Stealth Mode Interface

A SunScreen in stealth mode bridges the MAC layer. It therefore partitions an existing single network and, consequently, does not itself divide the network into subnetworks. A stealth-mode interface does not have an associated IP address.

In stealth mode, you must configure one interface as an administration interface (to perform remote administration). This interface is special case of a routing interface that is configured so that it only passes encrypted administration traffic between the Screen and a remote Administration Station.

Hardening the OS

If all of your filtering interfaces are in stealth mode, SunScreen offers optional hardening of the OS, which removes packages and files from the Solaris operating system that are not used by SunScreen--in accordance with the best practices as described in http://www.sun.com/blueprints/browsesubject.html#security. Hardening in SunScreen 3.2 is based upon JASS (JumpStart Architecture and Security Scripts). The JASS scripts are in /usr/lib/sunscreen/admin/jass. The hardening script is /usr/lib/sunscreen/lib/harden_os. The process of hardening can be carried out at install time or at a later time by running the script.

WARNING: this script cannot be reversed; once files have been removed, the only way to recover them is to reinstall Solaris.

If some of your filtering interfaces are in stealth mode and other interfaces are in routing mode, you should not use the option of hardening of the OS that SunScreen offers.