Skip to Content Sun and Oracle Channel Sun How to Buy Log In United States [Change] English

SunScreen Secure Net 3.1

Product Home
	Data Sheet
»	FAQ

SunScreen Secure Net delivers a comprehensive, affordable security solution for protecting corporate assets as well as enabling secure Internet and extranet business models.

PDF (25K)

Table of Contents

Secure Business Network
Requirements for the Secure Business Network
SunScreen Secure Net for Enterprise-Wide Security

SunScreen Secure Net Features
SunScreen SKIP
Platforms and Requirements

Secure Business Network

Today, the focus in network security has shifted from preventing attacks from the Internet with a single firewall to providing security throughout the corporate network. This paradigm shift is occurring because network-wide security now allows large organizations to utilize the Internet's full potential, enabling new business models such as secure intranets, secure extranets for partners, and secure remote access for employees.

Requirements for the Secure Business Network

The Secure Business Network is a comprehensive security system for the entire corporate infrastructure. Although a firewall plays an important part in providing this level of security, a true Secure Business Network is far more extensive than a single firewall.

It includes:

Multiple, high-performance screens (firewalls) to support the ever-increasing network demands
Increased security for screens
Centralized management of multiple screens
High availability for screening and encryption
Affordable technology that encourages deployment throughout the enterprise

SunScreen Secure Net for Enterprise-Wide Security

SunScreen Secure Net is a versatile firewall that consists of a rules-based, stateful packet-filtering engine for network access control as well as an encryption and authentication engine that enables customers to create secure Virtual Private Network (VPN) gateways by integrating public-key encryption technology. It delivers secure administration through an easy-to-use graphical user interface (GUI) using a Web browser.

SunScreen Secure Net is the first firewall solution to address high availability (HA) for standards-based encryption. By deploying SunScreen Secure Net throughout your enterprise, corporate security policy is expanded beyond Internet firewall containment; it is integrated right into the enterprise infrastructure. SunScreen Secure Net also reaches out from the enterprise. Corporate partners that have SunScreen Secure Net, or use SKIP (Simple Key-management for Internet Protocols) encryption-based firewalls, can connect into a secure extranet.

SunScreen Secure Net Features

Centralized Management
Large Secure Business Networks can require anywhere from 10 to 100 or more firewalls throughout the world, and ideally, all these firewalls should be managed from a central location. By grouping these firewalls, one screen can act as the primary screen for a group of firewalls with common address groups, service groups, user groups, and rules for defining the network configuration. Each individual screen's configuration inherits these common definitions, however, the configuration can be customized through the implementation of rules and objects unique to the specific firewall.

GUI Management System
Java technology-based GUIs running on a browser enable an administrator to remotely manage the Screens. SunScreen SKIP, managed by the skiptool GUI, secures the connection between the machine running the browser and the screens. Additionally, an installation Wizard GUI assists new installations.

Operating Modes
SunScreen Secure Net has two distinct operating modes. Customers can designate interfaces in either routing or stealth mode on a screen-by-screen basis.

Routing
In routing mode, SunScreen Secure Net is a firewall with the optional use of proxies for content filtering and user authentication. Fully engineered for multiprocessing, SunScreen Secure Net is one of the fastest firewalls available. Typically, a routing firewall is used within the enterprise intranet.

Stealth
Because no IP address is used, stealth screens provide a higher level of security. Configurable stealth solves the problem of organizations that need both types of firewalls. When connecting to non-secure networks, stealth capability provides extra security against firewall attack.

Hardened Operating System
Stealth mode offers optional hardening of the operating environment on the screen. Hardening removes packages and files from the Solaris Operating Environment that are not used by SunScreen Secure Net.

High Availability (HA)
HA is available for routing mode installations. The primary HA screen manages secondary HA screens in an HA cluster. Passive HA screens within an HA cluster mirror the state of the active screen, which can be the primary or a secondary HA screen. When the active screen fails, the passive screen that has been running the longest takes over as the active screen within the cluster.

Proxies
In routing mode, optional proxies provide content filtering and user authentication. SunScreen Secure Net provides proxies for:

HTTP Proxy: Allows or denies connections based on source and destination addresses, and provides filtering functions such as passing or dropping Java applets, cookie requests and responses, and Active X content.
Telnet Proxy: Provides a virtual terminal relay, allows or denies connections based on source and destination addresses, and performs user authentication.
FTP Proxy: Functions as a relay for ftp and controls connections based on source and destination addresses and user authentication. The proxy limits access to certain file transfer commands such as put or get based on these same criteria.
SMTP Proxy: Provides a relay for electronic mail, and makes access determinations based on source and destination addresses. Anti-spam filtering is also available.

SunScreen SKIP

Strong standards-based SKIP encryption provides protection for data whenever critical information is sent over untrusted internal networks or the Internet. For example, user groups within certain functional areas -- such as finance -- can have e-mail and other communication encrypted over the network. Additional security measures can be invoked for services such as file copying (ftp) and remote login (telnet).

To enable secure remote access from a remote administration station, SunScreen Secure Net includes SunScreen SKIP clients for Solaris, Windows 95, Windows 98, and Windows NT 4.0 environments. SKIP provides protection for the data being transmitted by ensuring its integrity and enforcing a high level of authentication between two SKIP nodes.

SunScreen SKIP features include:

Application Independence: SunScreen SKIP is a software module that lies at the IP layer and is application independent.
Automatic Certificate Discovery: Eliminate manual key distribution.
Optional Certification Authority Infrastructure Support.

SunScreen SKIP is available in three versions: Global, Export Controlled, and U.S. and Canada Only. The three versions support self-generated or issued certificates from 512 bits to 4096 bits. Data encryption varies from 40-bit RC2 and RC4 to 128-bit SAFER CBC and 3-Key Triple-DES.

Tunneling
Encrypted tunnels hide network topology from intruders and enable the setup of secure VPN gateways over insecure public networks.

Network Address Translation (NAT)
NAT enables a screen to map an internal network address to a different external address, masking the identity of machines within the enterprise. As it passes packets between an internal host and a public network, the addresses in the packet are replaced with new addresses transparently, checksums and sequence numbers are corrected, and the state of the address map is monitored. Administrators can specify when a packet using ordered Network Address Translations is applied based on source or destination addresses.

Time-of-Day Rules
Administrators can define rules that are active only during specified time periods.

Logging
Administrators can search and filter log messages to find critical information quickly and easily. They can monitor logs in realtime using the browser or export logs for subsequent processing.

Configuration Versions
Individual versions of a policy are copied or saved into a new policy. Each version of a policy is maintained, and either all or a portion of a policy can be used at a later date.

Administration Roles
There are four administrative roles to appropriately separate privileges. The Local Administrator has read access, which permits viewing of firewall configurations such as rules, address groups, etc., as well as allowing backup of configuration and log information. The Status Administrator can view the log information and statistics page. The Executive Administrator has all the privileges as both the Local Administrator and the Status Administrator. The Master Administrator has the same privileges as the Executive Administrator plus the authority to assign administrator roles.

Platforms and Requirements

Hardware/Software Platforms

Any system running the Solaris 8, 7, and 2.6 Operating Environments (SPARC® and Intel Architecture platform)
Any system running the Trusted Solaris 7 Operating Environment on SPARC platforms

Link Support

Ethernet, Fast Ethernet, Gigabit Ethernet, ATM (155 and 622 Mbit/sec in LAN emulation mode; CIP mode), Token Ring, and FDDI

Browsers

Browsers supported for administrating SunScreen Secure Net are the HotJava (Solaris 7 and 2.6 OE only) Netscape Communicator, and Internet Explorer browsers supporting JDK 1.1 software (and later) and running on the Solaris 8, 7, 2.6, and 2.5.1 Operating Environments as well as PCs running Windows 95, 98, 98 Second Edition, and NT 4.0

Memory

For systems running just the screen, 32 MB minimum; for systems running the administration station, 32 MB minimum (64 MB strongly recommended)

Disk

A minimum of 1 GB of disk space

Evaluate
»	Product Home
»	Promotions
»	White Papers
»	News & Events



Get
»	Price & Buy



Use
»	Documentation
»	Newsletters



Maintain
»	Previous Versions