A security family is a group of hosts that use a common networking protocol and have the same security requirements. As a result, you can apply the same template of network security attributes to them for the purpose of receiving and transmitting data. Trusted networking and templates are explained in more detail in Chapter 3, Administering Trusted Networking.
When the Security Families tool is opened, all available templates display as icons. You can modify either the templates or the host assignments as follows:
To modify a host's IP address or template assignment, select its icon and choose Properties from the popup menu, or double-click the icon.
To change the definition of a template, select the template icon and choose Properties from the popup menu. The Modify Template dialog box is displayed, as illustrated in the following figure.
The tabs in the Modify Template dialog box are described in the following table.
Table 2-4 Template Dialog Box Summary
Tab |
Description |
---|---|
General |
Specifies templates, host types, and minimum/maximum labels. |
Access Control Attributes |
Specifies security attributes to be applied to incoming data from hosts to which this template is applied. The potential incoming security attributes include minimum label, maximum label, default label, and default clearance. |
Advanced Security Attributes |
Specifies security attributes to be applied to outgoing data to hosts to which this template is applied. The potential outgoing security attributes include DOI, IP label type, forced privileges, allowed privileges, RIPSO send class, RIPSO send PAF, RIPSO return PAF, and CIPSO domain. |