Go to main content

Strategies for Network Administration in Oracle® Solaris 11.3

Exit Print View

Updated: December 2017

Features for Managing Network Security in Oracle Solaris

Oracle Solaris provides several security features that enable you to protect and secure your network. The following table briefly describes several key network security features.

Table 4  Oracle Solaris Network Security Features
Features and Methods Used to Secure the Network
For More Information
Link protection
The link protection mechanism provides protection from basic threats to a network, for example, IP, DHCP, and MAC spoofing, as well as L2 frame spoofing and Bridge Protocol Data Unit (BPDU) attacks.
Network parameter tuning
Tuning network parameters ensures that the network is secure and prevents malicious attacks, for example, various types of denial-of-service (DoS) attacks.
Secure Sockets Layer (SSL) protocol for web server communications
The SSL protocol encrypts and accelerates web server communications on your Oracle Solaris system. SSL provides confidentiality, message integrity, and endpoint authentication between two applications.
OpenBSD Packet Filter (PF)
PF is a network firewall that captures and evaluates inbound packets for entry to and exit from the system. PF provides stateful packet inspection. PF can match packets by IP address and port number, as well as the receiving network interface.
IP Filter feature of Oracle Solaris
Packet filtering provides basic protection against attacks on your network. The IP Filter feature of Oracle Solaris is a firewall that provides stateful packet filtering and network address translation (NAT). IP Filter also includes stateless packet filtering and the ability to create and manage address pools.
IP Security Architecture (IPsec)
IPsec provides cryptographic protection for IP datagrams in IPv4 and IPv6 network packets. IPsec includes several components that provide protection for IP packages by authenticating or encrypting the packets.
Internet Key Exchange (IKE)
The IKE feature automates key management for IPsec. IKE easily scales to provide a secure channel for a large volume of traffic.