Add a Comment
Email This
Statistics
RE: Which release of Solaris 10?
Actually, this test was not designed to test the security features of the products. Rather, it was testing the integrity of the remote services as seen by a hacker if defenses are not in place. This is why in cases like XPSP2, the firewall was turned off intentionally. After all, scanning a closed box makes no sense and provides nothing useful about the integrity of the servers within.
The release of Solaris 10 used was dated as of January 2006, however, it was downloaded directly from Sun's website following their "Get It Now" links. While an IT professional may be able to find more relevant patches, etc. that same professional would also likely know how to secure the system. The same cannot be said for somebody "just trying it out". They will download it the way Sun presents it and learn the system by turning stuff on and then making configurations.
RSS
Which release of Solaris 10?
Sol10u3 aka Solaris 10 11/06 has serious security enhancements. It is meant to be secure by default out of the box and includes multi-level security like Trusted Solaris has.
If the nessus scans you ran were against an earlier release, it would be helpful to run the same tests against an 11/06 release.
View Full Discussion