Features for Managing Network Security in Oracle Solaris
The following table briefly describes several key network security features in
Oracle Solaris.
Table 4 Oracle Solaris Network Security Features
|
|
|
Cryptography for Secure Shell and web applications
|
The OpenSSL object module provides cryptography for Secure Shell
and web applications. OpenSSL is the Open Source toolkit for the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols, and provides a cryptography library. In Oracle Solaris,
Secure Shell and the Apache HTTP Server can use and benefit from
OpenSSL.
|
|
Link protection
|
The link protection mechanism provides protection from basic
threats to a network, for example, IP, DHCP, and MAC spoofing, as
well as L2 frame spoofing and Bridge Protocol Data Unit (BPDU)
attacks.
|
|
Network parameter tuning
|
Tuning network parameters ensures that the network is secure and
prevents malicious attacks, for example, various types of
denial-of-service (DoS) attacks.
|
|
OpenBSD Packet Filter (PF)
|
PF is a network firewall that captures and evaluates inbound
packets for entry to and exit from the system. PF provides stateful
packet inspection. PF can match packets by IP address and port
number, as well as the receiving network interface.
|
|
IP Security Architecture (IPsec)
|
IPsec provides cryptographic protection for IP datagrams in IPv4
and IPv6 network packets. IPsec includes several components that
provide protection for IP packages by authenticating or encrypting
the packets.
|
|
Internet Key Exchange (IKE)
|
The IKE feature automates key management for IPsec. IKE easily
scales to provide a secure channel for a large volume of
traffic.
|
|
Port-based authentication
|
You use the IEEE 802.1X feature to restrict the use of IEEE 802
LAN service access points (ports) and to secure communications
between authenticated devices. Support is limited to wired datalinks
only.
|
|
|
For additional information, see also security related documentation in the Securing
the Oracle Solaris Operating System shelf of the Oracle Solaris 11.4
documentation.