Security Services Solutions
Novell Cool Solutions: Feature
Digg This -
Posted: 30 Nov 2001
Participate in the Net Economy Securely
Version: BorderManager 3.6
Everyone in today's eBusiness economy is aware of the need for strong security. Like sovereign nations, businesses must trade with the rest of the world—that is, with customers and partners on the Internet—while simultaneously protecting their frontiers from invasion or other forms of attack. Unfortunately, defending the frontier isn't simply a question of keeping your enemies out. Threats and problems can originate from within your borders as well. Some of those problems are obvious—malicious misuse of your company resources, for example—while others are subtler, such as employees accessing the Internet for personal reasons while on company time.
But what can you do to protect yourself from both external and internal threats? An impenetrable barrier that keeps everyone out of your network would also prevent you from participating in the Net economy. Viewed from another perspective, your employees must have access to the resources of the Internet in order to do their jobs, however, a barrier with holes in it (or no barrier at all) leaves your confidential systems and information vulnerable to misuse or attack.
The solution to this complicated dilemma is Novell® BorderManager® 3.6. BorderManager is a complete security application that gives you the power to protect yourself and the freedom to participate fully in the Net economy.
Benefits and Features
Novell BorderManager 3.6 is a key element of Novell Access Management Solution, which is a comprehensive eBusiness solution designed to extend information, products and services to vast numbers of users without exposing those resources to unauthorized use. BorderManager leverages proxy/cache technology and Novell eDirectory—as well as a variety of powerful security services—in order to provide the following benefits to your company:
- Strengthens the security of your business
- Improves user productivity
- Accelerates network performance
Security in a One Net World
Information technology is rapidly evolving beyond the old definitions of Local Area Networks (LANs), Wide Area Networks (WANs) and the Internet—separate networks with limited interoperability. In the new world of eBusiness, all types of networks—private and public, wireless and wired—will work together as one Net.
Novell BorderManager is a vital component of the one Net vision. In order for all networks—extranets, intranets and the Internet—to function together as a seamless tool for eBusiness, companies need to feel that their information and resources are safe from all potential threats, including employee misuse. BorderManager delivers that kind of confidence with its powerful blend of forward proxies, firewall technology, Virtual Private Networks (VPNs) and support for sophisticated authentication methods. In addition to its role as a security provider, BorderManager accelerates content delivery through proxy caching and controls the content your employees can access. The result is a secure network that helps your users quickly accomplish their tasks without sacrificing the safety of your resources.
The free exchange of information across the Internet has revolutionized the way business is conducted. eBusiness creates new markets and new opportunities, streamlines processes and allows users to access a wealth of resources, however, this revolution is not without its costs. For example, many organizations find themselves the targets of malicious attacks. Unfettered access to the Internet can prove a distraction for your employees, and otherwise trustworthy users may accidentally download viruses from unsafe Web sites. Perhaps most costly of all is the intentional misuse of your company's resources by employees within the company—misuse that may be illegal and can leave your company open to damaging liability issues.
These risks can be discouraging to a company that is just beginning to migrate into the realm of eBusiness, however, the risks are not insurmountable for a company with a strong access management solution. Simply put, an access management solution protects your company. It determines who is allowed to pass through the barrier between your company and the outside world, controls how users access company resources and enforces access policies automatically. In particular, your access management solution will need to address the following issues:
Internal and external security threats
There is no doubt that connecting your company to the world comes with certain inherent risks. Newspapers are full of headlines about the latest organization that has been infected with a computer virus or attacked by hackers. Your access management strategy will naturally involve strong defenses against this sort of threat. But it must also address threats that come from within. One of the most overlooked and potentially damaging threats to your business is an employee who uses your network and servers for illegal activities. An employee with malicious intent can use your resources to hack into other systems, spread viruses, view pornography, or conduct illegal or unethical personal business. Such employees may be using your resources because the equipment at work is easily available and more powerful than their home computers, or to cover their illicit activities with your corporate identity. Regardless of employees' reasons or rationalizations, your company can often be held liable for these types of activities—even if you are unaware of them. The potential damage to your business in terms of both legal costs and reputation is too great to risk. Your access management solution must address such threats, a concept known as Employee Internet Management (EIM). EIM allows you to monitor and regulate what Internet sites your employees are accessing. An EIM solution that grants access based on a user's identity will provide the best possible defense against both external and internal threats.
Even if it's unlikely that you will have to deal with malicious employees or illegal activities, the Internet still holds many distractions for otherwise innocent and upstanding users. Chat rooms, online auctions and even ?legitimate? Web sites like news services are often irresistible to users who have unlimited Internet access. The time these users spend looking at recreational materials is time that should be focused on their jobs. Once again, EIM is the answer to this problem and should be included in your access management solution. You need an access management solution that can limit your employees' access to time-wasting Web sites while still allowing them to reach the sites they need to conduct business.
Overall network performance
Network performance can be negatively influenced by a variety of factors, including frivolous Internet usage. A single employee who downloads numerous mp3 or large multimedia files (a movie trailer, for example), can seriously reduce your available bandwidth. Even smaller content files, such as the text of a news story, still consume bandwidth that should be available for business purposes. Again, your access management solution must be capable of limiting your company's Internet traffic to business-related requests.
However, even business-related traffic can create unnecessary drains on available bandwidth. For example, if several employees are all seeking the same content from the Internet, their redundant requests will take valuable time and resources to process. A more efficient scenario is to keep a copy of frequently requested content close at hand in a local cache. When cached material is requested, it can be served immediately by a server within your own network instead of sending more traffic through your already crowded Internet connections. Your access management solution should include provisions for regulating the amount of traffic over the Internet, as well as what comprises that traffic.
Novell BorderManager 3.6 is a complete security solution designed to address these challenges. With Novell BorderManager, you can safely extend your operations onto the Internet, confident that your corporate boundaries are secured against any internal or external threat. In addition, the powerful features inherent in Novell BorderManager give you total control over access rights without sacrificing your system's performance.
Confront internal and external security threats Novell BorderManager provides you with several powerful tools to protect yourself from external security risks. First, BorderManager gives you the ability to implement virtual private networks (VPNs) so you can connect geographically distant sites or users while ensuring the privacy of your data. Also, BorderManager enables you to establish an effective firewall barrier between your network and the Internet to ensure that hackers and other malicious individuals are kept outside.
In addition to these powerful security features, BorderManager adds proxy/cache technology that controls, monitors and accelerates your private users' access to Internet content. Proxy/cache technology ensures that your system is as safe from internal abuses as from external attacks.
Figure 1. A forward proxy blocks an employee from accessing inappropriate Web resources.
Basically, a forward proxy is a server that is installed between your network and the Internet. Any requests for Internet content made by someone from within your company must pass through the forward proxy server before being sent outward to the Internet. This layer between your network and the outside world acts as a filter, allowing you to selectively block requests to unauthorized Web pages or other resources. You can thereby protect your organization against mischief or damage perpetrated by employees.
Figure 2. A forward proxy prevents harmful content from entering a protected network.
In addition, forward proxy technology can protect your network against harmful or illegal content that users attempt to access via the Internet. For example, an employee could unwittingly access a Web page that contains a virus. Downloading this page would spread the virus onto your network and potentially cause great harm before anyone identified the problem. The filtering capabilities of the forward proxy block the harmful content before it gets inside your system.
Forward proxy is a distinctly different technology from reverse proxy, in which a server located between your network and the Internet acts as a kind of decoy to hide your resources from potential external enemies. Novell BorderManager 3.6 does possess limited reverse proxy capabilities, however, more full- featured reverse proxy services are offered in Novell iChain ? , another component of the Novell Access Management Solution.
But just how does the Novell BorderManager forward proxy service determine whether a user's request is valid? The answer is that Novell BorderManager is tightly integrated with Novell eDirectory to allow identity-based access. Novell eDirectory is an award-winning directory product that stores information about users, devices and groups in a central, easy-to-manage database. The information stored in Novell eDirectory includes what resources a user or group of users is allowed to access and identifies whether those resources are in or outside your network. When a request for a resource arrives at the forward proxy, the request is compared to the user's profile in Novell eDirectory and is either accepted or refused based on the privileges assigned to that user. The combination of Novell eDirectory and Novell BorderManager enables you to establish an extremely fine-grained level of control over your resources.
Enhance employee productivity
Beyond securing your corporate resources, Novell BorderManager is also the perfect tool for EIM. The ability of the forward proxy to filter all requests for Internet content, coupled with the identity-based access control and logging allowed by Novell eDirectory, means that you can determine exactly what your employees are doing over the Internet and set limits on their activities. Inappropriate Web sites can be blocked with ease, and restrictions can be tailored to the individual user, leaving your employees free from distractions and able to focus on their jobs. The end result is a more efficient work force that makes better use of company time.
In addition to helping employees stay on-task with its EIM capabilities, Novell BorderManager also increases their productivity through its powerful proxy/cache features. Proxy/caching reduces user wait times by maintaining a copy of frequently requested content nearby rather than having to send the request across the Internet to the content's origin server. Your employees quickly get the information they need and can continue working instead of waiting for a lengthy download.
Accelerate network performanceNovell BorderManager may be primarily a security solution and the EIM tool of choice, but it also accelerates your network performance and improves user productivity by allowing you to establish forward proxy caches. Essentially, the forward proxy server identifies Web pages that your users frequently access. The proxy server then stores copies of these pages so that subsequent page requests can be fulfilled locally. Because proxy caching eliminates a significant number of trips to origin Web servers, your users access the needed material more quickly, and you conserve bandwidth. In addition, proxy/caching creates a low-cost alternative to expensive equipment upgrades.
Figure 3. A forward proxy caches frequently requested content in order to improve network response times.
Instead of installing new circuits and hardware in order to expand your available bandwidth, you can simply implement proxy/caching to minimize redundant Internet traffic. The life of your existing circuits is thus extended and your users see the benefit of faster downloads.
In addition, Novell BorderManager also improves performance by restricting frivolous downloads and recreational Web surfing. This feature increases the amount of bandwidth available for business- related purposes and can make a sizeable difference in the network's responsiveness and availability.
Novell BorderManager Components
Novell BorderManager 3.6 is composed of a number of integrated services that work together with other products in the Novell Access Management Solution to provide you with unparalleled security and reliability.
- BorderManager Firewall Services 3.6
- BorderManager VPN Services 3.6
- BorderManager Authentication Services 3.6
BorderManager Firewall Services is the security foundation of Novell BorderManager, providing impressive proxy/cache features. Tightly integrated with Novell eDirectory and controlled with simple policy-management tools, BorderManager Firewall Services offers you a way to keep your confidential data private and ensure that your users access only approved resources. BorderManager Firewall Services 3.6 can either be used alone or as a supplement to existing firewall products.
BorderManager VPN Services enables you to connect remote users, organizations, customers and suppliers to your private network over an Internet-based Virtual Private Network (VPN). This cost-effective method ensures that people outside your company's firewall can access the confidential data they require without compromising the security of that data.
BorderManager Authentication Services 3.6 works with other BorderManager services to provide safe, reliable remote access for your mobile employees and other people who may access your network. BorderManager Authentication Services combines the security capabilities of the Remote Authentication Dial-In User Service (RADIUS) protocol with token authentication and the easy and convenient management offered by Novell eDirectory.
Novell Access Management Solution
Novell BorderManager is just one component Novell Access Management Solution, a robust combination of the Novell security products you need to protect your network resources. Novell security products are directory-based, which means that you control access to your network resources according to company policies and user identities. Novell Access Management Solution includes the following products:
- Novell eDirectory—Enables you to capture, store, organize and leverage all of the identity information needed to assign individual access rights to employees, customers and partners
- Novell Account Management—Integrates all the platforms within your network so they can be managed through the identities in Novell eDirectory
- Novell iChain—Helps control personalized access to applications, Web resources and network resources across your organization
- Novell Modular Authentication Service (NMAS)—Allows you to implement a variety of authentication methods for the highest levels of network security
- Novell SecureLogin—Allows users to access multiple resources with a single sign-on
- BorderManager—Regulates employee access to the Internet and accelerates digital-content delivery
With Novell Access Management Solution, you can realize the one Net vision: your intranet, extranet and the Internet will work together securely as one Net. You can simplify the complex- ities of eBusiness and provide your customers, partners and employees worldwide with secure, seamless access to network resources.
Novell BorderManager allows you to safely extend your business onto the Internet while protecting yourself from both internal and external threats.
The BorderManager firewall, authentication and virtual private network (VPN) features provide your business with unparalleled security from outside attack, while its forward proxy design and caching abilities give your users the speed they need to thrive in the Net economy.
System RequirementsHardware Requirements
- Pentium* 233 minimum
- 128 MB of RAM minimum (256 MB plus preferred)
- 1 GB hard drive minimum (2GB preferred)
- VGA or higher resolution adapter (SVGA VESA- compliant recommended)
- LAN and WAN adapters
- Any WAN adapter compliant with WAN HSM, WAN ODI, or AIO For a current list of certified adapters, visit the Novell Web site at: http://developer.novell.com/devres/ sas/driver/ddrivers.htm
- NetWare® 4.11 or above (Novell BorderManager includes a two-user runtime license of NetWare 5.1)
- Latest NetWare Support Pack
? 2001 Novell, Inc. All rights reserved. Novell, NetWare, BorderManager and iChain are registered trademarks, and eDirectory and NMAS are trademarks of Novell, Inc. in the United States and other countries.
*Pentium is a registered trademark of Intel Corporation. All other third-party trademarks are the property of their respective owners.
Novell Product Training and Support Services
For more information about Novell's worldwide product training, certification programs, consulting and technical support services, please visit: www.novell.com/services
For More Information
Please contact your local Novell Authorized Reseller, system house, or service provider. Or visit us at: www.novell.com/ products/bordermanager
You may also call Novell at:
1 888 321 4272 US/Canada
1 801 861 4272 Worldwide
1 801 861 8473 Facsimile
Novell, Inc.1800 South Novell Place
Provo, Utah 84606 USA
Download the .pdf document here: www.novell.com/info/collateral/docs/4621226.01/4621226.pdf
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com