SunScreen 3.1 Reference Manual

Preface

The SunScreen^TM 3.1 software is part of the family of SunScreen products that provide solutions to security, authentication, and privacy requirements for companies to connect securely and conduct business privately over an insecure public internetwork. Earlier SunScreen firewall products include SunScreen EFS, SunScreen SPF-100, SunScreen SPF-100G and SunScreen SPF-200, their respective Administration Stations, SunScreen packet screen software, and SunScreen Simple Key-Management for Internet Protocols (SKIP) encryption software. This SunScreen product integrates the two SunScreen firewall technologies: SunScreen EFS and SunScreen SPF-200.

SunScreen 3.1 Reference Manual For the Solaris Operating Environment contains background and reference information about SunScreen.

Who Should Use This Book

SunScreen 3.1 Reference Manual For the Solaris Operating Environment is intended for system administrators responsible for the operation, support, and maintenance of network security. This manual assumes that you are familiar with UNIX® system administration, TCP/IP networking concepts, and your network topology.

Before You Read This Book

You need to have the following tasks completed before you install and administer your SunScreen:

Become familiar with the SunScreen guides:
- SunScreen 3.1 Release Notes, For the Solaris Operating Environment (PN 806-4129-10)
- SunScreen 3.1 Installation Guide, For the Solaris Operating Environment (PN 806-4126-10)
- SunScreen 3.1 Administration Guide, For the Solaris Operating Environment (PN 806-4127-10)
- SunScreen SKIP User's Guide, Release 1.5.1, For the Solaris Operating Environment (PN 806-5379-10)
Ensure that your system is running one of the following operating environments: Solaris 2.6, Solaris 7, Solaris 8 (without IPv6) or Trusted Solaris 7.
List the network services by location (configuration matrix) allowed and disallowed per location used to establish rules.

How This Book Is Organized

SunScreen 3.1 Reference Manual, For the Solaris Operating Environment contains the following chapters and appendices:

Chapter 1, SunScreen Overview provides a brief overview of the SunScreen product, including operating system and hardware requirements and compatibility.
Chapter 2, SunScreen Concepts discusses Security considerations, Administration, Security policy, and Proxies
Chapter 3, Packet Screening explains dynamic packet filtering, policy versions, interfaces, administration, security policy, proxies, and rules
Chapter 4, Administration describes the types of administration possible including information on remote administration, local administration, centralized management groups of Screens, and creating common objects and policies for multiple Screens
Chapter 5, Administration Graphical User Interface explains the graphical user interface (GUI), including navigation, page descriptions, and field descriptions.
Chapter 6, Encryption, Tunneling, and Virtual Private Networks describes encryption and decryption, how SunScreen uses encryption, and setting up and using a virtual private network.
Chapter 7, Network Address Translation contains information on NAT rules, static and dynamic NAT, and examples of NAT.
Chapter 8, High Availability describes high availability (HA), developing a high-availability (HA) policy, how HA works, and configuring HA.
Chapter 9, Authentication discusses user authentication, authorized user, administrative user, proxy user, details of RADIUS user authentication, and SecurID Authentication
Chapter 10, Proxies describes SunScreen proxies including how proxies work, proxy user authentication, FTP proxy, HTTP proxy, SMTP proxy, and Telnet proxy.
Chapter 11, Logging contains information on packet logging, log file locations, configuring traffic log size, retrieving and clearing logs, log statistics, inspecting and browsing logs, enhancement, and log macros.
Appendix A, Migrating From Previous SunScreen Firewall Products contains a table comparing the commands from SunScreen EFS and SunScreen SPF-200 to the equivalent commands used in SunScreen.
Appendix B, Command-Line Reference documents the command-line interface.
Appendix C, Services and State Engines lists the services and state engines supported by SunScreen.
Appendix D, Error Messages lists the error messages generated by SunScreen.
Glossary lists the terms and their definitions used in the SunScreen documentation.

Related Books and Publications

You may want to refer to the following sources for background information on network security, cryptography, and SKIP.

Schneier, Bruce, Applied Cryptography, John Wiley & Sons, 1996, 2nd edition, ISBN 0471128457
Chapman, D. Brent, and Zwicky, Elizabeth D., Building Internet Firewalls, O'Reilly & Associates, 1995, ISBN 1565921240
Walker, Kathryn M., and Cavanaugh, Linda Croswhite, Computer Security Policies and SunScreen Firewalls, Sun Microsystems Press, Prentice Hall, 1998, ISBN 0130960150
Cheswick, Bill, and Bellovin, Steve, Firewalls and Internet Security, Addison-Wesley, 1994, ISBN 201633574
Comer, Douglas E., Internetworking with TCP/IP, Volume I, Prentice Hall, 1995, ISBN 0132169878
Stallings, William, Network and Internetwork Security Principles and Practice, Institute of Electrical and Electronics, 1994, ISBN 078031108
Garfinkel, Simson, and Spafford, Gene, Practical UNIX and Internet Security, O'Reilly & Associates, 1996, 2nd edition, ISBN 1565921488
Stevens, W. Richard, TCP/IP Illustrated, Volume 1: The Protocols, Addison-Wesley, 1994, ISBN 0201633469
Hunt, Craig, TCP/IP Network Administration, Addison Wesley, 1994, ISBN 020163469
Kaufman, Charlie, Perlman, Radia, et al., Network Security: Private Communication in a Public World, Prentice Hall, 1995, ISBN 078816522.
SKIP IP-Level Cryptography [http://skip.incog.com/]
Sun Software and Networking Security [http://www.sun.com/security/]

Ordering Sun Documents

Fatbrain.com, an Internet professional bookstore, stocks select product documentation from Sun Microsystems, Inc.

For a list of documents and how to order them, visit the Sun Documentation Center on Fatbrain.com at http://www1.fatbrain.com/documentation/sun.

Accessing Sun Documentation Online

The docs.sun.com^SM Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.

Typographic Conventions

The following table describes the typographic changes used in this book.

Table P-1 Typographic Conventions


Typeface or Symbol	Meaning	Example
`AaBbCc123`	The names of commands, files, and directories; on-screen computer output	Edit your `.login` file. Use `ls -a` to list all files. `machine_name% you have mail.`
`AaBbCc123`	What you type, contrasted with on-screen computer output	`machine_name%` `su` `Password:`
`AaBbCc123`	Command-line placeholder: replace with a real name or value	To delete a file, type `rm` `filename`.
AaBbCc123	Book titles, new words, or terms, or words to be emphasized.	Read Chapter 6 in User's Guide. These are called class options. You must be root to do this.

Shell Prompts in Command Examples

The following table shows the default system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.

Table P-2 Shell Prompts


Shell	Prompt
C shell prompt	`machine_name%`
C shell superuser prompt	`machine_name#`
Bourne shell and Korn shell prompt	`$`
Bourne shell and Korn shell superuser prompt	`#`

Getting Support for SunScreen Products

If you purchased this product from Sun Microsystems and require technical support, contact your Sun sales representative or Sun Authorized Reseller.

For information on contacting Sun, go to the URL: http://www.sun.com/service/contacting/index.html.

For information on Sun's Support go to the URL: http://www.sun.com/service/support/index.html.