> Date: Mon, 12 Jun 2000 02:47:31 -0700
> From: "Toby A. Rider" <[EMAIL PROTECTED]>
>
> Does the new version of Sunscreen automatically close up all the
> security holes that Solaris comes with out of the box? I administrate
> Sun boxes, Linux boxes and some Irix.
We don't close up security holes automatically, per se, but the
firewall's default action, once configured on all live interfaces,
is to drop all traffic unless it is specifically allowed by your
ruleset.
If you install the full version in Stealth mode, the filtering
interfaces do not have IP stacks and you can automatically harden
the OS during installation (removes most network services, some
packages, and reconfigures some things). (This is similar to
how the SPF-100s and SPF-200s operated). We are working on making
this more robust and applicable to Routing mode, but it won't
be for awhile.
Sun has some good white papers on securing your Solaris box
that were written by Keith Watson and Alex Noordergraaf.
You can find them at:
http://www.sun.com/software/solutions/blueprints/browsesubject.html
Look under "Security"
Valerie
SunScreen development
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
