Additional Planning for Open Networks
If your network is open to other networks, you need to specify accessible domains and hosts, and identify which Trusted Solaris hosts will serve as gateways to access them. You need to identify the Trusted Solaris accreditation range for these gateways, and the sensitivity label at which data from other hosts may be viewed. Trusted Solaris software recognizes four labeled host types, including a Trusted Solaris host type (sun_tsol), and provides eleven templates by default, as shown in Table 1-3. The unlabeled template names correspond to the label names in the demo label_encodings(4) file installed from the Trusted Solaris CD.
Table 1-3 Templates Provided with Trusted Solaris Network Software|
|
Host Type |
Template Name |
Purpose |
|---|---|---|---|
|
Unlabeled |
admin_low |
For initial boot, before the host is configured with Trusted Solaris software. |
|
|
|
|
unclassified |
For hosts or networks that send unlabeled packets, for example, Sun systems running Solaris software. |
|
|
|
confidential |
|
|
|
|
secret |
|
|
|
|
top_secret |
|
|
Labeled |
|
|
|
|
|
Trusted Solaris (sun_tsol) |
tsol |
For Trusted Solaris 2.5.1, 7, and 8 hosts or networks. |
|
|
tsol_ripso |
For Trusted Solaris 2.5.1, 7, and 8 hosts or networks that label packets with the RIPSO security option. |
|
|
|
|
tsol_cipso |
For Trusted Solaris 2.5.1, 7, and 8 hosts or networks that label packets with the CIPSO security option. |
|
|
TSIX |
tsix |
For TSIX(RE1.1) hosts or networks. |
|
|
CIPSO |
cipso |
For hosts or networks that send CIPSO packets. |
|
|
RIPSO |
ripso_top_secret |
For hosts or networks that send RIPSO Top Secret packets. |
The tnrhtp(4) man page gives complete descriptions of each host type with several examples.
- © 2010, Oracle Corporation and/or its affiliates