Sun Solaris Products
Server Solutions
  

Welcome to SunScreen SKIP

See Also

Product Manuals

Open Issues and Late-Breaking News
(7 pp.)

User's Guide
(128 pp.)

License Information
(2 pp.)

   By providing encryption for your data and authentication of the IP traffic stream, SunScreenTM SKIP enables you to securely conduct business over both the corporate intranet and the Internet.

Internal Network

SunScreen SKIP sites securely accessing SunScreen-secured servers creating multiple secure virtual private networks. A single SunScreen SKIP site accessing a server "in-the-clear."

SunScreen SKIP rounds out the security solution

SunScreen SKIP provides the most flexible methods to conduct business over an intranet or the Internet with the SunScreen SKIP product line. An affordably priced, easy-to-install software module, SunScreen SKIP provides secure communications transparently to users without requiring any modification of existing applications.

SunScreen SKIP authenticates all incoming IP traffic. It also provides integrity and privacy of your outgoing data by ensuring that it will not be altered or viewed by others while in transit. SunScreen SKIP rounds out the security solution by inter-operating with the SunScreen SPF-100/100G and SunScreen EFS products. It is available on Sun Microsystems' Solaris, Microsoft's Windows 3.11, Windows 95, and Windows NT operating systems.

The network security solution for customers

While the SPF-100 and EFS products provide unparalleled security and encryption capabilities with site-to-site communication, SunScreen SKIP provides customers with the ability to communicate back to the corporate network server via the SPF-100 or EFS. Thus, a secure virtual private network (SVPN) has been created with the client/server relationship. Similarly, SunScreen SKIP also has client-to-client capabilities, allowing remote users to communicate among themselves just as securely and easily as they would with the network server.

With SunScreen SKIP:
- telecommuters and business travelers can remotely get to their corporate network servers, and businesses can securely place orders with their vendors,
- customers can confidentially perform financial transactions with their bank, or
- retail businesses can process credit card transactions for their customers. SunScreen SKIP authenticates the IP traffic stream and provides the security necessary to conduct business over the Internet.

Remote user securely accessing a SunScreen-secured private network using SunScreen SKIP.

The network security solution for corporate intranets

SunScreen SKIP extends far beyond securing communication over the Internet. It can also be applied to corporate Intranets to authenticate and ensure privacy of users communicating with secured servers. Within a corporate setting, there may be servers that contain sensitive data. These servers, protected by an SPF-100, 100G, or EFS, could contain data such as:

  • confidential financial projections,
  • personnel files, and
  • executive level information.
A corporation's most confidential information can be kept secured yet accessible to only authorized individuals with legitimate need for that information. SunScreen SKIP provides a solution to the problem of maintaining intranet security. By authenticating the IP traffic stream, as well as encrypting it, SunScreen SKIP achieves the goal of securing internal corporate communication.

More benefits and flexibility of SunScreen SKIP

SunScreen SKIP is an independent software module which lies at the network (IP) layer. Therefore, it is application transparent and secure communication is possible with all IP (UDP and TCP) applications without modification or knowledge of SKIP.

SunScreen SKIP is offered in three versions: 512-bit Global version,1024-bit Exportable version, and 2048-bit Domestic Use Only version. The Solaris Server Intranet Extension CD-ROM contains the 512-bit Global version. Global, Exportable, and Domestic Use Only versions of SunScreen SKIP are capable of using Unsigned Diffie-Hellman (UDH) keys that can be auto-generated by SunScreen SKIP. The Global and Exportable versions are capable of using Signed Diffie-Hellman keys to inter-operate with the SunScreen SPF-100 and 100G products.

What is SKIP?

SunScreen SKIP is based on Simple Key-management for Internet Protocols (SKIP). SKIP is an emerging IETF and ANSI standard for key management for IP encryption. You can read more about SKIP at http://skip.incog.com/. SKIP's many characteristics include:

  • automatic certificate exchanges,
  • sessionless protocols,
  • multicast and unicast packet protocols for IPv4 and IPv6, and
  • Perfect Forward Secrecy (PFS).
SKIP was developed by Sun Microsystems, Inc. and the technology has been placed into the public domain to ensure inter-operability between multiple implementations, including the SunScreen product line. All of Sun Microsystem's SKIP-compatible products leverage the Company's expertise and partnerships in network computing technologies, ensuring support for both established and emerging industry standards.

The complete solution provider

Sun's Internet Commerce Group (ICG), through its own certification service and from other Certificate Authorities (CA), provides for signed Diffie-Hellman public keys used by SKIP. The CA's offer service for worldwide distribution of both the 512 Diffie-Hellman keys and 1024 Diffie-Hellman keys. Additional training and services, such as security audits, consulting and integration, are available from ICG and its partners.

SunScreen SKIP is backed by SunServiceSM, one of the industry's highest-rated service and support organizations, providing customers with an unmatched level of service and responsiveness.

SunScreen SKIP specifications:

Hardware and Software supported:
Any SPARC workstation or server using Solaris 2.4, 2.5 and 2.5.1 operating systems
Supports international Solaris versions

Network Interfaces supported:
Any Sun equipped 10/100 Mbps ethernet interface
Any Sun supported FDDI interface
Solaris PPP 5.4 or later
SunLink PPP 3.0 or later

Memory Requirements:
A minimum of 16Mbytes of main memory is required, 32Mbytes is recommended.

Disk Space Requirements:
A minimum of 10Mbytes free disk space is required for installation, 7Mbytes of which will be permanently used.

Global Version:
(Diffie-Hellman modulus size of 512 bits)
Algorithms supported:
Key encryption:
40 bit RC2
56 bit DES CBC
Data encryption:
40 bit RC2
40 bit RC4
Authentication:
Keyed MD5

Export Upgrade:
(Diffie-Hellman modulus size of 1024 bits) This is an optional upgrade to the Global Version available to financial institutes or other customers obtaining export permission from the U.S. Additional algorithms supported:
Data encryption:
56 bit DES CBC

Domestic Upgrade:
(Diffie-Hellman modulus size of 2048 bits) This is an optional upgrade available to North American customers only. Additional algorithms supported:
Key encryption:
56 bit DES CBC
3 Key Triple-DES
128 bit SAFER CBC
Data encryption:
56 bit DES CBC
3 Key Triple-DES
128 bit SAFER CBC

Features:
Secures all network applications transparently:
No modifications are required to existing applications
Flexible network access control facilities allow or disallow remote access to the local system
Nomadic mode supports mobile users whose network address changes with time

Highest Security:
Available as a Global base product
Export and U.S. domestic upgrades are available, which adds additional key sizes and encryption algorithms

Convenience:
Graphical user interface and command line tools for administration
Automatic Certificate Discovery eliminates manual key distribution
Supports, but does not require Certification Authority infrastructure

Compatibility:
Complies with Internet Engineering Task Force Protocol Specifications:
SKIP v1, draft-ietf-ipsec-skip-01.txt
SKIP v2, draft-ietf-ipsec-skip-06.txt
RFC 1825, Security Architecture for the Internet Protocol
RFC 1826, IP Authentication Header
RFC 1827, IP Encapsulating Payload
RFC 1828, IP Authentication using Keyed MD5
RFC 1829, ESP DES-CBC Transform




Copyright 1997 Sun Microsystems, Inc., 2550 Garcia Ave., Mtn. View, CA 94043-1100 U.S.A. All rights reserved.