logo.gif (2680 bytes) banleft.gif (971 bytes) Borderware banrighttop.gif (8491 bytes)
topgraf.gif (667 bytes) clearban.gif (979 bytes) banrightbot.gif (2320 bytes)
Home
Up
Borderware
Firewall Q & A
Web Development
botgraf.gif (4005 bytes)
 12.gif (44 bytes)

Borderware Firewall and Internet Server

 

 

 

Overview

The BorderWare Firewall Server is the complete Internet gateway and security system in one. It prevents access by unauthorized users to a trusted internal network while giving internal users the benefits of full access to the Internet.

The BorderWare Firewall Server combines everything needed to link to the Internet, incorporating application servers like Mail, News, WWW, FTP and DNS.
Border uses its intimate knowledge of the application processes and protocols to examine, control, audit and validate all network traffic to and from the trusted network.
It works with any PC, MAC or UNIX Internet application.
It is transparent to internal users.

 

SYSTEM OVERVIEW

 

Transparent Proxies

Traditional firewalls require either logging into the firewall system or modifying client applications using library routines such as "SOCKS". Experience has shown that both these approaches are costly, error prone and insecure. BorderWare's transparent proxy approach permits any off-the-shelf software such as the Beame & Whiteside BW-Connect TCP/IP pachage, Netmanage Chameleon, The AIR Series, FTP OnNet and standard UNIX networking software to operate transparently through the firewall. It also eliminates the risks associated with logins to the firewall or having a "system guru" modify applications. All proxies can be independently enabled and disabled. Proxies can also be restricted, based on source / destination IP address, time-of-day and day-of-week.

 

Network Address Translation

The BorderWare Firewall Server automatically translates all internal IP addresses into a single external address. All outbound traffic appears to originate from a single BorderWare IP address. This completely hides all internal addresses from access by unauthorized users. The re-mapping greatly simplifies Internet connectivity because non-registered internal network addresses do not have to be modified.

 

Integrated Secure Application Servers

The BorderWare Firewall Server includes support for all standard application needs including Mail, News, FTP, Name Service and WWW. Each application is completely isolated so attempts to compromise one server can have no effect on any others. All servers have been designed from a security perspective and have been subjected to a rigorous security hardening process.

"Hardening" means eliminating system features that reduce the security in a standard operating system but which are not necessary in a firewall. Even if an attacker breaks through a server, s/he is isolated in a controlled environment, unable to affect other services or penetrate beyond the firewall.

 

Packet Level Screening

Many routers filter packets entering the network which is an inadequate security shield. All IP packets going between the internal network and the external network must pass through the BorderWare Firewall Server, which features interface-specific, kernel-level packet filters. Additional user definable rules can further restrict access to services.

 

Administration

The BorderWare Firewall Server offers secure remote administration for central administration in a multi-site environment. It also has a diagnostic menu for network troubleshooting.

 

Audit Trail

Log files are kept for all connection requests and server activity. The comprehensive audit support also allows logging abilities to remote hosts.

 

Alarms

Alarms can be configured to trigger E-mail, pop-up windows, local printer and / or halt the system.

 

SECURE SERVER NET (SSN)

The Problem

A firewall protects internal networks from the Internet, but when the internal networks want to offer services to the Internet, where are the servers placed with regards to the firewall? If the servers are placed on the external side of the firewall, they are exposed and unprotected.

 

The Solution

Internet servers can be truly secure through Border's SSN. It expands the current firewall capability by offering a drop-in solution that allows the deployment of arbitrary third party services without compromising security.

The BorderWare Secure Server Net adds a third interface to the firewall server for deploying any number of TCP/IP servers providing application services. Companies can establish user defined proxies allowing access to the Secure Server Net in a manner most suitable for them.

 

SSN Benefits

servers isolated from the internal network.
firewall treats servers as external to protect internal network.
servers still protected by the firewall
servers completely hidden from the external network.
allows access to public or customer information without compromising security.
allows users to select the best in third party application servers without compromising security.
compatible and transparent access to leading third-party application suppliers.

Authentication

The BorderWare Firewall Server supports Secure ID and CryptoCard DES encryption based electronic challenge and response authentication cards. With the card, a user can telnet to the internal network from an external network. As soon as a person requests a Telnet session, s/he is prompted for a user name and a user specific challenge. After entering the PIN number on the electronic card, the user verifies the challenge and is given the response. The next Telnet attempt would require a different response.

 

For more information on authentication:

 
CryptoCard
Security Dynamics

 

For more information on BorderWare:

 
Borderware

 
 

STN, Inc.
2127 Espey Court, Suite 100
Crofton, MD 21114
Voice: (800) 321-1969 or (410) 721-4004
Voice - DC Metro Area: (301) 858-0110
Fax: (410) 721-9011

Copyright © 2000.  All rights reserved.
Revised: November 3, 2000