At 01:34 PM 11/13/96 -0800, Per-Henning Valderhaug wrote:
>Has anyone checked out the IPX/IP gateway from Novell?
One of our customers is evaluating it at the moment, but no news yet.
>The Novell IPX/IP gateway ships with Novell Intranetware, and Novell
>states that it provides a safe way to connect to the Internet.
>
>How would you consider this approach compared to a standard firefall,
>with repect to security? Which aspects of security is not handled by
>this type of firewall/gateway?
>
>The same questions applies to the NOV*IX suite from Firefox (now FTP
>Software), CiscoPro Internet Junction, Bay Networks Instant Internet,
>Quarterdeck Iware Connect etc.
Generally, these products may be able to protect your network, provided you
can *guarantee* there are no IP stacks loaded on any of your machines (other
than the Novell server). The problems start when people (for example) have
Windows 95 and decide to load their own IP stack. Any communication not
sent through the IP-IPX gateway is not protected by whatever mechanism the
gateway provides.
Another concern is logging. Some of these products are good at it, others
aren't. So, depending on your auditing requirements you may have to shop
around. Nov*ix provides logging by Novell user name, which has gone down
well with some of our more tracking-oriented customers :-).
All in all, as usual, you have to understand your needs and policies before
you can decide whether a particular product will help you. We have a couple
of customers using IP-IPX gateways *and* other firewall products. Each
component provides some element of their overall security plan.
It's unfortunate that the term "firewall" has come to mean so many things,
but that's marketing for you...
Hope this helps,
Ian
-----
Ian Poynter ian @
jerboa .
com
Jerboa, Inc. +1-617-492-8084
PO Box 382648, Cambridge, MA 02238 www.jerboa.com
Providing Internet consulting for businesses.
Follow-Ups:
|
|
