IBM 3.8 Garage Door Opener User Manual


 
Appendix B. Introducing firewalls 193
SecureWay Policy Director integration with firewall
The SecureWay Policy Director administers (writes to) the SecureWay Directory,
which is IBM's implementation of the lightweight directory access protocol
(LDAP). The firewall can access (reads from) the SecureWay Directory to
authenticate firewall users of the following types of proxy services:
FTP
Telnet
HTTP
Socks
Some firewalls provide the facility to customize a user exit to support any other
authentication mechanism. The IBM SecureWay firewall includes an application
programming interface (API) to help you define your own authentication
technique. And if you choose to authenticate users with passwords, the rules are
robust. The firewalls apply extensive password rules to ensure that nontrivial
passwords are used.
DNS and mail gateways
Access to the domain name records of the secure network is of great assistance
to intruders, because it gives them a list of hosts to attack. A subverted DNS
server can also provide an access route for an intruder. So, the name server
configured on the firewall is essential. From the external network, the name
server on the firewall only knows itself and never gives out information on the
internal IP network. From the internal network, this name server knows the
Internet and is very useful for accessing any machine on the Internet by its name.
Mail is one of the primary reasons why an organization would want to access the
Internet. Mail gateways control mail traversal through your network, allowing mail
to flow securely inside and outside of your network. One of the important features
of mail gateways can include domain name hiding for outgoing mail, which
means hiding internal naming conventions and addresses from outside world so
that mail appears to be coming from the firewall.
Network address translation (NAT)
Originally NAT was developed as a solution to the IP depletion problem. The idea
of NAT is based on the fact that only a small portion of the hosts in a private
network are communicating with the outside world at any point of time. Each host
is assigned a valid address from the official IP address pool only when it has to
communicate with the outside world.