What Is SunScreen?

SunScreen is a layered software security solution that is installed on Solaris(TM)-based systems to enable companies to connect their departmental networks to public internetworks securely. Depending on the type of installation, SunScreen can function as both a firewall and router ( in routing mode) or like a bridge for hosts on the network it protects (in stealth mode.)

The Screen is the firewall responsible for screening packets. An Administration Station can be used to define objects and rules that form the security policy and to administer the Screen remotely. Administration can be performed on the Screen itself or from a remote Administration Station. The number of Screens and Administration Stations depends on your site's network topology and security policies. The SunScreen firewall and administration software can be installed on a single system or on separate systems when using an Administration Station to remotely administer the Screen.

Install a Screen at every point in the network where you want to restrict access. In the strictest sense, install one Screen for each point in the network that has direct public access (typically, one per site). One Administration Station can manage multiple Screens, although more Administration Stations can be installed for redundancy and ease of access. Encryption and authentication protects access and limits management of a Screen to an authorized Administration Station.

For encryption, SunScreen supports Internet Protocol Security (IPsec) with manual keying (see "IPsec Key" in the SunScreen 3.2 Administration Guide). Solaris Internet Key Exchange (IKE) and SunScreen Simple Key Management for Internet Protocol (SKIP) (see "Certificate Objects" in the SunScreen 3.2 Administration Guide for information about IKE and SKIP). SunScreen can be configured to encrypt packets using IPsec with manual keying or IKE, as well as with SKIP. IKE and SKIP can be used on the same Screen but they cannot encrypt the same traffic.

To communicate with the Screen using IKE, you must download the SUNWcryr and SUNWcryrx packages onto the Administration Station from: http://www.sun.com/software/solaris/encryption/download.html. This requirement applies in the case of Solaris 9 only if you need to use encryption other than DES or 3DES (which are included with the operating system).