Strategies for Network Administration in Oracle^® Solaris 11.4

Cryptography for Secure Shell and web applications

The OpenSSL object module provides cryptography for Secure Shell and web applications. OpenSSL is the Open Source toolkit for the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, and provides a cryptography library. In Oracle Solaris, Secure Shell and the Apache HTTP Server can use and benefit from OpenSSL.

Link protection

The link protection mechanism provides protection from basic threats to a network, for example, IP, DHCP, and MAC spoofing, as well as L2 frame spoofing and Bridge Protocol Data Unit (BPDU) attacks.

Network parameter tuning

Tuning network parameters ensures that the network is secure and prevents malicious attacks, for example, various types of denial-of-service (DoS) attacks.

OpenBSD Packet Filter (PF)

PF is a network firewall that captures and evaluates inbound packets for entry to and exit from the system. PF provides stateful packet inspection. PF can match packets by IP address and port number, as well as the receiving network interface.

IP Security Architecture (IPsec)

IPsec provides cryptographic protection for IP datagrams in IPv4 and IPv6 network packets. IPsec includes several components that provide protection for IP packages by authenticating or encrypting the packets.

Internet Key Exchange (IKE)

The IKE feature automates key management for IPsec. IKE easily scales to provide a secure channel for a large volume of traffic.

Port-based authentication

You use the IEEE 802.1X feature to restrict the use of IEEE 802 LAN service access points (ports) and to secure communications between authenticated devices. Support is limited to wired datalinks only.