As we continue the conversation from last week about Security, where we discussed securing data in various stages such as at rest and in transit on Oracle SuperCluster, something needs to be said about the applications and systems themselves. Read Only permissions and isolation via Oracle Solaris Immutable Zones is a highly effective security measure you can take when it comes to dealing with applications and systems, especially mission-critical ones.
Zones isolate the applications in a way that processes in one zone cannot see or change any other processes in another zone. An interesting way to extend this security capability further, is you can apply Read-Only permissions to the zone to protect the system. The advantages of this are obvious, and the implementation is straightforward.
Glynn Foster, the Principle Product Manager for Solaris, recently posted a great How-To article on ways to implement this protection. Well worth a read if you care about system security!