Thursday Jul 15, 2004
On Monday, July 12th, what seemed like any typical summer
thunderstorm turned nasty. Apparently the storm front
stalled over the Burlington County, NJ area (including
Medford, Medford Lakes, Lumberton, Vincentown, and Southamton)
and the rain did not stop... Nearly twelve inches of rain
later...
Not only did we suffer from severe flood conditions as a
sheer result of the rainfall, but several of the dams and
bridges in the area gave way to the volume of water. In
fact, there was a cascading dam failure resulting in the
drainage of several lakes into the Rancocas Creek.
This last picture (above) shows a huge sinkhole at the top
center where once Medford Lake's primary beach ("Beach 1")
existed. To the left of the sinkhole is one of the dams that
was breached. The bike path and park to the left of the picture
were flooded leaving canoes wrapped (literally) around trees.
In fact, I saw a canoe wrapped around a tree as high as six
feet off the ground.
While we lost bridges, lakes and dams, we were very lucky.
Downstream, towns like Lumberton and Pemberton were completely
flooded and are still underwater today.
For more information on this flood, you can see:
Lakes Drained In Medford After Dams Burst
Hundreds Homeless In Wake Of New Jersey Flooding
Pemberton Residents Evacuated During Storm
Monday Jul 12, 2004
The Solaris Security Toolkit or just JASS for short is a flexible and extensible
collection of scripts that are used to enhance, maintain and audit the platform security
posture of the Solaris Operating Environment.
Version 4.0.1 of the Toolkit was released quite some time ago (around February 2004), and
I just wanted to provide an update for those that may be interested...
A lot of development and quality assurance work has been put into the next release of the
Toolkit. This was done to include more functionality based on customer and SunPS needs
as well as to help ensure that changes made by JASS were supportable. A lot of effort
also went into a testing cycle that uncovered a number of bugs and inconsistencies that
have since been fixed. In all, the next release of the Toolkit should be one of the best
ever published.
To give you an idea of some of the changes that have been happening, I will include a
few bullet points as a teaser. As always, your feedback is always requested using the
methods outlined on the JASS home page.
- All of the Toolkit software has been updated to allow for localized versions of the
Toolkit. At this time however only English is provided. If you are interested in a
localized version of the Toolkit, please send us your feedback.
- The Toolkit includes very preliminary support for the Solaris 10 OS. This means that
JASS will run on Solaris 10 (as well as in a zone), but it is not complete nor officially
supported at this time. Other Solaris 10 enhancements include support for the new Reduced
Networking Meta-Cluster, support for new services added to the OS, use of MD5 fingerprints
for file checksums, etc. More changes to support Solaris 10 will follow as that software
continues its march to release.
- The Toolkit includes better support for both Solaris on Intel/AMD as well as Trusted Solaris 8.
- All of the Toolkit software includes better sanity and consistency checks. This is
especially true for command line parsing and several of the JASS helper functions like
add_to_manifest.
- All Toolkit commands provide consistent return values now on exit.
- Many of the auditing functions were enhanced to support multiple arguments allowing a single command to check multiple items.
- nddconfig now supports loose checking of settings. It will report either an exact match, a loose match or a failure. This allows sites with stronger ndd configurations to still pass nddconfig audit checks.
- Column widths are adjustable when using JASS in audit mode with verbosity <= 2.
... and much, much more including many other fixes and enhancements...
The Solaris Security Toolkit development teams looks forward to your feedback concerning what
you like, don't like or would like to see included in a future revision of the Toolkit. We
hope to have a new release of JASS soon - although we cannot provide a date at this time.
Technorati Tag:
OpenSolaris
Solaris
security
jass
Monday Jul 12, 2004
On June 22, 2004, I had the distinct pleasure of travelling to Moscow to attend
and present at the Russian-American Conference on Secure Computing. This conference
was sponsored by Sun Microsystems and its Russian
partner, Swemel and was held at the Marriott Royal Aurora
hotel.
This event focused on a wide array of information security topics and issues facing
Russian government and commercial organizations today. The conference was a day
long and featured a general session as well as a technical and business track. The
event was well attended by leaders of the Russian security council, State Duma,
Federation Council, FSB, and many other government organizations and ministries.
My talk provided a technical overview of the Solaris Security Toolkit including its
origins, design philosophy as well as practical usage. In addition, a number of
other Sun speakers presented during the event including:
- John Gage, Chief Researcher and Vice President of Sun's Science Office
- Dr. Whitfield Diffie, Sun Fellow, VP and Chief Security Officer
- Jean-Paul Bergmans, GSO Country Manager, CIS
- Michael Pratt, SunPS Country Manager, CIS
- Evtim Batchev, SunPS Senior Security Architect, Portugal
- Benjamin Baer, Group Product Marketing Manager, Desktop Solutions
This conference was a continuation of the work completed earlier this year by
both Sun and Swemel resulting in the certification of Solaris 9 by the Russian
Federal Security Service opening the way for Solaris to be used for certain types
of government and classified processing.
Technorati Tag:
Sun Microsystems
security
