When you connect your private network to the public Internet, security at the border and network performance become key issues, as is protecting data on your intranet.
Novell BorderManager enables you to manage and protect the border where networks meet. Although the border most commonly referred to is the one between the corporate intranet and the Internet, the borders between segments of a company intranet also must be managed and protected. Because Novell BorderManager is specifically designed to address and solve the most critical issues involved with managing a network border, the administrator’s job becomes infinitely easier when this product is deployed throughout the network.
The Novell BorderManager software provides a secure connection from a corporate intranet to the Internet. Novell BorderManager runs on a NetWare® 6.5 SP 6 or OES SP 2 operating system and uses iManager for server configuration. Server configurations are stored in the NDS® or the Novell eDirectory™ database. NDS or eDirectory enables you to control user and user group access to the World Wide Web.
The task of managing a network border is not a simple one, but it can be more easily understood when broken down into the solution categories provided by Novell BorderManager and briefly described in the next section. This section covers:
Novell BorderManager offers comprehensive, effective firewall solutions that include the following technologies:
Packet Filtering: Packet filters provide Network-layer security to control the types of information sent between networks and hosts. Novell BorderManager supports Routing Information Protocol (RIP) filters and packet forwarding filters to control the service and route information for the common protocol suites, including Internetwork Packet Exchange™ (IPX™) software and TCP/IP.
Proxy Services: This component uses caching to accelerate Internet performance and optimize WAN bandwidth use. Proxy Services also allows protocol filtering and improves security by hiding private network domain names and addresses, and sending all requests through a single gateway.
Access Control: Access control is the process by which user access to Internet and intranet services is regulated and monitored. Specifically, the BorderManager access control software allows or denies access requests made through the Novell Proxy Services.
Network Address Translation (NAT): NAT allows IP clients on your local network to access the Internet without requiring you to assign globally unique IP addresses to each system. In addition, NAT acts as a filter, allowing only certain outbound connections and guaranteeing that inbound connections cannot be initiated from the public network.
Virtual Private Network (VPN): A VPN is used to transfer sensitive information across the Internet in a secure fashion by encapsulating and encrypting the data. A VPN can also be deployed in intranets where data security is required between departments.
Novell BorderManager Alert: The Novell BorderManager Alert monitors server performance and security, and reports potential or existing server problems that affect the performance of configured Novell BorderManager services.
Novell BorderManager Authentication Services: Authentication services enable remote users to dial in to NetWare networks and access network information and resources.
You must consider the following when establishing and maintaining control over your network borders:
Security: You need to protect the intranet from security breaches, as well as preventing unauthorized access to the Internet.
Performance: Performance is a critical issue if access to the Internet and intranet is to be useful. You must be able to optimize Internet and intranet access, even over slow dial-up lines.
Management: You need to establish security over all Internet and intranet access points by involving intranet as well as Internet access security. You need a centralized way to manage all Internet and intranet access points.
Secure Remote Connectivity: You need to send information in a cost-effective and secure way.
You must also consider the setup and ongoing maintenance costs of your Internet access points when you establish and maintain control over your network borders. Novell BorderManager addresses all these network management and protection considerations.
Security is one of the major considerations when connecting a corporate intranet to the Internet. Protecting information and systems from unauthorized access can be just as important when considering a network segment located within the company intranet. Keep in mind that some of the most knowledgeable software experts might also be your employees. More than 80 percent of data is stolen internally. Creating a security mechanism to guard your network border is commonly referred to as creating a firewall.
Novell BorderManager provides the following security features that you can use to create a network firewall:
Packet filtering
Network Address Translation (NAT)
Application proxies
Access control
SurfControl*
For more information on security, firewalls, and the Novell BorderManager security features, refer to Section 1.2, Implementing Network Border Security.
With the emergence of the concept of Internet time, companies understand the urgency of speeding up access to and from the Internet. Many companies rely on the Internet to exchange products and information with colleagues and customers.
The demand to speed up access to information from within a company is just as strong. Many companies have decided to move all corporate information, including documents, forms, and procedures, to an intranet Web site. If all company information is located on a Web site, and employees are working on company time, it is essential that employees be able to access and gather this data quickly.
Novell BorderManager provides the following performance features:
Forward acceleration, or standard proxy caching
Reverse acceleration, or Web server acceleration
Hierarchical caching
For more information on these Novell BorderManager performance features, refer to Section 1.4, Improving Network Performance.
Consistently managing network borders can be difficult when each border must be managed separately. This task is further complicated if each border uses different routing hardware and software. Novell BorderManager eases this problem by enabling the administrator to manage Novell BorderManager servers from a centralized location.
For more information on managing Novell BorderManager, refer to Section 1.5, Managing Novell BorderManager Services.
With the increasing need to access and send information online, it is essential to have a cost-effective and secure method for transmitting the information. In the past, many companies chose to build private networks using leased dial lines, but this approach can be expensive. Today, it might make more sense for a company to use the Internet to send and receive secure online information. The Novell BorderManager Virtual Private Network (VPN) enables you to use the Internet to send and receive information securely using an encrypted data stream between hosts and clients.
For more information on the Novell BorderManager VPN, refer to Virtual Private Networks.