SunScreen 3.2 Administrator's Overview

Preface

SunScreen^TM 3.2 software is part of the family of SunScreen products that provide solutions to security, authentication, and privacy requirements for companies to connect securely and conduct business privately over an insecure public internetwork. Earlier SunScreen firewall products include SunScreen EFS, SunScreen SPF-100, and SunScreen SPF-200, their respective Administration Stations, and SunScreen packet filtering software. This SunScreen product integrates the two SunScreen firewall technologies--SunScreen EFS and SunScreen SPF-200--and includes two encryption technologies: SKIP (Simple Key-Management for Internet Protocols) and IPsec/IKE (Internet Protocol Security/Internet Key Exchange).

SunScreen 3.2 Administrator's Overview contains background and reference information needed to properly configure, monitor, and maintain SunScreen 3.2.

Who Should Use This Book

SunScreen 3.2 Administrator's Overview is intended for system administrators responsible for the operation, support, and maintenance of network security. This manual assumes that you are familiar with UNIX® system administration, TCP/IP networking concepts, and your network topology.

Before You Read This Book

You need to be familiar with the following information before you install and administer SunScreen 3.2:

SunScreen manuals:
- SunScreen 3.2 Release Notes(PN 806-4129-10)
- SunScreen 3.2 Installation Guide(PN 806-4126-10)
- SunScreen 3.2 Administration Guide(PN 806-4127-10)
- SunScreen 3.2 Configuration Examples
- SunScreen SKIP User's Guide, Release 1.5.1(PN 806-5379-10)

How This Book Is Organized

SunScreen 3.2 Administrator's Overview contains the following chapters and appendices:

Chapter 1, SunScreen Overview provides a brief overview of the SunScreen product, including operating system and hardware requirements and compatibility.
Chapter 2, SunScreen Concepts discusses security considerations, administration, security policy, and proxies.
Chapter 3, Packet Filtering explains stateful packet filtering, policy versions, interfaces, administration, security policy, proxies, and rules.
Chapter 4, Common Objects describes the components or data objects used in making up the rules for a security policy.
Chapter 5, Administration describes the types of administration possible, including information on remote administration, local administration, centralized management of groups of Screens, and creating common objects and policies for multiple Screens.
Chapter 6, Encryption, Tunneling, and Virtual Private Networks describes encryption and decryption, how SunScreen uses encryption, and setting up and using a virtual private network.
Chapter 7, Network Address Translation contains information on NAT rules, static and dynamic NAT, and examples of NAT.
Chapter 8, High Availability describes high availability (HA), developing a high-availability (HA) policy, how HA works, and configuring HA.
Chapter 9, Authentication discusses user authentication, authorized users, administrative users, proxy users, details of RADIUS user authentication, and SecurID authentication.
Chapter 10, Proxies describes SunScreen proxies including how proxies work, proxy user authentication, the FTP proxy, the HTTP proxy, the SMTP proxy, and the Telnet proxy.
Chapter 11, Logging contains information on packet logging, log file locations, configuring traffic log size, retrieving and clearing logs, log statistics, inspecting and browsing logs, enhancement, and log macros.
Appendix A, Migrating From Earlier SunScreen Firewall Products contains a table comparing the commands from SunScreen EFS and SunScreen SPF-200 to the equivalent commands used in SunScreen 3.2.
Appendix B, Configuration Editor Reference documents the command-line interface.
Appendix C, Services and State Engines lists the services and state engines supported by SunScreen.
Appendix D, Error Messages lists the error messages generated by SunScreen.
Glossary lists the terms and their definitions used in the SunScreen documentation.

Related Books and Publications

You may want to refer to the following sources for background information on cryptography, network security, and SKIP.

Schneier, Bruce, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition, John Wiley & Sons, 1996, ISBN: 0471128457
Chapman, D. Brent and Elizabeth D. Zwicky, Building Internet Firewalls, O'Reilly & Associates, 1995, ASIN: 1565921240
Walker, Kathryn M. and Linda Croswhite Cavanaugh, Computer Security Policies and SunScreen Firewalls, Sun Microsystems Press, Prentice Hall, 1998, ISBN 0130960150
Cheswick, William R. and Steve Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker, 1st edition, Addison-Wesley, 1994, ISBN 201633574
Black, Uyless D., Internet Security Protocols: Protecting IP Traffic, 1st Edition, Prentice Hall, 2000, ISBN: 0130142492
Comer, Douglas E., Internetworking with TCP/IP, 3rd Edition, Volume 1, Prentice Hall, 1995, ISBN 0132169878
Doraswamy, Naganand and Dan Harkins, Ipsec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, 1st Edition, Prentice Hall, 1999, ISBN: 0130118982
Stallings, William, Network and Internetwork Security: Principles and Practice, Inst Elect, 1994, Product#: 0780311078
Kaufman, Charlie and Radia Perlman, Mike Speciner, Network Security: Private Communication in a Public World, 1st Edition, Prentice Hall, 1995, ISBN: 0130614661
Garfinkel, Simson and Gene Spafford, Practical Unix and Internet Security, 2nd Edition, O'Reilly & Associates, 1996, ISBN: 1565921488
Farrow, Rik, UNIX System Security: How to Protect Your Data and Prevent Intruders, Addison-Wesley, 1990, ISBN: 0201570300
Kaufman, Elizabeth and Andrew Neuman, Implementing IPSec: Strategies for Making Network and VPN Security Work, Wiley, John & Sons, Incorporated, 1999

Sun Software and Networking Security: http://www.sun.com/security/

A public SunScreen discussion forum at Sun's Support Forum site is also available. See http://supportforum.sun.com/cgi-bin/WebX.cgi?/security.sunscreen.

Ordering Sun Documents

Fatbrain.com, an Internet professional bookstore, stocks select product documentation from Sun Microsystems, Inc.

For a list of documents and how to order them, visit the Sun Documentation Center on Fatbrain.com at http://www1.fatbrain.com/documentation/sun.

Accessing Sun Documentation Online

The docs.sun.com^SM Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.

Typographic Conventions

The following table describes the typographic changes used in this book.

Table P-1 Typographic Conventions


Typeface or Symbol	Meaning	Example
`AaBbCc123`	The names of commands, files, and directories; on-screen computer output	Edit your `.login` file. Use `ls -a` to list all files. `machine_name% you have mail.`
`AaBbCc123`	What you type, contrasted with on-screen computer output	`machine_name%` `su` `Password:`
`AaBbCc123`	Command-line placeholder: replace with a real name or value	To delete a file, type `rm` `filename`.
AaBbCc123	Book titles, new words, or terms, or words to be emphasized.	Read Chapter 6 in User's Guide. These are called class options. You must be root to do this.

Shell Prompts in Command Examples

The following table shows the default system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.

Table P-2 Shell Prompts


Shell	Prompt
C shell prompt	`machine_name%`
C shell superuser prompt	`machine_name#`
Bourne shell and Korn shell prompt	`$`
Bourne shell and Korn shell superuser prompt	`#`

Getting Support for SunScreen Products

If you purchased this product from Sun Microsystems and require technical support, contact your Sun sales representative or Sun Authorized Reseller.

For information on contacting Sun, go to the URL: http://www.sun.com/service/contacting/index.html

For information on Sun's Support go to the URL: http://www.sun.com/service/support/index.html