insecure by default?

I recently attended an Oracle Sales event. One of the main selling points and strong Solaris features being stressed was the “Secure by default” nature of the operating system. And while I really don’t want to argue with the basic idea or the point made (that solaris is a secure os), it started to get me thinking about some of the things that annoy me and that are not in line with the marketing claim.

I love the fact that the Solaris installer has the (default) option of disabling all network services except for SSH. I stick with this default all the time since it is easy to just reenable needed services later. But the bitter (and annoying) truth is that whenever you set up a new zone in Solaris, all those stupid services will be enabled in the zone. Telnet, http, webconsole: you name it! This can easily be remedied by issuing the command ‘netservices limited’ but that should not be needed, secure should be the default! But it really does look like this is the default behavior and not a bug.

But maybe this is something that could change with the upcoming Solaris 11.

Leave a Reply

Your email address will not be published. Required fields are marked *