| InfoDoc ID |
|
Synopsis |
|
Date |
| 18339 |
|
SunScreen EFS[TM] on systems with a Remote System Control (RSC) interface. |
|
27 Jun 2002 |
What is a Remote System Control (RSC) ?
--------------------------------------
This board is currently a feature of the Sun Enterprise 250 Server Internal Raid Storage Option[TM]
it may be on future systems yet to be released.
This is a board that receives power even when the system is powered off
provided the mains is connected to the PSU ) and has a serial and ethernet port.
If the software to use this board is loaded, the ethernet port can be given an
IP address and then you can telnet to the console - bit like having a terminal
server attached to ttya. This port can also be used to turn the system on/off
or change boot parameters. There is very basic username/password security on this
port, other than that it gives you free access to the console of the system. You
can connect a terminal to the serial port of the RSC and get the same access.
Because this is not a Solaris[TM] ethernet interface you can't protect it with
EFS ( well you could, but it would require another system placed in between the
RSC port and the "network" ) so there is a possible security risk from this.
However - the RSC board is only and add on extra - its not required for the
operation of the machine. You could operate the E250 without configuring
it - you would not be able to connect to the RSC as it would not have an IP
address, or you could simply unplug the ethernet cable from this port ( has
a separate TPE socket ). If you are really paranoid the RSC card could be
unplugged from the system all together.
In summery the RSC port is only a potential security risk if unrestricted
access is allowed to this port - careful configuration would mean this
platform is suitable for running SunScreen EFS.
Is SunScreen EFS 2.0 supported on the E250 ?
--------------------------------------------
Yes it is - Please note the following options to secure the RSC interface.
Option 2 is the most secure, but prevents the use of the RSC. Options
1 and 3 are less secure but mean the RSC could be used for diagnosis if
the procedure in these options is used.
1. Delete/Remove all RSC user accounts.
In order to login to RSC, the user must have a valid RSC login account.
If this is not the case, RSC will refuse entry. The administrator can
delete all the RSC logins by using the "rscadm" utility. Rscadm is a
Unix tool which is used to configure RSC from the E250 host system.
The user must be logged in as root on the E250 host to use rscadm.
An example of how to remove an account would be:
# ./rscadm usershow
username permissions password
-------- ----------- --------
setup cuar Assigned
# ./rscadm userdel setup
After these steps, there are no valid user accounts. RSC can only be
accessed if the administrator adds a new user account using "rscadm
useradd".
2. Pull out the RSC ethernet cable.
RSC has a dedicated ethernet port and external cable. If the cable is
disconnected, RSC is not accessible from the outside world.
3. Set RSC ip_mode environment variable to none.
The RSC ip_mode environment variable controls how the ethernet port
is accessed. If this variable is set to "none", the ethernet port is
disabled and is not accessible.
The ip_mode variable can be set using the rscadm utility.
# ./rscadm show ip_mode
ip_mode="config"
# ./rscadm set ip_mode none
# ./rscadm show ip_mode
ip_mode="none"
4. Move the RSC ethernet port to the secure side of the firewall.
This would make the RSC ethernet port safe from access from outside
the firewall but still accessible from within.
Some example configurations:
----------------------------
-------- --------
/ \ (qfe1)+----------+(qfe2) / \
/ NETWORK \------------| E250 |----------------/ NETWORK \
\ / +----------+ \ /
\ / |(RSC) \ /
------- | Serial only --------
|
++++++++++
+ VDU +
++++++++++
-------- --------
/ \ (qfe1)+----------+(qfe2) / \
/ NETWORK \------------| E250 |----------------/ NETWORK \
\ / +----------+ \ /
\ / + |(qfe0) |(RSC) \ /
------- + | |Ethernet --------
+ | |
+ +-------+
+ ^
++++++++++ |
+ VDU + |
++++++++++ |
|
back to back ethernet ------------+
Now you can restrict access to the RSC by a rule on the EFS applied to ethernet
port qfe0 - the downside is you loose access to the RSC when the system is
down ( but you can still use the serial port ).
-------- --------
/ \ (qfe1)+----------+(qfe2) / \
/ NETWORK \------------| E250 |----------------/ NETWORK \
\ / +----------+ \ /
\ / + |(RSC) \ /
------- + |Ethernet --------
+ |
+ |
+ +--------+
++++++++++ |ANOTHER |-------------> To main net
+ VDU + |Firewall|
++++++++++ +--------+
SUBMITTER: Mark Fenwick
APPLIES TO: Hardware/SunScreen
ATTACHMENTS:
Copyright (c) 1997-2003 Sun Microsystems, Inc.