Preface
SunScreenTM 3.2 for the SolarisTM operating environment is part of the family of SunScreen products that provide solutions for security authentication and privacy requirements. SunScreen enables companies to establish secure department networks that are connected to a public internetwork.
This SunScreen 3.2 Administration Guide provides all the information necessary to configure and administer SunScreen on your network. Other manuals in the SunScreen documentation set include:
Who Should Use This Book
The SunScreen 3.2 Administration Guide is intended for SunScreen system administrators who are responsible for the operation, support, and maintenance of network security. In this guide, it is assumed that you are familiar with UNIX\256 system administration and TCP/IP networking concepts as well as with your network topology.
How This Guide Is Organized
The SunScreen 3.2 Administration Guide contains the following chapters and appendixes:
-
Chapter 1, Starting the Administration GUI and Logging In covers the basic concepts as well as the procedures for starting and configuring the Java(TM)-based browser and logging in to the administration graphical user interface (GUI). It also shows how to define access levels for administrative users.
-
Chapter 2, Working With Common Objects contains the procedures for using the administration GUI to add, delete, and rename common objects.
-
Chapter 3, Creating and Managing Rules shows how to use packet filtering, administrative access rules, Network Address Translation (NAT), and virtual private networks (VPN).
-
Chapter 4, Creating and Managing Policies explains how to create a policy file, which specifies how your SunScreen firewall will function. This chapter also contains many policy management procedures.
-
Chapter 5, Using High Availability describes how to set up and manage a High Availability (HA) SunScreen configuration.
-
Chapter 6, Setting Up and Using Proxies tells you how to use proxies to provide content filtering and user authentication.
-
Chapter 7, Configuring Centralized Management Groups describes how to set up multiple Screens to be managed from one location.
-
Chapter 8, Adding Remote Administration Stations After Installation shows how to add additional remote Administration Stations to your network.
-
Chapter 9, Getting Status and Managing Logs describes the information page in the administration GUI, how to view statistics and logs, and how to set the retrieval mode.
-
Chapter 10, Using the Command Line Interface contains procedures for using the UNIX command line interface (CLI) to manage a SunScreen firewall.
-
Appendix A, About SunScreen Lite describes the features and limitations SunScreen 3.2 Lite product, which is bundled with the current release of the Solaris operating environment.
-
Appendix B, Quick Start Procedures contains detailed information about proxy services and SecurID and RADIUS authentication.
Related Books and Publications
You may want to refer to the following sources for background information on cryptography, network security, and SunScreen 3.2 SKIP.
-
Schneier, Bruce, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition, John Wiley & Sons, 1996, ISBN: 0471128457
-
Chapman, D. Brent and Elizabeth D. Zwicky, Building Internet Firewalls, O'Reilly & Associates, 1995, ASIN: 1565921240
-
Walker, Kathryn M. and Linda Croswhite Cavanaugh, Computer Security Policies and SunScreen Firewalls, Sun Microsystems Press, Prentice Hall, 1998, ISBN 0130960150
-
Cheswick, William R. and Steve Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker, 1st edition, Addison-Wesley, 1994, ISBN 201633574
-
Black, Uyless D., Internet Security Protocols: Protecting IP Traffic, 1st Edition, Prentice Hall, 2000, ISBN: 0130142492
-
Comer, Douglas E., Internetworking with TCP/IP, 3rd Edition, Volume 1, Prentice Hall, 1995, ISBN 0132169878
-
Doraswamy, Naganand and Dan Harkins, Ipsec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, 1st Edition, Prentice Hall, 1999, ISBN: 0130118982
-
Stallings, William, Network and Internetwork Security: Principles and Practice, Inst Elect, 1994, Product#: 0780311078
-
Kaufman, Charlie and Radia Perlman, Mike Speciner, Network Security: Private Communication in a Public World, 1st Edition, Prentice Hall, 1995, ISBN: 0130614661
-
Garfinkel, Simson and Gene Spafford, Practical Unix and Internet Security, 2nd Edition, O'Reilly & Associates, 1996, ISBN: 1565921488
-
Farrow, Rik, UNIX System Security: How to Protect Your Data and Prevent Intruders, Addison-Wesley, 1990, ISBN: 0201570300
Sun Software and Networking Security http://www.sun.com/security/
Ordering Sun Documents
Fatbrain.com, an Internet professional bookstore, stocks select product documentation from Sun Microsystems, Inc.
For a list of documents and how to order them, visit the Sun Documentation Center on Fatbrain.com at http://www1.fatbrain.com/documentation/sun.
Accessing Sun Documentation Online
The docs.sun.comSM Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.
Getting Support for SunScreen Products
If you require technical support, contact your Sun sales representative or Sun authorized reseller. See http://www.sun.com/service/contacting/index.html for information on contacting Sun and http://www.sun.com/service/support/index.html for information on Sun's support services.
Typographic Conventions
The following table describes the typographic changes used in this book.
Table P-1 Typographic Conventions|
Typeface or Symbol |
Meaning |
Example |
|---|---|---|
|
AaBbCc123 | The names of commands, files, and directories; on-screen computer output |
Edit your .login file. Use ls -a to list all files. machine_name% you have mail. |
|
AaBbCc123 | What you type, contrasted with on-screen computer output |
machine_name% su Password: |
|
AaBbCc123 | Command-line placeholder: replace with a real name or value |
To delete a file, type rm filename. |
|
AaBbCc123 |
Book titles, new words, or terms, or words to be emphasized. |
Read Chapter 6 in User's Guide. These are called class options. You must be root to do this. |
Shell Prompts in Command Examples
The following table shows the default system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.
Table P-2 Shell Prompts|
Shell |
Prompt |
|---|---|
| C shell prompt | machine_name% |
| C shell superuser prompt | machine_name# |
| Bourne shell and Korn shell prompt | $ |
| Bourne shell and Korn shell superuser prompt | # |
- © 2010, Oracle Corporation and/or its affiliates