SunScreenTM SKIP is part of the family of SunScreen firewall products that provide a solution to security authentication, encryption, and privacy requirements giving companies a means of securing department networks connected to a public internetwork. This SunScreen SKIP User's Guide, Release 1.5.1,For the Solaris Operating Environment contains information for configuring and administering SunScreen SKIP 1.5.1 on your system. SunScreen SKIP enables secure, encrypted communication between a SunScreen 3.1 Administration Station and a SunScreen 3.1 Screen (or two or more Screens), and between a Screen and a remote SunScreen SKIP host running end-node SKIP.
The SunScreen SKIP User's Guide is intended for SunScreen firewall system administrators responsible for the operation, support, and maintenance of network security. This guide assumes that you are familiar with UNIX system administration, Solaris® 2.6, Solaris 7, Trusted Solaris 7, or Solaris 8 operating environments, and TCP/IP networking concepts, and with your network topology.
For specific instructions on installing and configuring SunScreen SKIP as part of a SunScreen 3.1 Administration Station used to administer a remote Screen, see the SunScreen 3.1 Installation Guide and the SunScreen 3.1 Administration Guide.
This guide assumes that you are familiar with TCP/IP, networking, and public-key and shared-key cryptography.
The SunScreen SKIP User's Guide, Release 1.5.1, For the Solaris Operating System is divided into the following chapters:
Chapter 1, Installing and Configuring SunScreen SKIP describes how to install and configure the certificates for SKIP and how to protect your locally stored secrets with a passphrase.
Chapter 2, Installing Keys and Certificates details how to create and install keys and certificates on your system. If you installed Unsigned Diffie-Hellman Certificates during installation, you can skip this chapter.
Chapter 3, Using the skiptool GUI describes how to use the skiptool graphical user interface (GUI) to monitor the network, how to configure SKIP, how to enable SKIP, how to verify SKIP installation and setup, how to view statistics, and how to manage keys.
Chapter 4, Using the Command-Line Interface describes how to use the command-line interface as superuser or root.
Chapter 5, Usage Examples describes examples of using SunScreen SKIP in several network configurations.
Appendix A, Quick-Start Guide covers installing the SKIP binaries or adding the packages with pkgadd, and setting up IP-level encryption between two hosts.
Appendix B, How SKIP Works is an overview of what SKIP provides to users and how SunScreen SKIP fits in with other security products that use SKIP.
Appendix C, Troubleshooting SunScreen SKIP contains instructions for troubleshooting SKIP and information for understanding SKIP error messages.
Glossary covers those terms that are specific or unique to Sun and the SunScreen line of products.
The following table describes the typographic changes used in this book.
Table P-1 Typographic Conventions
Typeface or Symbol |
Meaning |
Example |
---|---|---|
AaBbCc123 | The names of commands, files, and directories; on-screen computer output |
Edit your .login file. Use ls -a to list all files. machine_name% you have mail. |
AaBbCc123 | What you type, contrasted with on-screen computer output |
machine_name% su Password: |
AaBbCc123 | Command-line placeholder: replace with a real name or value |
To delete a file, type rm filename. |
AaBbCc123 |
Book titles, new words, or terms, or words to be emphasized. |
Read Chapter 6 in User's Guide. These are called class options. You must be root to do this. |
The following table shows the default system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.
Table P-2 Shell Prompts
Shell |
Prompt |
---|---|
C shell prompt | machine_name% |
C shell superuser prompt | machine_name# |
Bourne shell and Korn shell prompt | $ |
Bourne shell and Korn shell superuser prompt | # |
You may want to refer to the following sources for background information on network security, cryptography, and SKIP.
Schneier, Bruce, Applied Cryptography, John Wiley & Sons, 1996, 2nd edition, ISBN 0471128457
Chapman, D. Brent, and Zwicky, Elizabeth D., Building Internet Firewalls, O'Reilly & Associates, 1995, ISBN 1565921240
Walker, Kathryn M., and Cavanaugh, Linda Croswhite, Computer Security Policies and SunScreen Firewalls, Sun Microsystems Press, Prentice Hall, 1998, ISBN 0130960150
Cheswick, Bill, and Bellovin, Steve, Firewalls and Internet Security, Addison-Wesley, 1994, ISBN 201633574
Comer, Douglas E., Internetworking with TCP/IP, Volume 1, Prentice Hall, 1995, ISBN 0132169878
Stallings, William, Network and Internetwork Security Principles and Practice, Institute of Electrical and Electronics, 1994, ISBN 078031108
Garfinkel, Simson, and Spafford, Gene, Practical UNIX and Internet Security, O'Reilly & Associates, 1996, 2nd edition, ISBN 1565921488
Stevens, W. Richard, TCP/IP Illustrated, Volume 1: The Protocols, Addison-Wesley, 1994, ISBN 0201633469
Hunt, Craig, TCP/IP Network Administration, Addison Wesley, 1994, ISBN 020163469
Kaufman, Charlie, Perlman, Radia, et al., Network Security: Private Communication in a Public World, Prentice Hall, 1995, ISBN 078816522.
SKIP IP-Level Cryptography [http://skip.incog.com/]
Sun Software and Networking Security [http://www.sun.com/security/]
Fatbrain.com, an Internet professional bookstore, stocks select product documentation from Sun Microsystems, Inc.
For a list of documents and how to order them, visit the Sun Documentation Center on Fatbrain.com at http://www1.fatbrain.com/documentation/sun.
The docs.sun.comSM Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.
If you purchased this product from Sun Microsystems and require technical support, contact your Sun sales representative or Sun Authorized Reseller.
For information on contacting Sun, go to the URL: http://www.sun.com/service/contacting/index.html.
For information on Sun's Support services go to the URL: http://www.sun.com/service/support/index.html.com/.
Upgrade packages for U.S. Domestic (2048-bit and 4096-bit) and U.S. Export (2048-bit) keys, certificates, and algorithms from SunCA (Sun Microsystems' Certificate Authority) are intended to be used with SKIP.
U.S. customers and companies and some foreign customers and companies may order additional keys, certificates, and algorithms in stronger encryption strengths.
You can add new key pairs and local identities by using the SunScreen Key and Certificate diskettes that are available from Sun Microsystems Certificate Authority. Contact Sun using the email address CArequest@sun.com. These diskettes contain the private value, a signed certificate of the public value, and CA information. This type of key and certificate is known as an issued certificate.