The Secure by Default project is now integrated into Solaris Nevada build 42. This project is all about installing Solaris in a more secure configuration, right out of the box. It's something our customers have been requesting for a long time.

In this case, the more secure configuration is one where there are no network services accepting input from remote clients. Why is that more secure? Because network services are implemented by software, and software - no matter how carefully it is designed - sometimes contains serious bugs. Every service listening to the network presents an attacker with one more opportunity to exploit any vulnerabilities that code might contain.

We made one exception to this "no network services" rule for Secure Shell or ssh. You still need some way to administer the system when the console is unusable, either because no one is locally present or because of a catastophic error. For that purpose, ssh is a more secure choice than rlogin, telnet, or similar services.

Secure by Default uses the Solaris Service Management Facility (SMF) to control network services. Some are disabled completely, while others are configured using SMF properties to accept input only from clients on the local system. Starting from this secure baseline, the administrator can use SMF to enable any additional services he actually wants to have listening to the network.

Now that Secure by Default is available as part of Solaris Express, people have been asking questions about the implementation details. To help answer them, I've created an OpenSolaris project page. If you're interested in exactly which SMF services and properties are affected by Secure by Default, take a look at the design specification found there. For a tutorial introduction, you may also want to check out Glenn Brunette's blog entry about Secure by Default.