SunScreen Secure Net 3.1
|
Secure Business NetworkToday, the focus in network security has shifted from preventing attacks from the Internet with a single firewall to providing security throughout the corporate network. This paradigm shift is occurring because network-wide security now allows large organizations to utilize the Internet's full potential, enabling new business models such as secure intranets, secure extranets for partners, and secure remote access for employees.Requirements for the Secure Business NetworkThe Secure Business Network is a comprehensive security system for the entire corporate infrastructure. Although a firewall plays an important part in providing this level of security, a true Secure Business Network is far more extensive than a single firewall. It includes:
SunScreen Secure Net for Enterprise-Wide SecuritySunScreen Secure Net is a versatile firewall that consists of a rules-based, stateful packet-filtering engine for network access control as well as an encryption and authentication engine that enables customers to create secure Virtual Private Network (VPN) gateways by integrating public-key encryption technology. It delivers secure administration through an easy-to-use graphical user interface (GUI) using a Web browser. SunScreen Secure Net is the first firewall solution to address high availability (HA) for standards-based encryption. By deploying SunScreen Secure Net throughout your enterprise, corporate security policy is expanded beyond Internet firewall containment; it is integrated right into the enterprise infrastructure. SunScreen Secure Net also reaches out from the enterprise. Corporate partners that have SunScreen Secure Net, or use SKIP (Simple Key-management for Internet Protocols) encryption-based firewalls, can connect into a secure extranet. SunScreen Secure Net FeaturesCentralized ManagementLarge Secure Business Networks can require anywhere from 10 to 100 or more firewalls throughout the world, and ideally, all these firewalls should be managed from a central location. By grouping these firewalls, one screen can act as the primary screen for a group of firewalls with common address groups, service groups, user groups, and rules for defining the network configuration. Each individual screen's configuration inherits these common definitions, however, the configuration can be customized through the implementation of rules and objects unique to the specific firewall. GUI Management System Java technology-based GUIs running on a browser enable an administrator to remotely manage the Screens. SunScreen SKIP, managed by the skiptool GUI, secures the connection between the machine running the browser and the screens. Additionally, an installation Wizard GUI assists new installations. Operating Modes SunScreen Secure Net has two distinct operating modes. Customers can designate interfaces in either routing or stealth mode on a screen-by-screen basis. Routing In routing mode, SunScreen Secure Net is a firewall with the optional use of proxies for content filtering and user authentication. Fully engineered for multiprocessing, SunScreen Secure Net is one of the fastest firewalls available. Typically, a routing firewall is used within the enterprise intranet. Stealth Because no IP address is used, stealth screens provide a higher level of security. Configurable stealth solves the problem of organizations that need both types of firewalls. When connecting to non-secure networks, stealth capability provides extra security against firewall attack. Hardened Operating System Stealth mode offers optional hardening of the operating environment on the screen. Hardening removes packages and files from the Solaris Operating Environment that are not used by SunScreen Secure Net. High Availability (HA) HA is available for routing mode installations. The primary HA screen manages secondary HA screens in an HA cluster. Passive HA screens within an HA cluster mirror the state of the active screen, which can be the primary or a secondary HA screen. When the active screen fails, the passive screen that has been running the longest takes over as the active screen within the cluster. Proxies In routing mode, optional proxies provide content filtering and user authentication. SunScreen Secure Net provides proxies for:
 SunScreen SKIPStrong standards-based SKIP encryption provides protection for data whenever critical information is sent over untrusted internal networks or the Internet. For example, user groups within certain functional areas -- such as finance -- can have e-mail and other communication encrypted over the network. Additional security measures can be invoked for services such as file copying (ftp) and remote login (telnet).To enable secure remote access from a remote administration station, SunScreen Secure Net includes SunScreen SKIP clients for Solaris, Windows 95, Windows 98, and Windows NT 4.0 environments. SKIP provides protection for the data being transmitted by ensuring its integrity and enforcing a high level of authentication between two SKIP nodes. SunScreen SKIP features include:
Tunneling Encrypted tunnels hide network topology from intruders and enable the setup of secure VPN gateways over insecure public networks. Network Address Translation (NAT) NAT enables a screen to map an internal network address to a different external address, masking the identity of machines within the enterprise. As it passes packets between an internal host and a public network, the addresses in the packet are replaced with new addresses transparently, checksums and sequence numbers are corrected, and the state of the address map is monitored. Administrators can specify when a packet using ordered Network Address Translations is applied based on source or destination addresses. Time-of-Day Rules Administrators can define rules that are active only during specified time periods. Logging Administrators can search and filter log messages to find critical information quickly and easily. They can monitor logs in realtime using the browser or export logs for subsequent processing. Configuration Versions Individual versions of a policy are copied or saved into a new policy. Each version of a policy is maintained, and either all or a portion of a policy can be used at a later date. Administration Roles There are four administrative roles to appropriately separate privileges. The Local Administrator has read access, which permits viewing of firewall configurations such as rules, address groups, etc., as well as allowing backup of configuration and log information. The Status Administrator can view the log information and statistics page. The Executive Administrator has all the privileges as both the Local Administrator and the Status Administrator. The Master Administrator has the same privileges as the Executive Administrator plus the authority to assign administrator roles. Platforms and RequirementsHardware/Software Platforms
Link Support
Browsers
Memory
Disk
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
 | | | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
Oracle is reviewing the Sun product roadmap and will provide guidance to customers in accordance with Oracle's standard product communication policies. Any resulting features and timing of release of such features as determined by Oracle's review of roadmaps, are at the sole discretion of Oracle. All product roadmap information, whether communicated by Sun Microsystems or by Oracle, does not represent a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. It is intended for information purposes only, and may not be incorporated into any contract.
