{section:border=true}
{include:Left Column}
{column}!security.gif!
h3. Recent Security Papers
{contentbylabel:new,security|operator=AND|key=BluePrints|excerpt=true|maxResults=99}
h3. Security Related Blogs
*[Amazon S3 Silent Data Corruption|http://blogs.sun.com/gbrunett/entry/amazon_s3_silent_data_corruption]*
{quote}
by Glenn Brunett
{quote}
While catching up on my reading, I came across an interesting article focused on the Amazon's Simple Storage Service (S3). The author points to a number of complaints where Amazon S3 customers had experienced silent data corruption. The author recommends calculating MD5 digital fingerprints of files before posting them to S3 and validating those fingerprints after later retrieving them from the service.
*[OpenSSO Servers and Sites Configuration with SSL and SSQ|http://blogs.sun.com/docteger/entry/opensso_servers_and_sites_configuration]*
{quote}
by Michael Teger
{quote}
Here is some information regarding how you might configure OpenSSO sites and servers for a sample SAMLv2 deployment. The requirement in this SAMLv2 deployment is to allow normal users to access OpenSSO via pure SSL and administrative users to access OpenSSO via SSL with certificate authentication.
*[Security Concerns and the ESB|http://blogs.sun.com/ESB/entry/security_concerns_and_the_esb]*
{quote}
by Michael Jenkins
{quote}
I would like to share some points from a recent conversation about requirements in a distributed ESB platform.This post is not going to talk about WS-Security or LDAP or encryption or any specific technology. Instead it is going to cover some of the different and maybe unexpected ways that security concerns are applied in the ESB/SOA space.
*[Towards Running Trusted Extension with OpenSolaris 2008.11|http://blogs.sun.com/schuba/entry/running_trusted_extension_with_opensolaris]*
{quote}
by Christoph Schuba
{quote}
This blog entry is related to the one that Glenn Faden published recently, entitled "Running Trusted Extensions with opensolaris.2008.05" (see below). I updated Glenn's posting to describe how to get Trusted Extensions running on the OpenSolaris 2008.11 distribution.
*[Running Trusted Extensions with opensolaris.2008.05|http://blogs.sun.com/gfaden/entry/running_trusted_extensions_with_opensolaris]*
{quote}
by Glenn Faden
{quote}
When the LiveCD for opensolaris was released last May there was no support for Trusted Extensions. We've made some progress, and I'm happy to report that I am posting this blog in a labeled zone running opensolaris. There are workarounds for the zone installation, X11 remote connections, and desktop login, which are all temporary until the underlying bugs are fixed.
*[Adaptive Security Architecture Principles |http://blogs.sun.com/adaptive_security/entry/adaptive_security_architecture_principles]*
{quote}
by Glenn Brunett
{quote}
Building upon the last posting, this article describes the security architectural principles than are used to guide the design, development, implementation and operation of an adaptively secure environment. Not all principles will necessarily be used in every architecture. These should be used as guiding principles and not considered mandates. Their use is dependent upon the business and technical requirements that the architecture must satisfy.
*[Adaptive Security and Security Architecture |http://blogs.sun.com/adaptive_security/entry/adaptive_security_and_security_architecture]*
{quote}
by Glenn Brunett
{quote}
This article discusses a new perspective of security architecture that is capable of not only reducing threats but anticipating threats before they are manifested. The proposed approach is called adaptive security. Adaptive security will be discussed using biological and ecosystems metaphors as these provide interesting parallels to the issues, threats and countermeasures applicable to IT systems.
*[Solaris 10 Security Deep Dive Presentation |http://blogs.sun.com/gbrunett/entry/new_solaris_10_security_deep]*
{quote}
by Glenn Brunett
{quote}
A lot has changed in Solaris since Solaris 10 Security Deep Dive presentation was first released back in 2005. If you have not taken a look into what Solaris can offer recently you will be in for a pleasant surprise.
*[Angry about your personal data being "lost" to criminals? Tell someone about Sun Ray! |http://blogs.sun.com/bnitz/entry/angry_about_your_personal_data]*
{quote}
by Brian Nitz
{quote}
If the SunRay/Gobi laptop or any of the Sun Ray clients in our office were ever stolen, the criminal would get nothing, zip, zero, nada.
{quote}
{column}
{column:width=20%}
{panel}
!Main^community.gif|align=center!
* [*Security Community Blog*|http://blogs.sun.com/security/]
* [*BigAdmin Security Resource Collection*|http://www.sun.com/bigadmin/collections/security.html]
* [*OpenSolaris Security Community*|http://www.opensolaris.org/os/community/security/]
{panel}
\\
{panel:title=Contents}{toc}{panel}
\\
{panel:title=Other Resources of Interest|bgColor=#F8D583}
[Security Resources on sun.com|http://www.sun.com/security/index.jsp]
\\
{panel}
\\
{column}
{section}
{section:border=true}
{column:width=19%}
{column}
{column}
h3. Security Blueprints
{contentbylabel:security,blueprint|operator=AND|key=BluePrints|excerpt=true|maxResults=99}
h3. Other Technical Papers
{contentbylabel:security,other|operator=AND|key=BluePrints|excerpt=true|maxResults=99}
{column}
{column:width=20%}
\\
{column}
{section}
{include:Left Column}
{column}!security.gif!
h3. Recent Security Papers
{contentbylabel:new,security|operator=AND|key=BluePrints|excerpt=true|maxResults=99}
h3. Security Related Blogs
*[Amazon S3 Silent Data Corruption|http://blogs.sun.com/gbrunett/entry/amazon_s3_silent_data_corruption]*
{quote}
by Glenn Brunett
{quote}
While catching up on my reading, I came across an interesting article focused on the Amazon's Simple Storage Service (S3). The author points to a number of complaints where Amazon S3 customers had experienced silent data corruption. The author recommends calculating MD5 digital fingerprints of files before posting them to S3 and validating those fingerprints after later retrieving them from the service.
*[OpenSSO Servers and Sites Configuration with SSL and SSQ|http://blogs.sun.com/docteger/entry/opensso_servers_and_sites_configuration]*
{quote}
by Michael Teger
{quote}
Here is some information regarding how you might configure OpenSSO sites and servers for a sample SAMLv2 deployment. The requirement in this SAMLv2 deployment is to allow normal users to access OpenSSO via pure SSL and administrative users to access OpenSSO via SSL with certificate authentication.
*[Security Concerns and the ESB|http://blogs.sun.com/ESB/entry/security_concerns_and_the_esb]*
{quote}
by Michael Jenkins
{quote}
I would like to share some points from a recent conversation about requirements in a distributed ESB platform.This post is not going to talk about WS-Security or LDAP or encryption or any specific technology. Instead it is going to cover some of the different and maybe unexpected ways that security concerns are applied in the ESB/SOA space.
*[Towards Running Trusted Extension with OpenSolaris 2008.11|http://blogs.sun.com/schuba/entry/running_trusted_extension_with_opensolaris]*
{quote}
by Christoph Schuba
{quote}
This blog entry is related to the one that Glenn Faden published recently, entitled "Running Trusted Extensions with opensolaris.2008.05" (see below). I updated Glenn's posting to describe how to get Trusted Extensions running on the OpenSolaris 2008.11 distribution.
*[Running Trusted Extensions with opensolaris.2008.05|http://blogs.sun.com/gfaden/entry/running_trusted_extensions_with_opensolaris]*
{quote}
by Glenn Faden
{quote}
When the LiveCD for opensolaris was released last May there was no support for Trusted Extensions. We've made some progress, and I'm happy to report that I am posting this blog in a labeled zone running opensolaris. There are workarounds for the zone installation, X11 remote connections, and desktop login, which are all temporary until the underlying bugs are fixed.
*[Adaptive Security Architecture Principles |http://blogs.sun.com/adaptive_security/entry/adaptive_security_architecture_principles]*
{quote}
by Glenn Brunett
{quote}
Building upon the last posting, this article describes the security architectural principles than are used to guide the design, development, implementation and operation of an adaptively secure environment. Not all principles will necessarily be used in every architecture. These should be used as guiding principles and not considered mandates. Their use is dependent upon the business and technical requirements that the architecture must satisfy.
*[Adaptive Security and Security Architecture |http://blogs.sun.com/adaptive_security/entry/adaptive_security_and_security_architecture]*
{quote}
by Glenn Brunett
{quote}
This article discusses a new perspective of security architecture that is capable of not only reducing threats but anticipating threats before they are manifested. The proposed approach is called adaptive security. Adaptive security will be discussed using biological and ecosystems metaphors as these provide interesting parallels to the issues, threats and countermeasures applicable to IT systems.
*[Solaris 10 Security Deep Dive Presentation |http://blogs.sun.com/gbrunett/entry/new_solaris_10_security_deep]*
{quote}
by Glenn Brunett
{quote}
A lot has changed in Solaris since Solaris 10 Security Deep Dive presentation was first released back in 2005. If you have not taken a look into what Solaris can offer recently you will be in for a pleasant surprise.
*[Angry about your personal data being "lost" to criminals? Tell someone about Sun Ray! |http://blogs.sun.com/bnitz/entry/angry_about_your_personal_data]*
{quote}
by Brian Nitz
{quote}
If the SunRay/Gobi laptop or any of the Sun Ray clients in our office were ever stolen, the criminal would get nothing, zip, zero, nada.
{quote}
{column}
{column:width=20%}
{panel}
!Main^community.gif|align=center!
* [*Security Community Blog*|http://blogs.sun.com/security/]
* [*BigAdmin Security Resource Collection*|http://www.sun.com/bigadmin/collections/security.html]
* [*OpenSolaris Security Community*|http://www.opensolaris.org/os/community/security/]
{panel}
\\
{panel:title=Contents}{toc}{panel}
\\
{panel:title=Other Resources of Interest|bgColor=#F8D583}
[Security Resources on sun.com|http://www.sun.com/security/index.jsp]
\\
{panel}
\\
{column}
{section}
{section:border=true}
{column:width=19%}
{column}
{column}
h3. Security Blueprints
{contentbylabel:security,blueprint|operator=AND|key=BluePrints|excerpt=true|maxResults=99}
h3. Other Technical Papers
{contentbylabel:security,other|operator=AND|key=BluePrints|excerpt=true|maxResults=99}
{column}
{column:width=20%}
\\
{column}
{section}