The Internet is increasingly becoming an accepted medium for conducting business transactions. Your company, like many others, needs to connect its private data network (or intranet) to the public network (or Internet) to interact with customers, suppliers, and business partners. The World Wide Web provides expanded facilities for electronic commerce (e-commerce), as well as readily available remote access for telecommuters and other mobile workers. Intracompany Web sites are used to provide information on everything from employee benefits to technical support. The Internet can provide cost savings in communications; however, it can also be a source of new and increased security risks.
To reduce the security risks inherent in connecting to the Internet, or in providing remote access to your internal networks, appropriate network security policies must be defined as part of your routine business strategy. Novell BorderManager 3.7 provides enhanced packet filtering capabilities that can be used to build firewalls that can enforce your access policies.
A firewall is a network component that controls the traffic flowing between internal (private) networks and external (public) networks, such as the Internet. Firewalls can also be used to separate your internal data networks (intranets) to protect valuable company data---research and development, corporate financial data, personnel files, and other sensitive information.
Novell BorderManager 3.7 protects your confidential information from internal and external intruders with its advanced security services. Novell BorderManager 3.7 packet filtering provides a basic level of network security by controlling both Internet and intranet access at the network level.
This section describes how packet filters can be used to ensure that all traffic is routed securely through your Novell BorderManager 3.7 server. It contains the following subsections:
Although packet filters are a prerequisite for securing your corporate network, or intranet, from outsiders, you should be aware that packet filtering alone cannot provide adequate protection. Packet filtering is just one security mechanism that can be used to control data transfer to and from the public network, or Internet.
In a typical firewall architecture, the interface that is connected to the external (public) network forces all inbound traffic to pass through the Novell BorderManager 3.7 server. The interface that is connected to the internal (private) network forces all outbound traffic to pass through the Novell BorderManager 3.7 server. The packet filter rules set up on the Novell BorderManager 3.7 server control what type of packets are allowed to pass.
Novell BorderManager 3.7 firewall services provide increased security through three levels of firewall protection, including packet filtering (Level I firewall), circuit-level gateways (Level II firewall), and application proxy services (Level III firewall).
Novell BorderManager 3.7 servers can implement security policies by application or by user. The Novell BorderManager 3.7 server controls the delivery of network-based services both to and from the internal network. For example, only certain users are allowed to communicate with the Internet, or only certain applications are permitted to establish connections between internal and external hosts.
Typically, users in your organization need e-mail access, Internet access, and remote access. These services can represent security threats to your network because they involve the transmission and reception of packets across the border between your private network (intranet) and the public network (Internet) or other external sources.
Packet filtering provides a number of security options for Novell BorderManager 3.7 servers, including the following:
As the first line of defense, Novell BorderManager 3.7 packet filtering takes a fairly simple approach to network security: it rejects all packets except those that you explicitly instruct it to allow to pass. Your Novell BorderManager 3.7 server's packet filters should be set up to reject unwanted packets and pass all other packets to higher-level, more secure measures, such as a circuit-level gateway or an application gateway.
Two significant benefits can be derived from filtering packets. In addition to protecting your private network from unwanted intruders, you can achieve a sizeable reduction in traffic. If your Novell BorderManager 3.7 server is set up to pass packets to a circuit-level gateway or an application gateway, the fewer packets these components must process, the better performance you will have.
However, packet filters can be difficult to manage. As your set of packet filter rules grows more complex, it becomes easier to generate conflicting rules or mistakenly allow unwanted data in to or out of your intranet. To avoid this problem, your organization must have a security policy that clearly defines the traffic that is to be allowed through the Novell BorderManager 3.7 server.