Host Type and Template Name in Security Templates
cipso host type – Intended for hosts that run labeled trusted operating systems. This host type supports CALIPSO and CIPSO labels.
For IPv6, the CALIPSO protocol is used to specify security labels that are passed in the IP options field. For IPv4, the CIPSO protocol is used. Labels in CALIPSO and CIPSO headers are derived automatically from the data's label. The derived label is then used to make security checks at the IP level and to label the network packets.
unlabeled host type – Intended for hosts that use standard networking protocols but do not support labeled options. Trusted Extensions supplies the template named admin_low for this host type.
This host type is assigned to hosts that run the Oracle Solaris OS or other unlabeled operating systems. This host type provides a default label to apply to communications with the unlabeled host. Also, a label range or a set of discrete labels can be specified to allow the sending of packets to an unlabeled gateway for forwarding.
adaptive host type – Intended for subnets of hosts that are not labeled, but that send packets to a specific network interface on a labeled system. The labeled system applies its network interface default label to the incoming packets.
This host type is assigned to hosts that run the Oracle Solaris OS or other unlabeled operating systems and that are expected to send data to a labeled system. This host type does not provide a default label. The label of communication is derived from the labeled network interface of the receiving system. This host type is assigned to end node systems, not gateways.
The adaptive host type provides flexibility for planning and scaling a trusted network. Administrators can expand the network with new unlabeled systems without having to know the new systems' default label in advance. When an adaptive host is configured to send packets to a labeled network interface on a netif host, the default label of the interface on that netif host assigns the appropriate label to the incoming packets.
netif host type – Intended for the host names of interfaces that receive packets on a specific network interface from adaptive hosts. This host type is assigned to interfaces on Trusted Extensions systems. The default label of the netif interface is applied to the arriving packets.
Trusted Extensions supports four host types in the trusted network databases and provides four default templates:
 | Caution - The admin_low template provides an example for constructing unlabeled templates with site-specific labels. While the admin_low template is required for the installation of Trusted Extensions, the security attributes might be too liberal for normal system operations. Retain the provided templates without modification for system maintenance and support reasons. |