194 IBM Tivoli Remote C ontrol Across Firewalls
In the outbound direction, NAT converts the unregistered addresses into valid
registered Internet addresses. In the inbound direction, NAT converts the
registered Internet address back to the unregistered addresses.
Furthermore, by using NAT, addresses in the private network are hidden from the
external world providing an additional level of security. However, NAT doesnt
apply to the clients that communicate with internet usin g a proxy or Socks,
because their addresses are not exposed and the TCP/IP connections are
anyway broken at the firewall.
Virtual Private Networks
A Virtual Private Network (VPN) is an extension of an enterprise's private intranet
across a backbone network, which typically will be a public backbone such as the
Internet. VPN allows the user to obscure the real data being sent between two
private networks and also allows you to be assured of the identity of the session
partners and the authenticity of the messages, that is, by creating a secure
connection to protect the data while it is in transit over the backbone.
The VPN tunnel uses the open IPSec secur ity standards to protect your data
from modification or disclosure while it is travelling between firewalls. Your data
will flow within a VPN tunnel, which can provide data origin authentication,
confidentiality, and integrity checking on every packet. IPSec protocols can keep
your data private, hiding it from any eavesdroppers on the public network. Packet
filtering in the firewall can be used in conjunction with IPSec technologies to
further protect your intranets from unwanted intrusions.
VPN tunnels can be established between pairs of firewalls or between the
firewall and any other device (client, router, server, or firewall) that supports the
latest open IPSec standards. Encryption support can include 3DES, DES, and
CDMF. Authentication support includes HMAC-MD5 and HMAC-SHA.
Log management
The log management utility is a very important feature of any firewall. Firewall
logging should be both very detailed and precise. The firewall log should be able
to capture all the important activities across the firewall, and it is very important
that it should have the features like generating alerts based on various important
criteria for organizational needs. The number of ways alerts can be generated
include pager notification, email notification, and logging into some alert log file
when a certain threshold set is reached. Some sample thresholds migh t include:
a certain number of authentication failures with in a given time, or the number
frequent attempts on some deny policy/rule, etc. However, this again depends on
ones own requirements. Finally, the firewall log management should provide the
facility for proper log archiving and report generation.