SunScreen(TM) 3.2 software is part of the family of SunScreen products that provide solutions to security, authentication, and privacy requirements for companies to connect securely and conduct business privately over an insecure public internetwork. Earlier SunScreen firewall products include SunScreen EFS 1.0, 2.0, 3.0, SunScreen 3.1 and SunScreen 3.1 Lite, SunScreen SPF-100 and SunScreen SPF-200, their respective Administration Stations, SunScreen packet filtering software, and SunScreen Simple Key-Management for Internet Protocols (SKIP) encryption software.
This SunScreen 3.2 Installation Guide contains the information necessary for you to install the SunScreen 3.2 software.
The SunScreen 3.2 Installation Guide is intended for system administrators responsible for the operation, support, and maintenance of network security. This manual assumes that you are familiar with UNIX\256 system administration, TCP/IP networking concepts, and your network topology.
Before you install and administer your system, become familiar with the following SunScreen 3.2 manuals:
SunScreen 3.2 Release Notes (PN 806-6350)
SunScreen 3.2 Installation Guide (PN 806-6345)
SunScreen 3.2 Administrator's Overview (PN 806-6347)
SunScreen 3.2 Administration Guide (PN 806-6346)
SunScreen 3.2 Configuration Examples (PN 806-6348)
SunScreen SKIP User's Guide, Release 1.5.1 (PN 806-5379)
The SunScreen 3.2 Installation Guide contains the following chapters and appendices:
Chapter 1 covers the basic concepts of the SunScreen product, including operating system and hardware requirements and compatibility, product architecture, and modes of operation.
Chapter 2 discusses installing SunScreen in routing mode with local administration.
Chapter 3 discusses installing SunScreen in routing mode with remote administration using SKIP certificate technology.
Chapter 4 discusses installing SunScreen in stealth mode using SKIP certificate technology.
Chapter 5 discusses installing SunScreen in routing mode with remote administration using IKE certificate technology.
Chapter 6 discusses installing SunScreen on a Trusted Solaris 8 system.
Chapter 7 contains instructions for upgrading your system to SunScreen 3.2 from SunScreen EFS 1.1, 2.0, 3.0, SunScreen 3.1, SunScreen 3.1 Lite, or SunScreen SPF-200, including how to preserve your existing configurations, as well as how to upgrade your cryptographic modules.
Chapter 8 describes how to convert to SunScreen 3.2 from FireWall-1, releases 2.1, 3.0, or 4.0.
Chapter 9 details removing the SunScreen software.
Appendix A documents the command-line interface for installing SunScreen in its various modes of operation.
Appendix B contains worksheets for planning your security policy, as well as instructions for choosing your initial security level.
Fatbrain.com, an Internet professional bookstore, stocks select product documentation from Sun Microsystems, Inc.
For a list of documents and how to order them, visit the Sun Documentation Center on Fatbrain.com at http://www1.fatbrain.com/documentation/sun.
The docs.sun.comSM Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.
If you purchased this product from Sun Microsystems(TM) and require technical support, contact your Sun(TM) sales representative or Sun Authorized Reseller.
For information on contacting Sun, go to the URL: http://www.sun.com/service/contacting/index.html.
For information on Sun's support, go to the URL: http://www.sun.com/service/support/index.html.
The following table describes the typographic changes used in this book.
Table P-1 Typographic Conventions
Typeface or Symbol |
Meaning |
Example |
---|---|---|
AaBbCc123 | The names of commands, files, and directories; on-screen computer output |
Edit your .login file. Use ls -a to list all files. machine_name% you have mail. |
AaBbCc123 | What you type, contrasted with on-screen computer output |
machine_name% su Password: |
AaBbCc123 | Command-line placeholder: replace with a real name or value |
To delete a file, type rm filename. |
AaBbCc123 |
Book titles, new words, or terms, or words to be emphasized. |
Read Chapter 6 in User's Guide. These are called class options. You must be root to do this. |
The following table shows the default system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.
Table P-2 Shell Prompts
Shell |
Prompt |
---|---|
C shell prompt | machine_name% |
C shell superuser prompt | machine_name# |
Bourne shell and Korn shell prompt | $ |
Bourne shell and Korn shell superuser prompt | # |
The following lists sources for background information on network security, cryptography, and SunScreen.
Schneier, Bruce, Applied Cryptography, John Wiley & Sons, 1996, 2nd edition, ISBN 0471128457
Chapman, D. Brent, and Elizabeth D. Zwicky, Building Internet Firewalls, O'Reilly & Associates, 1995, ISBN 1565921240
Walker, Kathryn M., and Linda Croswhite Cavanaugh, Computer Security Policies and SunScreen Firewalls, Sun Microsystems Press, Prentice Hall, 1998, ISBN 0130960150
Cheswick, Bill, and Steve Bellovin, Firewalls and Internet Security, Addison-Wesley, 1994, ISBN 201633574
Black, Uyless D., Internet Security Protocols: Protecting IP Traffic, 1st Edition, Prentice Hall, 2000, ISBN: 0130142492
Comer, Douglas E., Internetworking with TCP/IP, Volume 1, Prentice Hall, 1995, ISBN 0132169878
Doraswamy, Naganand and Dan Harkins, IPsec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, 1st Edition, Prentice Hall, 1999, ISBN: 0130118982
Stallings, William, Network and Internetwork Security Principles and Practice, Institute of Electrical and Electronics, 1994, ISBN 078031108
Kaufman, Charlie, and Radia Perlman, Mike Speciner, Network Security: Private Communication in a Public World, 1st Edition, Prentice Hall, 1995, ISBN 0130614661
Garfinkel, Simson, and Gene Spafford, Practical UNIX and Internet Security, O'Reilly & Associates, 2nd edition, 1996, ISBN 1565921488
Stevens, W. Richard, TCP/IP Illustrated, Volume 1: The Protocols, Addison-Wesley, 1994, ISBN 0201633469
Farrow, Rik, UNIX System Security: How to Protect Your Data and Prevent Intruders, Addison Wesley, 1994, ISBN 020163469
Sun Software and Networking Security: http://www.sun.com/security/