SunScreen SPF-100

SunScreen SPF-100





The SunScreen(TM) SPF-100 Network Security Product

``The Product Strong Enough for Intuit and 37 Major US Banks''







Copyright 1996 Sun Microsystems, Inc. Mountain View, CA., USA 94043-1100. All Rights Reserved.

SunScreen(TM) SPF-100 Product Brief

Highlights:

OverView

SunScreen is a product family that enables you to realize the promise of doing business over global internetworks by providing privacy of your sensitive data and authenticating the identity of those you communicate with.
The SPF-100 is the initial product introduced in the SunScreen family, and is a unique network security device. No other product combines highly advanced stateful packet filtering with encryption using a proposed industry standard for key management that optimizes performance yet maximizes the protection of your sensitive data.

Product Description
The SunScreen SPF-100 is a dedicated network security device. The embedded operating system does not run any applications and no general "user" programs are on the system or run on the system. And unlike most network security products that are layered onto existing systems, leaving them open to security holes, SunScreen's ``stealth'' design works transparently. This new approach in network security makes it virtually impossible for an outsider to compromise your network.
The SPF-100 filtering engine resides in the operating system's kernel for maximum protection and performance. There are no user-level programs or Unix daemons. The SPF-100 is not "ping-able" and is never seen as a source or destination for packets. Communications between the Administration Station and the SPF-100 is over a private Ethernet and is encrypted as well as authenticated. Individual users are authenticated to the Administration Station.

"SKIP"
At the heart of the SunScreen SPF-100 is a dedicated network device that integrates leading-edge packet screening with authentication and privacy using Simple Key Management for Internet Protocol (SKIP). SKIP is a proposed Internet standard and automatically handles key management allowing applications to be used securely without modifications. SKIP is also freely available in the public domain.
Because the encryption of data occurs at the network (or "IP" layer), existing applications do not require changing to take advantage of SunScreen's privacy features. In fact, all existing TCP/IP-based applications immediately reap the benefits of SunScreen's encryption upon installation of the SPF-100.

Delivering Unprecedented Security
By using stateful, dynamic packet screening and rules-based technology, SunScreen SPF-100 allows filtering at the packet level while retaining application-level intelligence. Packets are examined based on filtering rule sets, and are completely customizable. They may be filtered by connection type, address, protocol, or protocol port number in addition to user definable services. So, you determine which hosts are granted access to your network, when and what types of access are permitted, and what constitutes a security violation.

Enabling Privacy Over Public Networks
SunScreen SPF-100 allows you to create secure virtual private networks (SVPN's) over an otherwise public, insecure network, such as the Internet. This is done by encrypting the data transmitted between two SKIP-enabled sites, hosts, or users. Thus, an encrypted tunnel is created that prevents eavesdroppers from unauthorized access to private data. The administrator selects what type of private key/bulk data encryption is to be used (such as RC2, RC4, DES). For maximum security, the SPF-100 uses SKIP and Diffie-Hellman key pairs to encrypt the traffic key used for the bulk data encryption and changes the traffic key at very frequent intervals.
Using the Internet for inter- or intra-company communication is much less expensive than an equivalent network of leased lines or value-added networks (VANs). In addition, global connectivity with hundreds of thousands of potential business partners is immediately available upon a successful Internet connection.

Flexible and Friendly Administration
The SunScreen Administration Station enables you to manage the SunScreen SPF-100 safely and securely within your network through an encrypted communications channel. In fact, the human interface to the SPF-100 is through the securely autenticated and encrypted connection from the administration station. You may implement your network security plan using a graphical user interface. It may be located anywhere on the network, allowing remote administration of the SunScreen SPF-100 with complete centralized control. The Administration Station includes a powerful log browser for detailed analysis of suspicicious traffic.

A Total Business Solution
As your complete network security solution, SunScreen comes with the hardware, software, training, installation and configuration services and unmatched technical support to ensure that it is customized to meet your company's security needs.
Sun's Internet Commerce Group (ICG) provides a certification service for Diffie-Hellman public keys used by the SKIP protocol. The ICG SunScreen Certifying Authority offers service for worldwide public key distribution. In addition, ICG is working with third-parties to establish other certifying authorities. Additional training and services, such as security audits, consulting, and integration, are available from Sun's Internet Commerce Group and its partners.
SunScreen is backed by SunService, one of the industry's highest-rated service and support organizations, providing you with an unmatched level of service and responsiveness. For urgent requests, immediate telephone assistance and two-hour response time is available 24 hours/day, seven days/week, thus minimizing downtime.

Expandability and Scalability
The SPF-100 is the first in a family of products designed to provide a a scalable growth path. As your networks varies in size from small branch locations to large headquarters facilities, the SunScreen family will have a suitable offering to meet your requirements.

Management made easy
The SPF-100 is easily integrated into an SNMP-based management environment. Options can be set in the rules-based configuration that allow SNMP traps to be sent when certain conditions are met or fail. Thus, if the SNMP management platform is configured to send email, or dial a pager (or anything else) then custom notification can be achieved when at attempt is made to breach network security.
Specifications are subject to change without notice.
re virtual private networks (SVPN's) over an otherwise public, insecure network, such as the Internet. This is done by encrypting the data transmitted between two SKIP-enabled sites, hosts, or users. Thus, an encrypted tunnel is created that prevents eavesdroppers from unauthorized access to private data. The administrator selects what type of private key/bulk data encryption is to be used (such as RC2, RC4, DES). For maximum security, the SPF-100 uses SKIP and Diffie-Hellman key pairs to encrypt the traffic key used for the bulk data encryption and changes the traffic key at very frequent intervals.
Using the Internet for inter- or intra-company communication is much less expensive than an equivalent network of leased lines or value-added networks (VANs). In addition, global connectivity with hundreds of thousands of potential business partners is immediately available upon a successful Internet connection.

Flexible and Friendly Administration
The SunScreen Administration Station enables you to manage the SunScreen SPF-100 safely and securely within your network through an encrypted communications channel. In fact, the human interface to the SPF-100 is through the securely autenticated and encrypted connection from the administration station. You may implement your network security plan using a graphical user interface. It may be located anywhere on the network, allowing remote administration of the SunScreen SPF-100 with complete centralized control. The Administration Station includes a powerful log browser for detailed analysis of suspicicious traffic.

A Total Business Solution
As your complete network security solution, SunScreen comes with the hardware, software, training, installation and configuration services and unmatched technical support to ensure that it is customized to meet your company's security needs.
Sun's Internet Commerce Group (ICG) provides a certification service for Diffie-Hellman public keys used by the SKIP protocol. The ICG SunScreen Certifying Authority offers service for worldwide public key distribution. In addition, ICG is working with third-parties to establish other certifying authorities. Additional training and services, such as security audits, consulting, and integration, are available from Sun's Internet Commerce Group and its partners.
SunScreen is backed by SunService, one of the industry's highest-rated service and support organizations, providing you with an unmatched level of service and responsiveness. For urgent requests, immediate telephone assistance and two-hour response time is available 24 hours/day, seven days/week, thus minimizing downtime.

Expandability and Scalability
The SPF-100 is the first in a family of products designed to provide a a scalable growth path. As your networks varies in size from small branch locations to large headquarters facilities, the SunScreen family will have a suitable offering to meet your requirements.

Management made easy
The SPF-100 is easily integrated into an SNMP-based management environment. Options can be set in the rules-based configuration that allow SNMP traps to be sent when certain conditions are met or fail. Thus, if the SNMP management platform is configured to send email, or dial a pager (or anything else) then custom notification can be achieved when at attempt is made to breach network security.
Specifications are subject to change without notice.

ORDERING AND CONFIGURATION INFORMATION

There are four configurations offered for the SunScreen products. First-time SunScreen customers are encouraged to order one of the SunScreen Starter Kits:

SunScreen SPF-100

SunScreen Administration Station

SunScreen Starter Kit 1

SunScreen Starter Kit 2

AVAILABILITY

HARDWARE AND SOFTWARE CONSIDERATIONS

______________________________________________________________________

Copyright 1996 Sun Microsystems, Inc. 2550 Garcia Avenue, Mountain View, California 94043-1100 U.S.A. All rights reserved. Copyright in this document is owned by Sun Microsystems, Inc. Any person is hereby authorized to view, copy, print, and distribute this document subject to the following conditions:

Note that any product, process or technology described in the document may be the subject of other Intellectual Property rights reserved by Sun Microsystems, Inc. and are not licensed hereunder.

In addition, images, logos, pictures and certain other works concerning the 1994 World Cup soccer event are trademarks or registered trademarks of World Cup USA 1994, Inc. and are protected by copyright laws in the USA and other countries. World Cup USA 1994, Inc. grants no right to copy or otherwise use these materials.

Portions of the product described by this document may be derived from the UNIX(R) and Berkeley 4.3 BSD systems, licensed from UNIX System Laboratories, Inc, a wholly owned subsidiary of Novell, Inc., and the University of California, respectively. Third-party font software in such product is protected by copyright and licensed from Sun's font suppliers.

RESTRICTED RIGHTS LEGEND

Use, duplication, or disclosure by the United States Government is subject to the restrictions set forth in DFARS 252.227-7013 (c)(1)(ii) and FAR 52.227-19.

TRADEMARKS

Sun, the Sun logo, Sun Microsystems, Sun Microsystems Computer Company, SunSoft, Sun Microsystems, SunService, the SunService logo, SunSpectrum, SunSolve Online, HotJava and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. UNIX is a registered trademark in the United States and other countries, exclusively licensed through X/Open Company, Ltd. OPEN LOOK(R)is a registered trademark of Novell, Inc. All other product names mentioned herein are the trademarks of their respective owners.

All SPARC trademarks, including the SCD Compliant Logo, are trademarks or registered trademarks of SPARC International, Inc. SPARCstation, SPARCserver, SPARCengine, SPARCworks, and SPARCompiler are licensed exclusively to Sun Microsystems, Inc. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.

The OPEN LOOK and Sun Graphical User Interfaces were developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun's licensees who implement OPEN LOOK GUIs and otherwise comply with Sun's written license agreements.

X Window System is a trademark of X Consortium, Inc.

THIS PUBLICATION IS PROVIDED ``AS IS'' WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

THIS PUBLICATION COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THE PUBLICATION. SUN MICROSYSTEMS, INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS PUBLICATION AT ANY TIME.

For further information on Intellectual Property matters contact Sun Legal Department at 415-336-0069.

Last Modified: 03:31pm PST, February 05, 1996