Preface
This SunScreen Installation Guide provides all information necessary to install the SunScreen firewall, in either routing or stealth mode, from the SunScreen CD-ROM onto your network.
Who Should Use This Book
This manual is intended for SunScreen system administrators responsible for the operation, support, and maintenance of network security. It is assumed that you are familiar with UNIX system administration and TCP/IP networking concepts, and with your network topology.
How This Guide Is Organized
The SunScreen Installation Guide is organized into the following chapters:
Chapter 1, Installation Overview introduces SunScreen concepts, including product architecture and modes of operation.
Chapter 2, Installation Considerations covers choosing the level of security for SunScreen,preparing for installation with either local or remote administration, and worksheets for planning your security policy.
Chapter 3, Installing in Routing Mode With Local Administration contains instructions for installing SunScreen in routing mode with local administration.
Chapter 4, Installing in Routing Mode With Remote Administration contains instructions for installing a remotely administered SunScreen using self-generated or issued certificates.
Chapter 5, Installing in Stealth Mode contains instructions for installing SunScreen in stealth mode.
Chapter 6, Installing on Trusted Solaris contains instructions on how to install SunScreen on a Trusted Solaris system.
Chapter 7, Upgrading From SunScreen EFS and SunScreen SPF-200 contains instructions for upgrading from SunScreen EFS 1.1 or 2.0, 3.0, or from SPF-200, to SunScreen, including how to preserve your existing configurations.
Chapter 8, Converting FireWall-1 to SunScreen 3.1 in Routing Mode explains how to convert from FireWall-1, Release 2.1 or 3.0, to SunScreen.
Chapter 9, Removing SunScreen 3.1 explains how to remove the SunScreen 3.1 software.
Appendix A, Command Line Installation shows examples of using the command line to install SunScreen 3.1 in routing mode with remote administration or in stealth mode.
Appendix B, Upgrading Cryptography Modules explains how to add additional Cryptography modules to your SKIP configuration.
Ordering Sun Documents
Fatbrain.com, an Internet professional bookstore, stocks select product documentation from Sun Microsystems, Inc.
For a list of documents and how to order them, visit the Sun Documentation Center on Fatbrain.com at http://www1.fatbrain.com/documentation/sun.
Accessing Sun Documentation Online
The docs.sun.comSM Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.
Getting Support for SunScreen Products
If you require technical support, contact your Sun sales representative or Sun Authorized Reseller. See http://www.sun.com/service/contacting/index.html for information on contacting Sun andhttp://internet.central.sun.com/service/support/index.html for information on Sun's support services.
Typographic Conventions
The following table describes the typographic changes used in this book.
Table P-1 Typographic Conventions|
Typeface or Symbol |
Meaning |
Example |
|---|---|---|
|
AaBbCc123 | The names of commands, files, and directories; on-screen computer output |
Edit your .login file. Use ls -a to list all files. machine_name% you have mail. |
|
AaBbCc123 | What you type, contrasted with on-screen computer output |
machine_name% su Password: |
|
AaBbCc123 | Command-line placeholder: replace with a real name or value |
To delete a file, type rm filename. |
|
AaBbCc123 |
Book titles, new words, or terms, or words to be emphasized. |
Read Chapter 6 in User's Guide. These are called class options. You must be root to do this. |
Shell Prompts in Command Examples
The following table shows the default system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.
Table P-2 Shell Prompts|
Shell |
Prompt |
|---|---|
| C shell prompt | machine_name% |
| C shell superuser prompt | machine_name# |
| Bourne shell and Korn shell prompt | $ |
| Bourne shell and Korn shell superuser prompt | # |
Related Books and Publications
You may want to refer to the following sources for background information on network security, cryptography, and SKIP.
-
Schneier, Bruce, Applied Cryptography, John Wiley & Sons, 1996, 2nd edition, ISBN 0471128457
-
Chapman, D. Brent, and Zwicky, Elizabeth D., Building Internet Firewalls, O'Reilly & Associates, 1995, ISBN 1565921240
-
Walker, Kathryn M., and Cavanaugh, Linda Croswhite, Computer Security Policies and SunScreen Firewalls, Sun Microsystems Press, Prentice Hall, 1998, ISBN 0130960150
-
Cheswick, Bill, and Bellovin, Steve, Firewalls and Internet Security, Addison-Wesley, 1994, ISBN 201633574
-
Comer, Douglas E., Internetworking with TCP/IP, Volume 1, Prentice Hall, 1995, ISBN 0132169878
-
Stallings, William, Network and Internetwork Security Principles and Practice, Institute of Electrical and Electronics, 1994, ISBN 078031108
-
Garfinkel, Simson, and Spafford, Gene, Practical UNIX and Internet Security, O'Reilly & Associates, 1996, 2nd edition, ISBN 1565921488
-
Stevens, W. Richard, TCP/IP Illustrated, Volume 1: The Protocols, Addison-Wesley, 1994, ISBN 0201633469
-
Hunt, Craig, TCP/IP Network Administration, Addison Wesley, 1994, ISBN 020163469
-
Kaufman, Charlie, Perlman, Radia, et al., Network Security: Private Communication in a Public World, Prentice Hall, 1995, ISBN 078816522.
-
SKIP IP-Level Cryptography http://skip.incog.com/
Sun Software and Networking Security http://www.sun.com/security/
- © 2010, Oracle Corporation and/or its affiliates