
Guest
Posts: n/a
 
      03-12-2008, 06:37 PM
In article
<(E-Mail Removed)>,
"(E-Mail Removed)" <(E-Mail Removed)> wrote:

> Is there such a thing?
>
> I know theres an encryption pack for Solaris 10. Would this do disk
> encryption?
>
> Basically, I need to build a few Jumpstart laptops which will be used
> to build Solaris 9 systems. Trouble is the requirement is that they
> must be encrypted.
>
> Any suggestions?
>
> I suppose I could run Solaris 10, along with encryption pack, on the
> laptops but still build Solaris 9 using Jumpstart? Is that possible?


I think Solaris is lagging behind this feature in that it's not offered
by Sun. Maybe it's available if you install a 3rd-party filesystem, but
you won't be able to boot from it unless you modify and install your own
boot code in ROM.

So, you'll have to revisit this requirement or install something else
that offers disk-level encryption.

Got code?

--
DeeDee, don't press that button! DeeDee! NO! Dee...



 
Reply With Quote
 
Wolfgang
Guest
Posts: n/a
 
      03-12-2008, 07:39 PM
(E-Mail Removed) schrieb:
> Is there such a thing?
>
> I know theres an encryption pack for Solaris 10. Would this do disk
> encryption?
>
> Basically, I need to build a few Jumpstart laptops which will be used
> to build Solaris 9 systems. Trouble is the requirement is that they
> must be encrypted.
>
> Any suggestions?
>
> I suppose I could run Solaris 10, along with encryption pack, on the
> laptops but still build Solaris 9 using Jumpstart? Is that possible?
>


why do you have to encrypt stuff everybody can download by themselve?

If the only reason are the templates or configs: write a routine which
runs a boot to decrypt to a tmpfs the files you need and update the
archive somewhere. or easier (i asume the reason for laptop is
dhcp/bootp without dhcp-helpers and routing) download it with wget or
curl from a central repository (over ssl with client certs of course:-)
just in time.

jet or humpstart runs fine on Solaris 10, but still not in zones, due to
the nfs server, which require global zone for kernel modules.

So have a look at opensolaris for the zfs crypto project, but it seems
to not very agile.
JET has also some scripts which are not working with zfs (i make a step
between and copy to zfs by hand), the time i tried it last.

Wolfgang
 
Reply With Quote
 
BertieBigBollox@gmail.com
Guest
Posts: n/a
 
      03-13-2008, 05:09 PM
On Mar 12, 7:39*pm, Wolfgang <(E-Mail Removed)> wrote:
> (E-Mail Removed) schrieb:
>
> > Is there such a thing?

>
> > I know theres an encryption pack for Solaris 10. Would this do disk
> > encryption?

>
> > Basically, I need to build a few Jumpstart laptops which will be used
> > to build Solaris 9 systems. Trouble is the requirement is that they
> > must be encrypted.

>
> > Any suggestions?

>
> > I suppose I could run Solaris 10, along with encryption pack, on the
> > laptops but still build Solaris 9 using Jumpstart? Is that possible?

>
> why do you have to encrypt stuff everybody can download by themselve?
>

Its not the Solaris OS that needs to encrypted. Its the other stuff
including the contents of the Flash archive (containing other stuff)
used to jumpstart the systems being built thats the problem...
 
Reply With Quote
 
Pete
Guest
Posts: n/a
 
      03-14-2008, 04:23 PM
On 2008-03-12, Wolfgang <(E-Mail Removed)> wrote:
> (E-Mail Removed) schrieb:
>
> why do you have to encrypt stuff everybody can download by themselve?


I would guess that it's policy rather than a technical reason.

The large number of laptop thefts and losses, along with lots of
sensitive data in some cases, means that many organisations now mandate
whole-disk encryption of any laptop that may be carrying sensitive
material, the view amongst the security community being that file-system
level encryption is insufficient protection. Bertie might get an
exception for a jumpstart server to do a vanilla system build, but if
there's any sensitive data included in the build then he's not going to
be able to get around the requirement.

So there's clearly a market for whole-disk encryption on laptops, but
whether there is a market for Solaris on laptops which is big enough to
justify the effort of a whole-disk encryption product, is another
question altogether.

--
------------------------------------------------------------------------
Pete Young (E-Mail Removed) Remove dot. to reply
"Just another crouton, floating on the bouillabaisse of life"

----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
 
Reply With Quote
 
Pete
Guest
Posts: n/a
 
      03-14-2008, 04:35 PM
On 2008-03-12, (E-Mail Removed) <(E-Mail Removed)> wrote:
>
> I'm surprised at that since theres a market for laptops with encrypted
> disks...


Unfortunately, there's no market for laptops running Solaris.

> Although thinking about it - I dont suppose theres any reason why you
> cant replace the disk in a laptop with a flagstone disk and install
> Solaris on this?
>
> From what I understand, a Flagstone disk is encrypted and asks the
> user for a password before any OS gets involved at all....


Seems reasonable. I'm not familiar with Flagstone, but it does claim
that you can run any OS and it if CESG have accredited it then it should
be OK.

--
------------------------------------------------------------------------
Pete Young (E-Mail Removed) Remove dot. to reply
"Just another crouton, floating on the bouillabaisse of life"

----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
 
Reply With Quote
 
Huge
Guest
Posts: n/a
 
      03-15-2008, 09:29 AM
On 2008-03-14, Pete <(E-Mail Removed)> wrote:
> On 2008-03-12, (E-Mail Removed) <(E-Mail Removed)> wrote:
>>
>> I'm surprised at that since theres a market for laptops with encrypted
>> disks...

>
> Unfortunately, there's no market for laptops running Solaris.


Well, there is, but it's rather small. [FX: waves]

Not statistically significant, but in 15 years commuting into the City of London
and OS spotting on the train, I've only ever seen 2 people not running Windows
or MacOS on their laptops. One was running Centos and the other an unidentified
Linux. I have to manage with Cygwin.


--
"Be thankful that you have a life, and forsake your vain
and presumptuous desire for a second one."
[email me at huge {at} huge (dot) org <dot> uk]
 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Solaris 10 Unable to use "Dumb" KVM (Avocent SwitchView USB 4-Port),Works Under Solaris 8 Brian Jester Sun Hardware 0 02-28-2012 05:26 PM
Solaris 10 Unable to use "Dumb" KVM (Avocent SwitchView USB 4-Port),Works Under Solaris 8 brianjester@gmail.com Sun Hardware 0 02-28-2012 05:25 PM
Pro grade security. The Mac community lacks a whole disk encryption solution. High Priest Apple 101 02-01-2011 09:11 PM
Hard disk encryption R. P. Laptops 10 01-29-2008 08:27 AM
hex wep encryption news.rcn.com Dell 12 01-10-2006 06:21 PM


All times are GMT. The time now is 10:05 PM.


Welcome!
Welcome to Motherboard Point
 

Advertisment