[I'm not sure why this is a networking issue, rather than a zones-discuss or even security-discuss issue. You might want to try soliciting opinions from other groups.]
Muthusamy Sivasubramanian writes: > In a secure webserver, well defined with zones running ZFS, an isolated zone > is created for potentially harmful data of virus infected files, worms, > malicious scripts and trojans. The technical opinion is that the harmful data > in that hardware zone does not spill over and harm the clean data in the rest > of the hard disk. So much is possibly right. I don't know what "hardware zone" means, but otherwise, that's accurate. > But what happens during the process of passing on the data to that isolated > compartment ? The harmful data and scripts pass though the computer's and the > lan data cables, may be buffered in the RAM before being copied to that > isolated zone. Indeed; they are. In fact, those bits pass through the common system kernel that's running the entire system. > For instance, If this malicious data contains a root kit, it could infect the > motherboard and there are similar dangers of spill over in the RAM ??? I don't think this is an accurate representation of the threat. If you have data in RAM, it doesn't by itself get up and start walking over the system: you need some way to arrange to have that code run in a desirable context. That's what the Zones feature is designed to prevent. The non-global zone users can't write into the kernel, and thus have no way to arrange to have their chosen attack code run. Perhaps the best comparison is this: processes in non-global zones are *at least* as secure as having a non-root user with limited privileges and in a correctly-formed chroot environment. That's not to say that bugs in Solaris are somehow "impossible," but rather to say that you'd have to jump those hurdles to get that root kit into a place where it could run. You'd have to trick the global zone administrator into running the bits. > What are the hardware components that any data passes through, in a scenario > where a mail folder named "messages with visible and invisible or unknown and > executable attachments" is downloaded from the internet for storage on to the > isolated zone ???? All of them. If you have a threat model that actually requires strict segregation by hardware devices, then you're probably better off with Domains, LDOMs, or even with an air gap. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ networking-discuss mailing list [email protected]
