12.4. Configuring Your Trusted Network

Trusted Extensions uses trusted network templates to specify which individual hosts or networks are trusted to transmit explicitly labeled IP packets. If an individual host or a host’s network is specified as trusted, then Trusted Extensions automatically includes the sender’s label in each packet that is sent to any endpoint on that host. Similarly, Trusted Extensions requires and interprets labels in all packets that are received from a trusted host. The labels are sent using a multilevel protocol called CIPSO, so the Trusted Extensions template type is also called cipso. You can create multiple cipso-type templates to specify the range or set of labels that are acceptable for specific hosts or networks. The range or set of labels defines the extent to which the systems are multilevel.

By default, remote hosts and networks are assumed to be untrusted. We refer to such hosts as single-level, even though the hosts are unaware of labeling. Because the IP packets of single-level hosts are not explicitly labeled, Trusted Extensions assigns to them a network template with a type of unlabeled. The unlabeled type includes a field to specify a default label. In general, you must create an unlabeled template for each of your uniquely labeled hosts or networks.