SunScreen 3.2 Installation Guide

Security Issues

The systems that are used as gateways, or that are in vulnerable positions on the network, need only have the minimum Solaris software packages installed, which reduces the number of potentially exploitable applications (see "Software and Hardware Requirements" in this manual.

When installing SunScreen in stealth mode, you are asked if you want to harden the Screen. Hardening is optional and if chosen, automatically removes any Solaris software files and packages that might otherwise make the Screen vulnerable to an attack (in accordance with the best practices as described in Hardening in SunScreen 3.2 is based upon JASS (JumpStart Architecture and Security Scripts). More information regarding JASS is available at: The hardening process can be performed during installation or at a later time by running the script: /usr/lib/sunscreen/lib/harden_os. For more information on hardening, see the "Installing in Stealth Mode With Remote Administration Using IKE" and "Installing in Stealth Mode With Remote Administration Using SKIP" chapters in this manual.

Note -

Do not harden your Screen if some of your interfaces are in stealth mode and other interfaces are in routing mode. See the chapter "Configuring a Stealth Mode Screen" in the SunScreen 3.2 Configuration Examples document for an example of a mixed-mode configuration.