A secure network operating system has many characteristics. However, as a common ground, security implementations can usually be broken down into authentication, encryption, public key infrastructure, and security management schemes. Specific review criteria for these areas can be identified as follows:
Authentication – support should extend to the latest Internet standards for network authentication including Kerberos V5 and Transport Layer Security. This is in addition to providing an authentication mechanism that is backward compatible with clients from prior versions of the network operating system. Additionally, smart cards should also be supported for client authentication.
Encryption Services – Beyond authentication, encryption support should also be present in the operating system. Internet services should extend to support the Secure Sockets Layer (SSL) protocol in both standard 40-bit and 128-bit strong encryption strengths. File system encryption should be supported to help secure sensitive data stored on disk.
Public Key Infrastructure – A directory-integrated X.509 Version 3 Certificate server should be provided as part of the operating system. X.509 client certificates should be usable as a means of both network and Web-client authentication.
Centralized Security Management – Services should be provided to allow for centralized administrative control for operating system security policies, allowing administrators to be able to maintain security without having to visit individual systems.
Solaris 7 Implementation Details
Solaris 7 supports the Sun Enterprise Authentication Mechanism. Authentication is managed through the Key Distribution Center. The KDC manages account information for users, applications and servers. Central management of authentication through the KDC allows for single login to the enterprise, making it possible for users to access servers, applications and other resources on the network without having to re-enter login information. Administrators can control and manage authentication from a single console.
As with directory information, security information can be replicated between master and slave servers. Replication speeds up the authentication process and provides back copies of the KDC database in case the master fails. Through the use of user realms, administrators can set organizational boundaries for users and systems. Clients can be authenticated between realms as well.
The Sun Enterprise Authentication Mechanism uses Kerberos V5 security and encryption as specified in RFCs 1510 and 1964. Through this authentication mechanism, Solaris supports secure access to NFS, Telnet, FTP and remote commands. The Remote Procedure Call API (RPCSEC_GSS) allows third-party vendors to create secure applications for Solaris as well. The RPCSEC_GSS security protocol is specified in RFC 2203.
Beyond Kerberos V5 authentication and encryption, Solaris 7 supports a number of encryption options. With remote users and VPN, Sun Screen SKIP supports 40-bit RC2, 40-bit RC4, 56-bit DES CBC, 128-bit RC4, 128-bit SAFER CBC and 3-key Triple-DES encryption.
Secure Sockets Layer (SSL) encryption at the standard 40-bit encryption strength and 128-bit Strong SSL is currently provided as well. Using SSL, sensitive information can be encrypted for Web-based clients accessing information on Solaris 7 servers via the HTTP protocol. WebNFS, SMTP, and other mails services also support SSL for encryption.
Public Key Infrastructure
PKI Services provides a complete X.509 Version 3 certificate. With this, X.509v3 certificates can be securely issued to either employees or business partners. The PKI Services implementation also provides integration with external Certificate Authorities to have certificates signed by trusted commercial providers. With remote access and VPNs, Simple Key-management for Internet Protocols is used. SKIP supports shared keys, public keys, and X.509 v3 certificates. Certificates are supported through the Sun Certificate Manager, which must be installed for certain SSL functions, such as secure communications in the directory.
Several key technologies are used to support the public key infrastructure. Diffie-Hellman key exchange is used for automatic key distribution whereby SunScreen SKIP can securely distribute keys. SKIP uses a private and public key to create public key certificates for users. The public certificate is then exchanged between hosts. A technology, called Certificate Discovery, allows Solaris systems running SKIP to retrieve certificates from other computers running SKIP.
Centralized Security Management
Solaris with Easy Access Server doesn’t provide centralized security management. However, tools are provided to manage specific aspects of security. For example, certificates are managed through Sun Certificate Manager and authentication is managed through the Sun Enterprise Authentication console.
Solaris 7 supports other industry standard encryption features, including Transport Layer Security (TLS), smart cards and file system encryption. Of particular interest are smart cards. Smart cards provide tamper-resistant storage for protecting private keys, account numbers, passwords, and other forms of personal information. This enables portability of credentials and other private information between computers at work, home, or on the road. Smart Cards also eliminate the need to transmit sensitive information, such as authentication tickets and private keys, over networks.
Windows NT Server 4.0 Implementation Details
As with prior versions of Windows NT Server, LAN Manager encrypted authentication continues to be used for network logon. This provides a clean, secure method of gaining access to the network and maintains 100 percent compatibility with all Microsoft-compatible network clients currently in the hands of customers.
Microsoft Internet Information Server 4.0 provides complete support for the SSL protocol. This allows for both 40-bit and 128-bit strong encryption for Internet communications via the HTTP, SMTP, and NNTP services implementations present in IIS 4.0.
Public Key Infrastructure
Windows NT Server 4.0 provides some public-key capabilities with the inclusion of Microsoft Certificate Server in the Windows NT Option Pack. Certificate Server provides an X.509 Version 3 certificate services implementation, allowing certificates to be securely issued to employees and business partners without the need to rely on an external Certificate Authority. Complete integration with IIS 4.0 is provided, allowing certificates to be issued via the Web and to be used as a means of secure client authentication over the Internet.
Centralized Security Management
Included with Service Pack 4 for Windows NT Server 4.0 is the Security Configuration Editor (SCE). SCE provides automated configuration of various global and local security settings access controls on files and registry keys, and security configuration of system services – all via a friendly graphical user interface. Additionally, it allows administrators to define security configurations as a template and then apply the template to selected computers in one operation.
Windows 2000 Server Implementation Details
Windows 2000 Server provides two new authentication options – Kerberos Version 5 and Transport Layer Security (TLS) – in addition to the LAN Manager authentication support in Windows NT Server 4.0. Kerberos is a mature, industry-standard network authentication protocol. On Windows 2000 Server, it can provide fast, single login to Windows 2000 Server-based enterprise resources, as well as to other environments that support this protocol such as several varieties of UNIX. Kerberos-based authentication provides additional benefits such as mutual authentication and delegated authentication. Mutual authentication provides a stronger level of assurance because both the client and the server must prove their identities to each other. Delegated authentication is particularly useful in multi-tier environments because it enables a user’s credentials to be tracked through the entire end-to-end transaction. TLS provides additional Internet standards-based authentication support.
Windows 2000 Server also introduces smart card support on the Windows platform. With its smart card infrastructure, Windows 2000 can use smart cards for network logon and authentication. Additionally, policies can be set so that specific users will be required to use smart cards to gain access to the network.
Public Key Infrastructure
A comprehensive public key infrastructure is an integrated feature of Microsoft Windows 2000 Server. At the core of this implementation is Certificate Services, which provides an Active Directory-integrated X.509 Version 3 certificate server. With Certificate Services, users of Windows 2000 can securely issue certificates to their employees and business partners without the need to use a third-party Certification Authority. Additionally, Windows 2000 Server can use certificates issued by commercial Certificate Authorities.
With the advent of TLS authentication in Windows 2000 Server, certificates can be used as a means of operating system authentication. External users who do not have Windows NT accounts can be authenticated using public-key certificates, which are mapped to an existing user account. Access rights defined for this user account determine the resources the external users can use to access the system. Client authentication using public-key certificates also allows Windows 2000 Server to authenticate external users based on certificates issued by trusted Certificate Authorities. Cross-root certification can also be configured to allow for integration between internally issued public-key certificates and externally issued certificates from commercial Certificate Authorities.
As with Windows NT Server 4.0, complete integration between Certificate Services and Internet Information Services is provided. This allows for certificates to be deployed through a Web-based interface and provides the capability for internally issued certificates for secure Web authentication.
Beyond client authentication, public key security has several prominent uses within the Windows 2000 operating system. Certificate Services is tightly integrated with Internet Information Services, allowing for secure Web applications to be easily deployed on Windows 2000 Server. Additionally, digital signatures can be used within Windows 2000 Server to assure the authenticity of objects (such as software components or e-mail messages).
One of the other features of the public key infrastructure in Windows 2000 Server is the introduction of the CryptoAPI. This provides an easy-to-program certificate management API set to provide for the rapid development of applications to deploy and manage public key certificates. Additionally, many easy-to-use tools and common interface dialogs for managing the private key/public-key pairs and the associated certificates have been provided to ensure that management of the public key services is an easy task for system administrators. Storage of personal security credentials, which uses secure disk-based storage, is easily transported with Microsoft’s proposed industry-standard protocol, Personal Information Exchange.
Other Encryption Features
Beyond the public key infrastructure, Windows 2000 Server provides several encryption implementations within the operating system including:
Encrypting File System (EFS), which provides protection for the storage of sensitive data on the NTFS file system. This file-level encryption uses cryptography with the existing access control model on NTFS to provide a new level of protection for data stored on disk. The encryption technology utilizes a combination of public key technologies for key management and symmetric cryptographic algorithms for data encryption. EFS runs as an integrated system service, making it easy to manage, difficult to attack, and transparent to the user. It provides the key management technology allowing an enterprise to designate data recovery agents to enable business-driven data recovery needs. When encrypted files are backed up to tape, they remain in an encrypted form, resulting in better protection of data on tape backups.
SSL Support in Internet Information Services provides both 40-bit and 128-bit strong encryption support for HTTP, SMTP, and NNTP services, providing for the secure transmission of information over the Internet.
Centralized Security Management
The Security Configuration Editor (SCE) tool is carried over from Windows NT Server 4.0 and enhanced in Windows 2000 Server. It adds policy based security management and configuration with the Active Directory service, providing a complete centralized, directory-enabled security management tool for Windows 2000 Server customers.
Windows 2000 Server provides a sophisticated security infrastructure. At the authentication level, it provides Internet-standards based authentication, supporting Kerberos and Transport Layer Security. It also provides integrated smart card support. In terms of public key infrastructure services, Windows 2000 Server features the ability to use public key certificates for client authentication and an extensible API set for developing public-key based applications. Its X.509 certificate services implementation is also the most complete and features the best directory integration. Finally, Windows 2000 Server offers encryption support within the file system to secure sensitive data.
Windows NT Server 4.0 falls behind Windows 2000 Server in this area. It provides none of the advanced authentication options or PKI infrastructure. However, it does feature an excellent X.509 certificate server and excellent encryption support for Internet services. Additionally, with the advent of the Security Configuration Editor in Service Pack 4, Windows NT Server 4.0 features an excellent centralized administration tool to set security policies and then apply them to other servers, greatly easing administrative tasks.
The Solaris 7 product provides a feature-complete implementation of security tools. Support is available for Kerberos V5, TLS, smart cards, X.509 Certificate Servers, 40 and 128-bit SSL and some centralized security management when integrated with Sun Directory Services or NIS+. Still, there is no single tool or location that allows the administration of all aspects of security management.