Preface
The SunScreenTM 3.1 software is part of the family of SunScreen products that provide solutions to security, authentication, and privacy requirements for companies to connect securely and conduct business privately over an insecure public internetwork. Earlier SunScreen firewall products include SunScreen EFS, SunScreen SPF-100, SunScreen SPF-100G and SunScreen SPF-200, their respective Administration Stations, SunScreen packet screen software, and SunScreenTM Simple Key-Management for Internet Protocols (SKIP) encryption software. This SunScreen product integrates the two SunScreen firewall technologies: SunScreen EFS and SunScreen SPF-200.
SunScreen 3.1 Configuration Examples For the Solaris Operating Environment contains detailed examples on how to use SunScreen's features. It does not offer recommendations for what security policy to implement.
Who Should Use This Book
SunScreen 3.1 Configuration Examples For the Solaris Operating Environment is intended for system administrators responsible for the operation, support, and maintenance of network security. It is assumed that you are familiar with UNIXTM system administration, TCP/IP networking concepts, and your network topology.
Before You Read This Book
You need to have the following tasks completed before you install and administer your SunScreen:
-
Become familiar with the SunScreen guides:
-
SunScreen 3.1 Release Notes For the Solaris Operating Environment (PN 806-4129-01)
-
SunScreen 3.1 Installation Guide For the Solaris Operating Environment (PN806-4126-10)
-
SunScreen 3.1 Administration Guide For the Solaris Operating Environment (PN 806-4127-10)
-
SunScreen 3.1 Reference Manual For the Solaris Operating Environment (PN 806-4128-10)
-
SunScreen SKIP User's Guide, Release 1.5.1, For the Solaris Operating Environment (PN 806-5397-10)
-
-
Ensure that your system is running one of the following operating environments: Solaris 2.6, Solaris 7, Solaris 8 (without IPv6), or Trusted Solaris 7.
-
List the network services by location (configuration matrix) allowed and disallowed per location used to establish rules.
Tip -Keep your SunScreen guides available for reference because the information they contain is not duplicated in this document.
How This Book Is Organized
SunScreen 3.1 Configuration Examples For the Solaris Operating Environment contains the following chapters:
-
Chapter 1, Introduction provides a brief overview of the SunScreen examples.
-
Chapter 2, Routing Mode shows a routing-mode Screen installation.
-
Chapter 3, Routing Mode and NAT describes enabling network hosts to be routable or accessible on the Internet.
-
Chapter 4, Routing Mode and VPN Gateway describes setting up a VPN to encrypt and encapsulate packets traveling between remote hosts.
-
Chapter 5, Stealth Mode shows a stealth-mode Screen installation.
-
Chapter 6, Stealth Mode With Tunneling Using Encryption describes using tunneling to hide the internal topology of a network.
-
Chapter 7, Stealth Mode With HA describes HA on two stealth Screens.
-
Chapter 8, Routing Mode With Centralized Management Group describes how configurations on a group of Screens are remotely administered simultaneously.
-
Chapter 9, Mixed Mode With Proxies describes a Screen that is configured to be a stealth firewall and set up to provide user authentication using proxies.
Related Books and Publications
You may want to refer to the following sources for background information on network security, cryptography, and SunScreen SKIP.
-
Schneier, Bruce, Applied Cryptography, John Wiley & Sons, 1996, 2nd edition, ISBN 0471128457
-
Chapman, D. Brent, and Zwicky, Elizabeth D., Building Internet Firewalls, O'Reilly & Associates, 1995, ISBN 1565921240
-
Walker, Kathryn M., and Cavanaugh, Linda Croswhite, Computer Security Policies and SunScreen Firewalls, Sun Microsystems Press, 1998, ISBN 0130960150
-
Cheswick, Bill, and Bellovin, Steve, Firewalls and Internet Security, Addison-Wesley, 1994, ISBN 0201633574
-
Comer, Douglas E., Internetworking with TCP/IP, Volume 1, Prentice Hall, 1995, ISBN 0132169878
-
Stallings, William, Network and Internetwork Security Principles and Practice, Institute of Electrical and Electronics, 1994, ISBN 078031108
-
Garfinkel, Simson, and Spafford, Gene, Practical UNIX and Internet Security, O'Reilly & Associates, 1996, 2nd edition, ISBN 1565921488
-
Stevens, W. Richard, TCP/IP Illustrated, Volume 1 The Protocols, Addison-Wesley, 1994, ISBN 0201633469
-
Hunt, Craig, TCP/IP Network Administration, Addison Wesley, 1994, ISBN 020163469
-
Kaufman, Charlie, and Perlman, Radia, et al., Network Security: Private Communication In a Public World, Prentice Hall, 1995, ISBN 0788165232
-
SKIP IP-Level Cryptography [http://skip.incog.com/]
-
Sun Software and Networking Security [http://www.sun.com/security/]
Ordering Sun Documents
Fatbrain.com, an Internet professional bookstore, stocks select product documentation from Sun Microsystems, Inc.
For a list of documents and how to order them, visit the Sun Documentation Center on Fatbrain.com at http://www1.fatbrain.com/documentation/sun.
Accessing Sun Documentation Online
The docs.sun.comSM Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.
Typographic Conventions
The following table describes the typographic changes used in this book.
Table P-1 Typographic Conventions|
Typeface or Symbol |
Meaning |
Example |
|---|---|---|
|
AaBbCc123 | The names of commands, files, and directories; on-screen computer output |
Edit your .login file. Use ls -a to list all files. machine_name% you have mail. |
|
AaBbCc123 | What you type, contrasted with on-screen computer output |
machine_name% su Password: |
|
AaBbCc123 | Command-line placeholder: replace with a real name or value |
To delete a file, type rm filename. |
|
AaBbCc123 |
Book titles, new words, or terms, or words to be emphasized. |
Read Chapter 6 in User's Guide. These are called class options. You must be root to do this. |
Shell Prompts in Command Examples
The following table shows the default system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.
Table P-2 Shell Prompts|
Shell |
Prompt |
|---|---|
| C shell prompt | machine_name% |
| C shell superuser prompt | machine_name# |
| Bourne shell and Korn shell prompt | $ |
| Bourne shell and Korn shell superuser prompt | # |
Getting Support For SunScreen Products
If you require technical support, contact your Sun sales representative or Sun Authorized Reseller.
For information on contacting Sun, go to:
http://www.sun.com/service/contacting/index.html
For information on Sun's support services, go to:
http://www.sun.com/service/support/index.html
- © 2010, Oracle Corporation and/or its affiliates