Administration of Routing in Trusted Extensions
Trusted Extensions supports several methods for routing communications between networks. In the Security
Administrator role, you can set up routes that enforce the degree of security
required by your site's security policy.
For example, sites can restrict communications outside the local network to a single
label. This label is applied to publicly available information. Labels such as UNCLASSIFIED
or PUBLIC can indicate public information. To enforce the restriction, these sites assign a
single-label template to the network interface that is connected to the external network.
For more details about TCP/IP and routing, see the following:
Choosing Routers in Trusted Extensions
Trusted Extensions hosts offer the highest degree of trust as routers. Other types
of routers might not recognize Trusted Extensions security attributes. Without administrative action, packets
can be routed through routers that do not provide MAC security protection.
CIPSO routers drop packets when they do not find the correct type of information in the IP options section of the packet. For example, a CIPSO router drops a packet if it does not find a CIPSO option in the IP options when the option is required, or when the DOI in the IP options is not consistent with the destination's accreditation.
Other types of routers that are not running Trusted Extensions software can be configured to either pass the packets or drop the packets that include the CIPSO option. Only CIPSO-aware gateways such as Trusted Extensions provides can use the contents of the CIPSO IP option to enforce MAC.
To support trusted routing, the Solaris Express Community Edition routing tables are
extended to include Trusted Extensions security attributes. The attributes are described in Routing Table Entries in Trusted Extensions.
Trusted Extensions supports static routing, in which the administrator creates routing table entries
manually. For details, see the -p option in the route(1M) man page.
The routing software tries to find a route to the destination host
in the routing tables. When the host is not explicitly named, the routing
software looks for an entry for the subnetwork where the host resides. When
neither the host nor the network where the host resides is defined, the
host sends the packet to a default gateway, if defined. Multiple default gateways
can be defined, and each is treated equally.
In this release of Trusted Extensions, the security administrator sets up routes manually,
and then manually changes the routing table when conditions change. For example, many
sites have a single gateway that communicates with the outside world. In these
cases, the single gateway can be statically defined as the default on each
host on the network. Dynamic routing support might be available in future releases
of Trusted Extensions.
Gateways in Trusted Extensions
An example of routing in Trusted Extensions follows. The diagram and table show
three potential routes between Host 1 and Host 2.
Figure 18-1 Typical Trusted Extensions Routes and Routing Table Entries
Route |
First-Hop Gateway |
Minimum Label |
Maximum Label |
DOI |
#1 |
Gateway
1 |
CONFIDENTIAL |
SECRET |
1 |
#2 |
Gateway 3 |
ADMIN_LOW |
ADMIN_HIGH |
1 |
#3 |
Gateway 5 |
|
|
|
Route #1 can transmit packets within the label range of CONFIDENTIAL to SECRET.
Route #2 can transmit packets from ADMIN_LOW to ADMIN_HIGH.
Route #3 does not specify routing information. Therefore, its security attributes are derived from the template in the tnrhtp database for Gateway 5.
Routing Commands in Trusted Extensions
To show labels and extended security attributes for sockets, Trusted Extensions modifies the
following Solaris network commands:
The netstat -rR command displays the security attributes in routing table entries.
The netstat -aR command displays the security attributes for sockets.
The route -p command with the add or delete option changes the routing table entries.
For details, see the netstat(1M) and route(1M) man pages.
For examples, see How to Configure Routes With Security Attributes.