Monday, August 16, 2004
Internet Firewall Protection
Over the past year, the Internet has gone from a network used by the developers and techies to the precursor to the much-hyped Information Superhighway that is populated by a million new users each month. Along the way, businesses are looking into whether they can give their customers new and better services with the Internet. But the thread running through many management information-services directors' minds is: How can I connect to the Internet and not get burned?
An Internet firewall is the embodiment of a security policy that should implement whatever access controls your organization has deemed necessary and appropriate between your private network and the rest of the world. There are many different types of firewalls and techniques for implementing them. Typically what an organization wants as an Internet access policy is something like: ``let everyone on our network access the Internet, but don't let anyone from the Internet into our network except authorized users.'' This access policy relies on two fundamental components: enforcing the access control and determining what an ``authorized user'' really is.
This tutorial examines using software modules to solve some firewall implementation issues regarding log-in and user authentication. The approach we'll examine uses some of the proxies.
A firewall policy must be flexible enough to respond to business changes, new partnerships and different network connections. The firewall must be able to keep up with the new protocols that continually develop for the Internet.
Many firewalls now include intrusion detection and virus protection features, but these additions can give a false sense of security--and generate needless expense--to organizations that have no overarching security strategy.
Adding to the complexity of firewall strategy is the concept of putting personal firewalls on employees' home computers and laptops, which has taken off in the past year or so. The latest operating systems support virtual private networks (VPNs), which provide secure encrypted sessions between trusted parties in a way transparent to users.
The company's PGP Desktop Security 7.0 combines intrusion detection, anti-virus software and VPNs with enterprise management features. This doesn't mean that such a product is a plug-and-play solution, however. "Home users can't be depended on to configure and manage those firewalls themselves," Ishikawa warns.
A potential customer also should ascertain whether the firewall vendor supports standard protocols for VPNs, such as IPSec and Internet Key Exchange. This protection is especially important for knowledge management applications that may be shared across companies or with outside users.
An Internet firewall is the embodiment of a security policy that should implement whatever access controls your organization has deemed necessary and appropriate between your private network and the rest of the world. There are many different types of firewalls and techniques for implementing them. Typically what an organization wants as an Internet access policy is something like: ``let everyone on our network access the Internet, but don't let anyone from the Internet into our network except authorized users.'' This access policy relies on two fundamental components: enforcing the access control and determining what an ``authorized user'' really is.
This tutorial examines using software modules to solve some firewall implementation issues regarding log-in and user authentication. The approach we'll examine uses some of the proxies.
A firewall policy must be flexible enough to respond to business changes, new partnerships and different network connections. The firewall must be able to keep up with the new protocols that continually develop for the Internet.
Many firewalls now include intrusion detection and virus protection features, but these additions can give a false sense of security--and generate needless expense--to organizations that have no overarching security strategy.
Adding to the complexity of firewall strategy is the concept of putting personal firewalls on employees' home computers and laptops, which has taken off in the past year or so. The latest operating systems support virtual private networks (VPNs), which provide secure encrypted sessions between trusted parties in a way transparent to users.
The company's PGP Desktop Security 7.0 combines intrusion detection, anti-virus software and VPNs with enterprise management features. This doesn't mean that such a product is a plug-and-play solution, however. "Home users can't be depended on to configure and manage those firewalls themselves," Ishikawa warns.
A potential customer also should ascertain whether the firewall vendor supports standard protocols for VPNs, such as IPSec and Internet Key Exchange. This protection is especially important for knowledge management applications that may be shared across companies or with outside users.
# posted by firewall software @ 7:56 PM 
