Novell Home

Perimeter Solutions and BorderManager

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 1 Dec 2005
 

BorderManager continues to be an effective perimeter solution for company data security.

Security is Getting Harder

Security threats these days are multiplying quickly. Viruses propagating faster, and the use of spam is exploding. There are new paths for hackers, including IM, chat, and P2P networking.

The threats are also becoming more complex. "Blended threats" propagate across multiple paths, while application-level attacks exploit weaknesses in popular applications.

Additionally, there is now greater scrutiny of security coming from legislation, continuing audits, and top-management awareness.

Problems Solved at the Perimeter

Here are some common security problems along with their perimeter solutions:

Problem: Employee productivity is impacted by free use of the public Internet.
Solution: Use of proxy

Problem: There is a liability exposure from people surfing to inappropriate sites.
Solution: Proxy

Problem: Content from the public Internet is a security risk
Solution: Proxy

Problem: There is increasing utilization of finite bandwidth
Solution: Proxy

Problem: Secure, remote access must be provided to non-Web applications
Solution: VPN

Problem: Virus replication occurs because of inappropriate downloads
Solution: Secure Web Subscription

Problem: SPAM is clogging mailboxes, reducing productivity and increasing risks.
Solution: Secure eMail Subscription

Problem: Multiple network identities and passwords increase cost of IT management and decrease security
Solution: Novell Identity Manager

Novell Perimeter Security Products

  • BorderManager - Internet Security (Forward proxies, VPN and enterprise firewall, on Novell NetWare)
  • Security Manager - Internet Security (Forward proxies, VPN, enterprise firewall; Virus, Intrusion, SPAM and Surf Protection on Novell SUSE Linux)
  • Novell iChain - Web Access Management (Reverse Web proxy focused on identity-based secure access to web resources)
  • SUSE Linux Enterprise Server (SLES) - Internet Security (SQUID for web site caching and acceleration, and enterprise firewall on LINUX)

Security Manager and BorderManager

Security Manager is a horizontal, cross-industry, Novell-branded product tied to the Novell Linux Identity Driven Computing Strategy. It runs on a Linux Kernel. Security Manager is targeted at small and medium-sized enterprises, branch offices of larger enterprises, and educational and government organizations with limited IT staffs.

BorderManager is also a horizontal, cross-industry, Novell-branded product tied to the Novell Linux Identity Driven Computing Strategy. It runs on Netware (6.0 or later). BorderManager is targeted at large enterprises and organizations that want seamless integration between identity management and network security.

BorderManager Features

BorderManager features include security applications and Identity management integration. The security applications include Firewall, VPN gateway, Content (URL) filtering, and intrusion detection. BorderManager integrates well with eDirectory (tight integration), Novell Modular Authentication Service (NMAS*) Enterprise Edition, Novell SecureLogin, and Novell International Cryptographic Infastructure (NICS).

Here are some of the additional features in NBM 3.8:

  • IPSec VPN
  • Novell Client Firewall 2.0
  • Novell Modular Authentication Services EE 2.2
  • Web proxy enabled for Nsure Audit
  • Firewall Wizard (SP2 time frame)
  • Browser-based administration (firewall and VPN) using iManager
  • Easier to deploy and maintain

IPSec VPN

IPSec VPN can authenticate users against any LDAP-compliant directory. It works with any standard IPSec VPN product, supported VPN clients on Linux (FreeS/WAN, Openswan), and Mac OS (VPN Tracker). It also offers browser-based, real-time monitoring using Novell Remote Manager.

IPSec VPN supports the following:

  • Over 50 authentication methods
  • Backward compatibility
  • Pre-Shared Secret
  • X.509 certificates
  • All NMAS methods
  • LDAP

With the IPSec VPN, you can control where VPN users can go on the private network, by identity. Other features include ICSA Labs IPSec certification (in testing), FIPS 140 validation, and Client firewall integration.

Novell Client Firewall 2.0

The Novell Client Firewall 2.0 is part of a complete Client-to-Site VPN solution. It supports traditional network and transport layer firewalling via System Rules. Application-based firewalling is supported via Application Rules. Automatic Update adds the latest patches and threat responses to Novell Client Firewall.

Figure - Novell Client Firewall 2.0

Novell Modular Authentication Services (NMAS)

Here are the key features of NMAS:

  • Multi-factor authentication
  • Graded authentication
  • Third-Party method and device support
  • Makes single sign-on and remote access more secure, not less

About NBM 3.8

What does BorderManager 3.8 include that's not bundled in NetWare 6.5 and eDirectory?

  • Improved RADIUS server over BMAS 3.7
  • pcProx method
  • Secure Workstation
  • LDAP method
  • ActivCard and RSA tools for BMAS-to-NMAS migration are available from the partners
  • Additional ease of deployment and maintainenance

Here are some of the NBM 3.8 product features:

  • Cache volume creation wizard
  • Firewall configuration wizard (SP2 time frame)
  • IP packet filter reset
  • Config dump tool
  • Schema add
  • VPN diagnostic mode
  • Enhanced product documentation
  • Deployment and support guides
  • Update to Craig Johnson's Beginner's Guide Lite
  • Support Pack 1 now available
  • Subsequent SP's, as per CSP schedule
  • Futures: What's New and Next?

    • BorderManager 3.8.4 (Enhancement Pack) was made available in September 2005.
    • BorderManager 3.9 is scheduled to be available in the first half of 2006.
    • New administration tools in iManager make it easier to manage: improved content filtering with broader category support via new interfaces for 3rd party tools, and backup/import utilities for easier deployment.
    • VPN services are easier to troubleshoot and maintain.
    • Proxy service is more redundant and manageble.


    Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

    © 2014 Novell