C |
Security |
The Sun Ray system does not encrypt its communications. This means if someone gains access to the data, they have access to what is typed and displayed at the Sun Ray 1 enterprise appliance. The primary forms of protection available are to physically secure the shared resources (uplinks, server, etc.) and to use switched network equipment for the last link to the Sun Ray 1 appliances.
Note - The Sun Ray system consists of a server connected to the Sun Ray 1 appliances by a dedicated, private network (interconnect). The appliances and server communicate over this private switched network.
Using switched network gear for the last link to the appliances makes it very difficult for a malicious user using a PC or network snooper at one of the network ports to obtain unauthorized information. That is because switches only send packets to the proper output port, so a snooper plugged into another port will receive no unauthorized data. If the server and wiring closet are secure, the last hop is switched, and the appliance is plugged directly into the wall jack, then it is virtually impossible to intercept the communications between the server and the appliance.
This appendix covers the following security topics:
There should be physical security on all shared uplinks and switches. This means that the server, the cables to the switch, and the switch are in locked areas where only trusted personnel have access.
Someone with physical access to the network can monitor authentication and all keystrokes that travel across the network.
The network traffic is formatted by the Sun Ray software, so an inexperienced user will have difficultly understanding the information. However, a determined user will be able to decode the information. When challenge/response tokens are available, the authentication challenge and response portions of the messages will be hashed or encrypted. With this added security, even if authentication traffic is monitored, it will not reveal any useful information.
If someone has superuser access to the Sun Ray server, that person can gain access to every user's smart card ID, password, and any user's Internet business. By using the snoop command, all authentication information and keystrokes are available to read. In addition, superuser can read or modify any file, erase disk contents, or crash the server. Therefore, access to the superuser account should be controlled and only provided to trusted personnel.
A normal Sun Ray user can access the user's own information, and any other user's information only in the regular Solaris manner (for example, through the other user's home directory).
DHCP default configuration will assign an IP address to any client that plugs into the switch, which means someone with physical access to the interconnect can plug in a computer. That person may be able to copy files from other servers and could possibly cause performance degradation.
Note - The quality of service assumptions that the Sun Ray system depends on cannot be guaranteed when non-Sun Ray 1 appliances (computers) are used on the private interconnect. Do NOT connect non-Sun Ray devices to the Sun Ray interconnect.
The information available to a PC user plugged into a switch is limited to just that one port.
If a PC is plugged into a hub, all of the traffic going through that hub is available to the PC user. This situation is of greater concern because using a hub means that there is more opportunity for snooping keystrokes to get a login name and password. When challenge/response tokens are available, the system will be configurable such that merely knowing a login name and password is not enough to gain access to the system.
Some switches support remote monitoring features where all the traffic going to or from an identified port can be silently copied to another port. With this feature, someone can see every IP packet to or from a Sun Ray 1 appliance.
Another security concern present on almost all switches: after gaining access to the switch, it is possible and fairly easy to disable a specific port on the switch, thereby denying service to a user. It is therefore important to secure your switches and prevent unauthorized access to control functions by setting passwords and turning off remote access to switch control functions.