Welcome to SunScreen^TM SKIP for Solaris^TM 1.1.1

Internal Network: SunScreen SKIP sites access SunScreen-secured servers to create secure, virtual private networks. A single SunScreen SKIP site accesses a server "in-the-clear."

SunScreen SKIP rounds out the security solution

The SunScreen SKIP product line provides the most flexible methods to conduct business over an intranet or the Internet. An affordable, easy-to-install software module, SunScreen SKIP transparently provides secure communications to users without requiring any modification of existing applications.

SunScreen SKIP authenticates all incoming IP traffic. It also provides integrity and privacy of outgoing data by ensuring it will not be altered or viewed by others while in transit. SunScreen SKIP rounds out the security solution by inter-operating with the SunScreen SPF-100/100G, SunScreen SPF-200, and SunScreen EFS products. It is available on Sun Microsystems' Solaris, Microsoft's Windows 3.11, Windows 95, and Windows NT operating systems.

The network security solution for customers

While the SPF-200 and EFS products provide unparalleled security and encryption capabilities with site-to-site communication, SunScreen SKIP provides customers with the ability to communicate back to the corporate network server using the SPF-200 or EFS. Thus, a secure virtual private network (SVPN) has been created with the client/server relationship. Similarly, SunScreen SKIP also has client-to-client capabilities, allowing remote users to communicate among themselves just as securely and easily as they would with the network server.

With SunScreen SKIP:

• Telecommuters and business travelers can remotely get to their corporate network servers, and businesses can securely place orders with their vendors remotely.
• Customers can confidentially perform financial transactions with their bank.
• Retail businesses can process credit card transactions for their customers. SunScreen SKIP authenticates the IP traffic stream and provides the security necessary to conduct business over the Internet.

Secure private network access with SunScreen SKIP.

The network security solution for corporate intranets

In addition to securing communication over the internet, SunScreen SKIP can also be applied to corporate intranets to authenticate and ensure privacy of users communicating with secured servers. Within a corporate setting, there may be servers that contain sensitive data. These servers, protected by an SPF-200 or EFS, could contain data as sensitive as:

• Confidential financial projections
• Personnel files
• Executive level information

More benefits and flexibility of SunScreen SKIP

SunScreen SKIP is an independent software module in the network (IP) layer, so it is application transparent. Secure communication is possible with all IP (UDP and TCP) applications without modification or knowledge of SKIP.

SunScreen SKIP is offered in a 512-bit Global version, capable of using:

• Unsigned Diffie-Hellman (UDH) keys that can be auto-generated by SunScreen SKIP
• Signed Diffie-Hellman keys to inter-operate with the SunScreen SPF-200 and EFS products

What is SKIP?

SunScreen SKIP is based on Simple Key-management for Internet Protocols (SKIP). SKIP is an emerging ANSI standard for key management for IP encryption. SKIP's many characteristics include:

• Automatic certificate exchanges
• Sessionless protocols
• Multicast and unicast packet protocols for IPv4 and IPv6
• Perfect Forward Secrecy (PFS)

The complete solution provider

Sun through its own certification service and from other Certificate Authorities (CA), provides for signed Diffie-Hellman public keys used by SKIP. Additional training and services, such as security audits, consulting and integration, are available from Sun and its partners.

SunScreen SKIP is backed by SunService^SM, one of the industry's highest-rated service and support organizations, which provides customers with an unmatched level of service and responsiveness.

SunScreen SKIP specifications

Configuration

Hardware and Software supported:

- SPARC workstation or server with a Solaris 2.4, 2.5, 2.5.1, 2.6, or Solaris 7 operating system

- International Solaris versions

Network Interfaces supported:

- Any Sun equipped 10/100 Mbps ethernet interface

- Any Sun supported FDDI interface

- Solaris PPP 5.4 or later

- SunLink PPP 3.0 or later

Memory Requirements:

- A minimum of 16Mbytes of main memory is required, 32Mbytes is recommended

Disk Space Requirements:

- A minimum of 10Mbytes free disk space is required for installation, 7Mbytes of which will be permanently used

Global Version (Diffie-Hellman modulus size of 512 bits)

Algorithms supported:

Key encryption

- 40 bit RC2

- 56 bit DES CBC

Data encryption

- 40 bit RC2

- 40 bit RC4

Authentication

- Keyed MD5

Features

Secures all network applications transparently:

- No modifications are required to existing applications

- Flexible network access control facilities allow or disallow remote access to the local system

- Nomadic mode supports mobile users whose network address changes

Highest Security:

- Available as a Global base product

Convenience:

- Graphical user interface and command line tools for administration

- Automatic Certificate Discovery eliminates manual key distribution

- Supports, but does not require Certification Authority infrastructure

Compatibility

Complies with Internet Engineering Task Force Protocol Specifications:

- SKIP v1, draft-ietf-ipsec-skip-01.txt

- SKIP v2, draft-ietf-ipsec-skip-06.txt

- RFC 1825, Security Architecture for the Internet Protocol

- RFC 1826, IP Authentication Header

- RFC 1827, IP Encapsulating Payload

- RFC 1828, IP Authentication using Keyed MD5

- RFC 1829, ESP DES-CBC Transform