SCN Research: Firewall Product

Solaris Firewall

Firewall Features
• Up-to-date Sparc or X86 Solaris 2.9, with all current Sun Microsystems-approved
  patches applied. All unnecessary kernel and OS services disabled.
• Complete filtering based on host IP number, network, domain name, and service.
• Daily reports discuss security events, along with disk space, CPU usage, illegal
  access attempts, password file status, etc. Completely customizable.
• One-time (skey) passwords. Root restriction logins. Password checking and
  restrictions on bad passwords (not allowed).
• No routing between inside and outside networks.
• Network performance improved over stock OS via special utilities.
• Various Internet services can be turned on and off easily via control files.
• Complete logging of all machine accesses and events stored on either firewall
  machine or internal machine.
• Complete control over which ports logins are allowed on, and reports are generated
  based on login both successful and not successful.
• Improved route management software, same as used by Internet backbone sites
  (GATED), if needed.
• Control of modem access if required.
• Control of individuals or groups that receive security reports generated by system.
• Complete DNS services for firewall system, completely hiding internal machine
  names and access.
• Installation of TripWire, SOCKS, Firewall Toolkit, and other network security
  applications.
• Encrypted session support including fully encrypted telnet, FTP, and filecopy.
• All known Solaris security issues have been fixed.
• All setuid programs not needed are removed.
• Sendmail is not used, and fully capable replacement of sendmail handles all (MTA)
  Mail Transfer Agent responsibilities.
• Email server capable of handling mailing lists, multiple SMTP gateways for
  MS Exchange and Lotus Notes, along with other Unix machines.
• Process-watchers constantly check firewall for problems.
• Stack-overflow defenses are standard.
• All packets are examined and re-written, no pass-through ala
  packet-filter/statefulinspection systems.
• Optional Unix services including NTP, SNMP, etc.
• Automated paging/email service for security alerts, sniffer detection, other security
  or system anomalies.
• Web-based status monitor of functions and logs from internal machine.

Web
• If a web server is required, servers based on custom Apache 1.3.33 will be used,
  with full support for access control, virtual domains, server extensions, etc.
• Custom Squid Proxy for web caching. Includes support of SSL.
• SOCKS5 handles client proxy for socks-compliant clients behind the firewall.
• Anonymous FTP server which allows anonymous people access to a restricted area
  of the system.
• Full support for virtual FTP directories (based on WUFTPD with additional SCN
  Research enhancements).
• If required, USENET News server (INN 2.4.1). Read news via the firewall or off an
  internal machine. Select which newsgroups to receive and filter them at the firewall
  or at the service provider. Comes with a completely up-to-date list of all available
  newsgroups. Latest version of software includes usage reports and automated
  administration.

Client
• Unix clients for WWW, Gopher, Telnet, FTP, Finger, Whois, WAIS, Archie, IRC,
  Finger, USENET News, Ping, RealAudio, TRACEROUTE, etc.
• Proxy services (use the internet from behind the firewall) for all of the above clients
  under Unix.
• Netscape (Web client) available for PC/Windows and Mac handles WWW, FTP,
  Gopher, WAIS, and USENET News.
• Shareware software for MS/Windows that allows proxy access to internet via firewall
  for services such as Telnet, Finger, Ping, IRC, Talk, FTP, Gopher, WWW.

Hardware Requirements (minimum)
• Current Sparc Ultra II or Sparc III systems / Intel X86 Pentium III/4 systems.
• 2nd Ethernet controller required for firewall. Quad FastEther used for DMZ setup.
• Graphics card and monitor not required.
• 18GB disk minimum. More needed for USENET news or large web proxies.
Mirroring recommended.
• 256Meg of RAM minimum.
• GigE cards fully supported.

SCN Research Price
• Full system price is $3000 which includes all of the above plus training on
administration of the system.
• This installation takes one full day (approx 12 hours).
• Price does not include travel time for on-site installation.
• SCN Research will conduct ongoing administration of the system at the rate of
$150/hour.

Examples of additional services from SCN Research:
• Setup of all PC clients.
• Setup of non-Sun Unix clients.
• Setup of internal DNS server.
• Ongoing administration.