SunScreen EFS Release 3.0 Installation Guide

What Is SunScreen EFS 3.0

SunScreen EFS 3.0 is a software security solution, which is installed on a Solaris\256TM-based machine. It lets companies connect their departmental networks to public internetworks securely. SunScreen EFS 3.0 functions as a firewall and router for hosts on the network it is protecting.

The Screen is the firewall responsible for screening packets. The Administration Station is used to define rules and to administer the Screen. The number of Screens and Administration Stations depends on your site's network topology and security policies.

Local Administration

Local administration means that administration of the Screen is conducted on the Screen itself, as shown in Figure 1-1. Local administration does not require encryption as the processes are executing on the Screen. No network traffic is generated, and as such, local administration does not require or utilize encryption.

Figure 1-1 Example of a Locally Administered SunScreen EFS

Graphic

Remote Administration

Remote administration means that administration of the Screen is conducted on an Administration Station, which is a separate machine from the Screen, as shown in Figure 1-2. Remote administration uses encrypted communication between the Screen and Administration Station to protect access and to limit the management of a Screen to an authorized Administration Station. The data which the administrator sees is protected, so the information about the security policy in place on the Screen can not be obtained by others.

Figure 1-2 Example of a Remotely Administered SunScreen EFS

Graphic

The Screen may be both headless and keyboardless, and communicates with the Administration Station through a TCP/IP interface that need not be exposed to the Internet (although it may be exposed to the local network, depending on the topology you use, and your choice of operating in stealth or routing mode).