Question

A security administrator is hardening a TrustedSolaris server that processes sensitive data. The data owner has established the following security requirements:

✑ The data is for internal consumption only and shall not be distributed to outside individuals
✑ The systems administrator should not have access to the data processed by the server
✑ The integrity of the kernel image is maintained

Which of the following host-based security controls BEST enforce the data owner's requirements? (Choose three.)

A. SELinux
B. DLP
C. HIDS
D. Host-based firewall
E. Measured boot
F. Data encryption
G. Watermarking

Answer 1

To meet the specified security requirements for a TrustedSolaris server, the best host-based security controls are SELinux, measured boot, and data encryption. These measures will restrict internal access, safeguard the kernel image integrity, and secure sensitive data.

Step-by-step explanation:

When hardening a TrustedSolaris server to meet specific security requirements set by the data owner, there are several host-based security controls that can be considered. To ensure the data is for internal use only, the system administrator should not have access to the data, and the integrity of the kernel image is maintained, the following three controls would be most effective:

1. SELinux (Security Enhanced Linux) - A Linux feature that provides a variety of security policies, including mandatory access controls, which can be finely tuned to limit the system administrator’s access to sensitive data.
2. Measured boot - Ensures the integrity of the system by measuring each component of the boot process before executing it and comparing it to known good values.
3. Data encryption - Encrypts the data at rest, ensuring that even if unauthorized access is gained, the data remains inaccessible without the proper decryption key.

These controls align with the security requirements established by the data owner and would greatly enhance the security posture of the server processing sensitive data.