192 IBM Tivoli Remote Control Across Firewalls
This means that, when connecting through a proxy server, the TCP/IP
connections are broken at the firewall, so the potential for compromising the
secure network is reduced. Users may be required to authenticate themselves,
using one of a number of authentication methods.
One major advantage inherent in proxy servers is internal address hiding. All
outbound proxy connections use the firewall address. Another major advantage
of the proxy server is security. Proxy servers are designed to guard against
security weaknesses, which might be on the client machine.
Socks
Socks is a circuit-level gateway that hides the internal network. The Socks server
is similar to a proxy server in that the session is broken at the firewall. The
difference is that Socks can support all applications instead of requiring a unique
proxy for each application. This requires a special “Socksified” client software
(client that is Socks-aware) to connect to the Socks server. Socksified clients are
available with many applications like Netscape Navigator or Microsoft Internet
Explorer, or through TCP/IP software such as Aventail AutoSocks. Socks
Protocol Version 5 is the latest standard, which enables the clients to pass an
authentication stage before accessing applications on the other side of network.
Authentication
Firewalls can authenticate users with a variety of authentication methods. Users
can access useful information on the Internet, without compromising the security
of their internal networks.
Authentication just means, use of a password or a stronger method to access
your network. This is especially useful when you want to log in remotely, such as
when you are traveling or working at home. firewalls can authenticate users with
a variety of authentication methods. Users can access useful information on the
Internet, without compromising the security of their internal networks.
We describe two of the stronger and more sophisticated methods we tested here
to help the user understand this topic: tested with IBM SecureWay firewall.
Security Dynamics SecurID token
The authentication method from Security Dynamics includes a user ID and a
SecurID token. When you log in remotely, you get your password from the
SecurID token. The password changes every 60 seconds and is good for
one-time use only. So, even if someone does intercept your password over the
open network, the password is not valid for additional use.