Preface
The SunScreenTM 3.2 software is part of the family of SunScreen products that provide solutions to security, authentication, and privacy requirements for companies to connect securely and conduct business privately over an insecure public internetwork. Earlier SunScreen firewall products include SunScreen EFS, SunScreen SPF-100, SunScreen SPF-100G and SunScreen SPF-200, their respective Administration Stations, SunScreen packet screen software, and SunScreen Simple Key-Management for Internet Protocols (SKIP) encryption software. This SunScreen product integrates the two SunScreen firewall technologies: SunScreen EFS and SunScreen SPF-200.
SunScreen 3.2 Configuration Examples contains detailed examples on how to use the SunScreen features. It does not offer recommendations for what security policy to implement.
Who Should Use This Book
SunScreen 3.2 Configuration Examples is intended for system administrators responsible for the operation, support, and maintenance of network security. It is assumed that you are familiar with UNIXTM system administration, TCP/IP networking concepts, and your network topology.
Before You Read This Book
You need to have the following tasks completed before you install and administer your SunScreen:
-
Become familiar with the SunScreen guides:
-
SunScreen 3.2 Release Notes
-
SunScreen 3.2 Installation Guide
-
SunScreen 3.2 Administration Guide
-
SunScreen 3.2 Administrators Guide
-
SunScreen SKIP User's Guide, Release 1.5.1
-
-
Ensure that your system is running one of the following operating environments: Solaris 2.6, Solaris 7, Solaris 8 (without IPv6), or Trusted Solaris 7 or 8.
-
List the network services by location (configuration matrix) allowed and disallowed per location used to establish rules.
Tip -Keep your SunScreen guides available for reference because the information they contain is not duplicated in this document.
How This Book Is Organized
SunScreen 3.2 Configuration Examples contains the following chapters:
-
Chapter 1, Introduction provides a brief overview of the SunScreen examples.
-
Chapter 2, Setting Up Remote Administration in Routing Mode describes how to set up an Administration Station with a Screen using SKIP or IKE as encryption.
-
Chapter 3, Configuring Network Address Translation (NAT) describes enabling network hosts to be routable or accessible on the Internet.
-
Chapter 4, Configuring a Stealth Mode Screen shows a stealth-mode Screen installation.
-
Chapter 5, Creating a VPN describes how to use traffic filtering encryption and VPN rules and also using tunneling to hide the internal topology of a network.
-
Chapter 6, Using High Availability (HA) describes HA on two stealth Screens.
-
Chapter 7, Creating a Centralized Management Group describes how configurations on a group of Screens are remotely administered simultaneously.
-
Chapter 8, Using Proxies in Mixed-Mode describes a Screen that is configured to be a stealth firewall and set up to provide user authentication using proxies.
-
Chapter 9 details how you would set up a Screen and a Windows 2000 system to interoperate using IKE.
Related Books and Publications
You may want to refer to the following sources for background information on cryptography, network security, firewalls, and SKIP.
-
Schneier, Bruce, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition, John Wiley & Sons, 1996, ISBN: 0471128457
-
Chapman, D. Brent and Elizabeth D. Zwicky, Building Internet Firewalls, O'Reilly & Associates, 1995, ASIN: 1565921240
-
Walker, Kathryn M. and Linda Croswhite Cavanaugh, Computer Security Policies and SunScreen Firewalls, Sun Microsystems Press, Prentice Hall, 1998, ISBN 0130960150
-
Cheswick, William R. and Steve Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker, 1st edition, Addison-Wesley, 1994, ISBN 201633574
-
Black, Uyless D., Internet Security Protocols: Protecting IP Traffic, 1st Edition, Prentice Hall, 2000, ISBN: 0130142492
-
Comer, Douglas E., Internetworking with TCP/IP, 3rd Edition, Volume 1, Prentice Hall, 1995, ISBN 0132169878
-
Doraswamy, Naganand and Dan Harkins, Ipsec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, 1st Edition, Prentice Hall, 1999, ISBN: 0130118982
-
Stallings, William, Network and Internetwork Security: Principles and Practice, Inst Elect, 1994, Product#: 0780311078
-
Kaufman, Charlie and Radia Perlman, Mike Speciner, Network Security: Private Communication in a Public World, 1st Edition, Prentice Hall, 1995, ISBN: 0130614661
-
Garfinkel, Simson and Gene Spafford, Practical Unix and Internet Security, 2nd Edition, O'Reilly & Associates, 1996, ISBN: 1565921488
-
Farrow, Rik, UNIX System Security: How to Protect Your Data and Prevent Intruders, Addison-Wesley, 1990, ISBN: 0201570300
Sun Software and Networking Security http://www.sun.com/security/
Ordering Sun Documents
Fatbrain.com, an Internet professional bookstore, stocks select product documentation from Sun Microsystems, Inc.
For a list of documents and how to order them, visit the Sun Documentation Center on Fatbrain.com at http://www1.fatbrain.com/documentation/sun.
Accessing Sun Documentation Online
The docs.sun.comSM Web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. The URL is http://docs.sun.com.
Typographic Conventions
The following table describes the typographic changes used in this book.
Table P-1 Typographic Conventions|
Typeface or Symbol |
Meaning |
Example |
|---|---|---|
|
AaBbCc123 | The names of commands, files, and directories; on-screen computer output |
Edit your .login file. Use ls -a to list all files. machine_name% you have mail. |
|
AaBbCc123 | What you type, contrasted with on-screen computer output |
machine_name% su Password: |
|
AaBbCc123 | Command-line placeholder: replace with a real name or value |
To delete a file, type rm filename. |
|
AaBbCc123 |
Book titles, new words, or terms, or words to be emphasized. |
Read Chapter 6 in User's Guide. These are called class options. You must be root to do this. |
Shell Prompts in Command Examples
The following table shows the default system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.
Table P-2 Shell Prompts|
Shell |
Prompt |
|---|---|
| C shell prompt | machine_name% |
| C shell superuser prompt | machine_name# |
| Bourne shell and Korn shell prompt | $ |
| Bourne shell and Korn shell superuser prompt | # |
Getting Support For SunScreen Products
If you require technical support, contact your Sun sales representative or Sun Authorized Reseller.
For information on contacting Sun, go to:
http://www.sun.com/service/contacting/index.html
For information on Sun's support services, go to:
http://www.sun.com/service/support/index.html
- © 2010, Oracle Corporation and/or its affiliates