SunScreen 3.2 Administrator's Overview


S

	SA (security association), IPsec/IKE ( )

	sample network map ( )

	Screen
		active HA Screen ( )
		components ( ) ( )
		configuration objects ( )
		HA limitations ( )
		managing multiple Screens ( )
		multiple management ( )
		passive ( )
		primary ( )
		reinstate ( )
		remote administration ( )
		remote headless ( )
		secondary ( )

	Screen description of ( )

	screen object
		centralized management ( )
		primary Screen ( )
		secondary Screen ( )

	screening guidelines
		ICMP packets ( )
		IP packets ( )

	secondary Screen ( )
		administration capabilities ( )
		HA ( )
		screen objects ( )

	secondary Screens, centralized management group ( )

	SecurID
		access paths ( )
		ACE ( )
		ACE/Agent installation ( )
		example
			token PIN establishment ( )
		example configuration ( )
		example create registry address ( )
		example stub client configuration ( )
		stub client ( )
		stub client location ( )
		token PIN ( )
		typical authentication ( )
		UDP and TCP protocols ( )
		use caution in deployment ( )

	security association (SA), IPsec/IKE ( )

	security considerations ( )

	security network, sample network map ( )

	security parameters index (SPI ) ( )

	security policy
		`Initial` ( )
		network topology ( ) ( )
		ordered policy rules ( )
		policy objects ( )
		security decisions ( )

	service
		* ( )
		ah ( )
		archie ( )
		`CoolTalk` ( )
		`dns` ( )
		entries for ports ( )
		esp ( )
		`ftp` ( )
		`icmp` ( )
		`ip all` ( )
		`ip mobile` ( )
		ipsec ( )
		ipv6 tunnel ( )
		isakmp ( )
		network service groups ( )
		`nfs readonly` ( )
		ntp ( ) ( )
		predefined ( )
		`realaudio` ( )
		rip ( )
		rpc ( )
		single
			`broadcast` filter ( )
			`reverse` filter ( )
		smtp ( )
		`sqlnet` ( )
		`TCP` ( )
		`tcp all` ( )

	service, traceroute ( )

	service
		tsolpeerinfo ( )
		udp ( )
		VDOLive ( )
		`www` ( )

	service object
		definition ( )
		group ( )
			creating new service ( )
			definition ( )
			modifying ( )
			predefined ( )
		single ( )
			creating new ( )
			`forward` filter ( )
			keyword ( )
			modifying ( )
			`port` filter ( )
			state engine ( )

	services
		discriminator ( )
		`realaudio` state engine ( )
		standard ( )
		state engine ( )

	session logging ( )

	shared-key cryptography ( ) ( )

	shell commands ( )

	signature, IKE ( )

	single Screen, interface objects ( )

	SKIP ( ) ( ) ( )
		certlocal ( ) ( )
		compatibility ( )
		encryption ( )
		RC2 limitation ( )
		SunScreen Lite ( )

	SKIP and IPsec/IKE ( )

	SKIP certificate, NSID ( )

	skiptool GUI
		encryption of administration commands ( )
		graphical user interface ( )

	small work groups, SunScreen Lite ( )

	SMTP proxy
		create rules ( )
		email configuration ( )
		email configuration issues ( )
		example
			add restrictions ( )
			define address group ( ) ( )
			define relay restrictors ( )
			define spam restrictors ( )
			display restrictors ( )
			displaying spam restrictors ( )
			email rule ( )
			remove restriction ( ) ( )
		functions ( )
		MTA filtering ( )
		operation ( )
		rules ( )
		spam
			control ( )
		VirusWall scanning ( )

	`smtp` service ( )

	SNMP
		alerts ( )
		IP addresses ( )
		receivers ( )
		time status indicator ( )
		timer interval ( )

	SNMP traps ( )
		supported ( )

	`snoop` ( )

	snoop, logdump derived from ( )

	`snoop program` ( )

	`snoop` program ( ) ( )

	Solaris, Trusted Solaris 8 for the SPARC platform ( )

	Solaris, compatible versions for the SPARC and Intel platforms ( )

	Solaris IPsec
		See IPsec

	spam
		control ( )
		restictors
			defining ( )
			syntactic forms ( )
		restrictors
			displaying ( )
			working with ( )

	SPI (security parameters index) ( )

	spoof protection ( )

	SQL *Net protocol ( )

	`sqlnet` state engine ( )

	ssadm
		certdb subcommand ( )
		certlocal subcommand ( )
		certrldb subcommand ( )

	`ssadm logdump`, man page ( )

	standard, IETF ( )

	star service ( )

	state engine
		characteristics ( )
		connection management ( )
		definition ( )
		discriminator ( )
		discriminator value ( )
		discriminators ( )
		`dns` ( )
		ether ( )
		`ftp` ( ) ( )
		`icmp` ( )
		`ip` ( )
		`ipfwd` ( )
		`ipmobile` ( )
		`iptunnel` ( )
		new service ( )
		`nis` ( )
		ntp ( ) ( )
		parameters ( )
		`ping` ( )
		`pmap_nis` ( )
		`pmap_tcp` ( )
		`pmap_udp` ( )
		precedence level ( )
		`realaudio` ( )
		`rpc_tcp` ( )
		`rpc_udp` ( )
		`rsh` ( )
		services ( )
		`tcp` ( ) ( )
		`tcpall` ( )
		`udp` ( )
		`udp_datagram` ( )
		`udp_stateless` ( )
		`udpall` ( )

	state engines ( )

	state information, HA limitations ( )

	stateful packet filtering ( )
		details ( )

	statistics, log file ( )

	stealth ( )

	stealth interface ( )
		HA cluster ( )
		high availability ( )
		non-switching hub ( )

	STEALTH interface, SunScreen Lite ( )

	stealth mode ( )
		acts as a bridge ( )
		description ( )
		hardening OS ( )
		interface ( )
		SunScreen Lite ( )

	summary
		packet logging
			summary ( )

	SunScreen
		command compatibility ( )
		compatibility ( )
		configuration editor ( )
		error messages ( )
		example
			continue adding SecurID rules ( )
		how it works ( )
		migration from SunScreen EFS, Release 2.0 ( )
		migration from SunScreen SPF-200 ( )
		upgrading ( )

	SunScreen 3.2
		prerequisites ( )
		resources ( )

	SunScreen and SunScreen Lite
		common features SunScreen Lite and SunScreen
			common features ( )

	SunScreen compared with SunScreen Lite ( )

	SunScreen EFS 1.1 ( )

	SunScreen Lite ( ) ( ) ( ) ( )
		ADMIN interface ( )
		centralized management group ( )
		encryption ( )
		HA ( )
		HA interface ( )
		individual servers ( )
		interfaces ( )
		limitations ( )
		NAT ( )
		number of interfaces ( )
		primary Screen in a centralized management ( )
		remote administration ( )
		SKIIP ( )
		small work groups ( )
		STEALTH interface ( )
		stealth mode ( )
		time-of-day rules ( ) ( )

	SunScreen Lite compared with SunScreen ( )

	SunScreen SKIP
		commands ( )
		end-system SKIP ( )
		header ( )
		key manager ( )
		limitations note ( )
		log ( )

	SunScreen SKIP. See SKIP ( )