Gate your network with a firewall to keep out Net threats

Featured eBooks
Artificial Intelligence and Efficiency
Changing Workforce
Future of Tech Infrastructure
Insights & Reports
Delivering Efficiency in Cyber Risk Management for Federal Agencies with a Risk Operations Center
Presented By Qualys
Download Now
Collaboration Challenges Across the US Government
Presented By Carahsoft & Atlassian
Download Now
By GCN

By GCN

|

Today's buzzword among security-conscious government computer professionals is ""firewall.'' If your agency has an Internet connection, I hope there's a firewall between your desktop computer and the outside world. If not, some hacker probably acts as your pseudo-network administrator. A firewall really is nothing more than software or hardware to define and control network access to inside computers from outside computers. It's a one-way gateway (or router) that watches everything going in or out.

Today's buzzword among security-conscious government computer professionals is
""firewall.'' If your agency has an Internet connection, I hope there's a
firewall between your desktop computer and the outside world. If not, some hacker probably
acts as your pseudo-network administrator.


A firewall really is nothing more than software or hardware to define and control
network access to inside computers from outside computers. It's a one-way gateway (or
router) that watches everything going in or out.


We're seeing some world-class firewall products emerge for Microsoft Windows NT from
companies such as Raptor Systems Inc.( http://www.raptor.com
) and CheckPoint Software Technologies Ltd. ( http://www.checkpoint.com
).


Raptor was first with NT-based firewall and network security management, including
real-time monitoring of suspicious activity and security management of remote sites from a
central location.


Raptor's Eagle NT 3.05, due in September, integrates better with the NT operating
system, directly querying the NT domain controller for user names and attributes. That
will make the firewall more efficient and easier to administer--security managerd no
longer will have to re-enter names and attributes.


Eagle NT 3.05 boasts standards-based, interoperable virtual private networking (VPN)
support and very high firewall performance on Digital Equipment Corp.'s 64-bit Alpha
processors. The VPN packet filtering gives extra security across the public network.


In the past, all protocols could pass through the VPN tunnel, though packets were
encrypted. New packet filtering restricts specific applications from passing through the
VPN, which means Telnet sessions could be denied and network management information could
get through.


EagleRemote NT extends network security to remote sites, with the same security
requirements as at headquarters. EagleRemote NT and EagleLAN NT will make it possible to
manage even global networks from one central location, dramatically reducing
administrative costs. And token-ring and 100-megabit/sec Fast Ethernets are supported,
too.


The firewall's Domain Name Service (DNS) proxy protects internal names from the public.
For internal requests, DNS resolves internal and external names into their IP addresses.
It automatically determines a server's internal names, freeing the user from re-entering
the names in Eagle NT.


Eagle supports the Data Encryption Standard and RC2, an RSA Data Security Inc.
algorithm licensed for export and for LAN-to-LAN and client-to-LAN connections.


Encrypted clients run Eagle Mobile software for Windows for Workgroups, NT and Windows
95. For authentication, Eagle supports passwords and S/Key, SecurID and CryptoCard Inc.'s
CryptoCard tokens. However, authentication is available only for preconfigured protocols.


Eagle NT 3.05 seals off the network by shutting down after sending an alert. There's a
Suspicious Activity Monitor and a tool called Vulture to kill intruding processes on the
firewall.


CheckPoint Software's FireWall-1 for NT extends a proven package available until now
only for Unix platforms. It also has VPN support, user authentication and client
authentication. Users have consistently recognized FireWall-1's flexibility,
extensibility, high security and performance.


This package has both NT and Windows 95 management interfaces--the administrator can
install, configure and manage the firewall either locally via an NT interface or remotely
via a Win95 GUI. FireWall-1 for NT is interoperable with FireWall-1 installations on
SunSoft Solaris and Hewlett-Packard HP-UX platforms, so the administrator could manage all
FireWall-1 installations networkwide from any Win95 or NT desktop.


That eliminates the need for Unix expertise to manage security policy.


If you're serious about increasing your firewall knowledge, the National Computer
Security Association is the premier provider of security, reliability and ethics
information and services, as well as independent certification for firewalls.


Study NCSA's Web site at http://www.ncsa.com.
  


It's time to get up to speed on firewalls. Don't wait until your agency network has
been attacked. Arm yourself now with as much knowledge as possible, and then keep your
fingers tightly crossed.


Charles S. Kelly is a computer systems analyst at the National Science Foundation.
You can e-mail him on the Internet at ckelly@cpcug.org.
  This column expresses his personal views, not the official views of NSF.


NEXT STORY: Defense makes critical system switch to GCCS

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.