Novell Security Manager Overview
Novell Cool Solutions: Feature
Digg This -
Posted: 23 May 2005
Note: This article is adapted from the BrainShare 2005 presentation IO156: "Novell Security Manager, powered by Astaro."
About Novell Security Manager
Novell Security Manager, powered by Astaro, is a comprehensive, integrated, and easy to manage Network security solution. It is built on a Linux kernel, using Novell SUSE Linux. The Linux core for Security Manager is "hardened," and it is installed and updated automatically.
Figure 1 - Linux framework for Security Manager
To use Security Manager, the Administrator needs no knowledge of Linux. Security Manager leverages the flexibility and innovation of Linux and Open Source to protect all types of networks and systems. Novell Security Manager is a perfect first step into Linux. Linux-based network security at the gateway protects all IT environment ? Windows, NetWare, Unix, etc.
Figure 2 - Linux environment
Novell Security Manager features six powerful security applications:
- 1: Firewall
- 2: VPN Gateway
- 3: Intrusion Protection
- 4: Virus Protection
- 5: Spam Protection
- 6: Surf Protection (URL Filtering)
The features and benefits of these applications are described below.
1: Firewall - Network Security Foundation
The Security Manager Firewall uses stateful packet inspection and packet filtering. Packet headers are inspected, and rules are applied on the source, destination and service elements. With stateful packet inspection, events are tracked across a session to detect violations of normal processes.
Application-level, deep packet filtering is also used. Packet payloads are scanned to enforce protocol-specific rules.
Security proxies, such as HTTP, DNS, Socks, POP3, Ident, and SMTP, simplify management. NAT (Network Address Translation) attacks and masquerading attempts are detected. Security Manager also protects agains DoS (Denial of Service Attacks).
Figure 3 - Firewall overview
2: VPN Gateway
The Security Manager VPN Gateway encrypts data to create a secure, private communications tunnel over the public Internet. Here are some of the key elements that the VPN Gateway supports:
- Multiple architectures, such as Net-to-Net, Host-to-Net, and Host-to-Host
- All major encryption methods
- IPSec, L2TP, and PPTP VPNs
- Native Windows, IPSec, and MacOS x clients
- Many authentication methods
- Internal certificate authority
- Full Public Key Infrastructure (PKI)
Figure 4 - VPN Gateway overview
3: Intrusion Protection
The Intrusion Protection of Security Manager identifies and blocks application- and protocol-related probes and attacks. Its database contains over 2,000 patterns and rules that guard against the following problems:
- Probing, port scans, interrogations, host sweeps
- Attacks on application vulnerabilities
- Protocol exploitations
- Messaging, chat and peer-to-peer (P2P) activities
The intrusion detection and prevention system can notify an administrator or block traffic immediately. It has a powerful management interface - with one click you can enable and disable rules, or change between detection and prevention. Rules can easily be added and customized.
Figure 5 - Intrusion Protection overview
Here is an example of intrusion protection rules in Security Manager:
Figure 6 - Intrusion Protection rules
Spyware Protection Gateway
The Gateway Spyware Protection of Novell Security Manager complements desktop anti-spyware tools. It blocks downloads of spyware software and prevents infected systems from sending information back to the spyware server.
Figure 7 - Gateway Spyware Protection
4: Virus Protection
Security Manager's Virus Protection blocks viruses, worms, trojans, and other "malware" before they reach e-mail servers or desktops. Traditional e-mail (SMTP and POP3 traffic) is scanned, as well as Web e-mail and downloads (HTTP traffic).
Multiple virus detection methods are used, such as virus signatures, heuristics (similarities), and emulation (code executed in a protected environment). With a database of 100,000 virus signatures, Security Manager offers flexible management. It can specify file formats and text strings to block. Emails and attachments can be dropped, rejected with message to sender, passed with a warning, or quarantined. The Gateway scanning also supplements desktop anti-virus methods.
Figure 8 - Virus Protection overview
5: Spam Protection
The Spam Protecion application identifies and disposes of unsolicited e-mails (spam). Multiple methods are used to identify spam, such as:
- Sender address verification
- Realtime "black-hole" lists
- Header and text analysis
Heuristic methods create a "spam score," based on probability. E-mails and attachments can be dropped, rejected with message to the sender, passed with a warning, or quarantined. Headers can also be attached to e-mail messages to allow the e-mail server to take additional actions. Reports can be created to detail the number and size of spam messages.
Figure 9 - Spam Protection overview
6: Surf Protection (URL Filtering)
Security Manager's Surf Protection enforces policies on appropriate use of the Internet. Administrators can define web use policies based on 58 categories of web sites. Checks are made against the largest URL database available, containing about 20 million categorized web addresses.
Sophisticated classification techniques are used, such as text classification, recognition of symbols and logos, flesh analysis, and comparison with similar images. Whitelists and blacklists are used to tailor access for groups of users. Security Manager can measure and report on activities, or actively block inappropriate URLs.
Figure 10 - Surf Protection overview
Here is an example of content filtering done by Security Manager:
Figure 11 - Content filtering
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com