Solaris Firewall


Firewall Features

Up-to-date Sparc or X86 Solaris 2.9, with all current Sun Microsystems-approved patches applied. All unnecessary kernel and OS services disabled.

Complete filtering based on host IP number, network, domain name, and service.

Daily reports discuss security events, along with disk space, CPU usage, illegal access attempts, password file status, etc.  Completely customizable.

One-time (skey) passwords.  Root restriction logins.  Password checking and restrictions on bad passwords (not allowed).

No routing between inside and outside networks.

Network performance improved over stock OS via special utilities.

Various Internet services can be turned on and off easily via control files.

Complete logging of all machine accesses and events stored on either firewall machine or internal machine.

Complete control over which ports logins are allowed on, and reports are generated based on login both successful and not successful.

Improved route management software, same as used by Internet backbone sites (GATED), if needed.

Control of modem access if required.

Control of individuals or groups that receive security reports generated by system.

Complete DNS services for firewall system, completely hiding internal machine names and access.

Installation of TripWire, SOCKS, Firewall Toolkit, and other network security applications.

Encrypted session support including fully encrypted telnet, FTP, and filecopy.

All known Solaris security issues have been fixed.

All setuid programs not needed are removed.

Sendmail is not used, and fully capable replacement of sendmail handles all (MTA) Mail Transfer Agent responsibilities.

Email server capable of handling mailing lists, multiple SMTP gateways for MS Exchange and Lotus Notes, along with other Unix machines.

Process-watchers constantly check firewall for problems.

Stack-overflow defenses are standard.

All packets are examined and re-written, no pass-through ala packet-filter/stateful inspection systems.

Optional Unix services including NTP, SNMP, etc.

Automated paging/email service for security alerts, sniffer detection, other security or system anomalies.

Web-based status monitor of functions and logs from internal machine.


If a web server is required, servers based on custom Apache 1.3.33 will be used, with full support for access control, virtual domains, server extensions, etc.

Custom Squid Proxy for web caching.  Includes support of SSL.

SOCKS5 handles client proxy for socks-compliant clients behind the firewall.

Anonymous FTP server which allows anonymous people access to a restricted area of the system.

Full support for virtual FTP directories (based on WUFTPD with additional SCN Research enhancements).

If required, USENET News server (INN 2.4.1).  Read news via the firewall or off an internal machine. Select which newsgroups to receive and filter them at the firewall

or at the service provider. Comes with a completely up-to-date list of all available newsgroups. Latest version of software includes usage reports and automated administration.


Unix clients for WWW, Gopher, Telnet, FTP, Finger, Whois, WAIS, Archie, IRC, Finger, USENET News, Ping, RealAudio, TRACEROUTE, etc.

Proxy services (use the internet from behind the firewall) for all of the above clients under Unix.

Netscape (Web client) available for PC/Windows and Mac handles WWW, FTP, Gopher, WAIS, and USENET News.

Shareware software for MS/Windows that allows proxy access to internet via firewall for services such as Telnet, Finger, Ping, IRC, Talk, FTP, Gopher, WWW.

SCN Research Price

Full system price is $3000 which includes all of the above plus training on administration of the system.

This installation takes one full day (approx 12 hours).

Price does not include travel time for on-site installation.

SCN Research will conduct ongoing administration of the system at the rate of $150/hour.

Examples of additional services from SCN Research:

Setup of all PC clients.

Setup of non-Sun Unix clients.

Setup of internal DNS server.

Ongoing administration.