SunScreen 3.1 Lite is a software security solution that is installed on a Solaris®-based machine. It lets companies connect their departmental networks to public internetworks securely. Depending on how you install it, SunScreen 3.1 Lite can function as a firewall and router for hosts on the network it protects.
The Screen is the firewall responsible for screening packets. You use an Administration Station to define the objects and rules that form the security policy and administer the Screen. The number of Screens and Administration Stations depends on your site's network topology and security policies. You can install all of SunScreen 3.1 Lite on a single machine (local administration) or you can install the administration software and the Screen software on different machines (remote administration).
You need a Screen at every point in the network where you want to restrict access. In the strictest sense, you need one Screen for each point in the network that has direct public access (usually one per site). One Administration Station can manage multiple Screens, although you can install more Administration Stations for redundancy and ease of access. Encryption and authentication protects access and limits management of a Screen to an authorized Administration Station.
With local administration, you administer the Screen on the Screen itself (as shown in the following figure). Local administration does not require an encrypted connection as no network traffic is generated.
With remote administration, you use a separate machine called an Administration Station to administer the Screen (as shown in the following figure). Remote administration uses encrypted communication (using SKIP) between the Screen and Administration Station so the information about the security policy in place on the Screen cannot be obtained by others.