Information and its rapid dissemination are key to profitability and international competitiveness. Networks that propagate information are therefore pivotal to the information age. The Internet is increasingly becoming a hub of worldwide business activity and shows strong potential for becoming the premier network for digital commerce in the 90s.
The Internet Commerce Group (ICG) was created for the express purpose of enabling commercial transactions over the Internet, other public networks, and corporate internetworks. ICG delivers a framework for vendors and consumers to transact business on public networks.
Security is the first critical requirement for doing commerce in an open network. ICG's first product offering is SunScreen(TM), a complete network security solution. Networks were designed to share rather than to protect data, which makes them inherently vulnerable. Central to network security is the concept of network access control or firewall capability, which enables full access to network services while protecting corporate assets. Most firewall products today are available as software products, typically layered onto existing general purpose systems.
SunScreen introduces a completely new approach. It is a turnkey solution comprised of hardware, software, and services, and has been explicitly designed to deliver the highest level of network security. The SunScreen product line provides the most comprehensive security solution available on the market today.
SunScreen is an innovative security solution designed to provide complete protection for your company's assets while granting full access to Internet and other public network services. SunScreen is a black box network device that delivers the most comprehensive security solution available today. Based on highly advanced filtering technology, SunScreen achieves unprecedented levels of security by integrating authentication and privacy.
Authentication and privacy enable the use of the Internet and other public data networks as a highly cost-effective infrastructure for communications and transactions between a company's remote sites. SunScreen provides site-to-site authentication, which enables geographically dispersed offices to use the Internet and public data networks as a secure, private network without the need for dedicated lines or specialized applications. Remote offices can behave and be administered as a virtual private network.
SunScreen is designed to be network, protocol, and application independent and has minimal impact on network performance. This allows you to fully enjoy the benefits of SunScreen protection without any disruption to your existing operating environment. This represents a significant savings on the time and resources you would require to implement network security. And SunScreen is easy to configure. It delivers a simple, intuitive, and flexible graphical administrative interface, which requires very little training and can be easily adapted to your evolving network topology needs.
SunScreen SPF-100 is the base product that provides access control capabilities to enable you to regulate and monitor your entire organization's network while being connected to any network. All network traffic between your private network and the external world can be completely managed to reflect your company's security policy.
SPF-100 implements powerful packet screening rules-based technology. Packets are examined based on filtering rule sets, which are completely customizable and impose no limits on size or depth. Packets may be filtered by connection type, address, protocol, or protocol port number. The rules determine which hosts are granted access to your network, when access to your network is permitted, which types of access are permitted, and what constitutes a security violation. SPF-100 also has the ability to divert packets to other areas. This functionality, called packet vectoring, can be used in accounting, billing, and order-entry.
Two features built directly into SunScreen SPF-100, authentication and encryption, make it a truly unique and enhanced security solution. SPF-100 includes authentication protocols that enable you to have an authenticated network connection between two or more sites. SPF-100 incorporates public key certification software based on the Sun-developed SKIP protocol to enable the generation of keys and digital certificates of authority. ICG will play the role of certification authority to certify Diffie-Hellman public keys used by the SKIP protocol.
SPF-100 automatically invokes key management to enable network traffic to be completely authenticated and encrypted transparently to applications. SPF-100 may also be used to encrypt network traffic between any other participating SPF-100 devices. Using Diffie-Hellman certificates, all nodes will be able to compute authenticated master keys that can then be used to encrypt traffic encrypting keys. These keys are then used to encrypt packets. Encryption is achieved using RC2, RC4, or DES. SPF-100 implements key management such that key changes are automatic, invoking key management on behalf of the user and ensuring that it reflects the user's key management policy.
To provide you with an easy-to-use, cost-efficient, and secure mechanism for administering your security solution, SPF-100 is designed to be configured and managed from a dedicated Administration Station.
The SunScreen Administration Station enables you to manage your entire network security layout with complete centralized control. Using a graphical user interface, you may operate and manipulate your network security plan in any way you desire. The Administration Station includes a log browser for detailed analysis of suspicious traffic. The Administration Station may be located anywhere on the network, allowing remote administration of SPF-100. Additional security is provided by the use of a secure key storage device, which validates both the data and the administrator of the station.
Sunscreen Certification Authority Service The ICG SunScreen Network Certification Authority provides service for worldwide public key distribution and authorization. Replicated databases are distributed in the United States and ultimately worldwide to quickly provide access to site and service public key directories. Bad keys are quickly revoked and published to ICG customers. New keys are quickly created by a call to a toll free number.
Hardware
Dedicated hardware device based on microSPARC-II technology
3.5-inch Diskette
CD-ROM
16-Mb Main Memory
535-Mb Disk
4 Ethernet Ports