Structure and components of the BARRICADE

STRUCTURE AND COMPONENTS OF THE BARRICADE

The Firewall Kernel

The firewall is the most important component of the BARRICADE. Its purpose is to separate the internal secure network from the external unsecure one, to protect the internal network from illegal external access and to control the information flow from the LAN to outside world.

In the firewall the packets are filtered to prevent the attacks based on the forgery of the IP addresses. The firewall kernel does not route any packets. The data are exchanged between internal and external networks through the application layer gateways only.

The Proxies

The proxies are special applications transferring requests from the internal network to the external servers. This mediating is for other applications more or less transparent, depending on the protocol. The external server sees the request coming from only one computer - from the firewall.

The WWW Proxy

The WWW proxy transfers the HTTP, FTP or Gopher requests from WWW browsers to corresponding servers and returns the responses in the HTML format. Most of the modern browsers support the use of the proxies and so their existence is generally not notcied by the users. The WWW proxy has also the buffering function, allowing to read a repedetly accessed document from the local buffer and thus considerably reducing the load of the external communications channel.

NNTP and IRC Proxies

Usenet News and Internet Relay Chat gateways transfer the requests from the internal network to the external news and chat server. Any client can be used, no special support is needed.

Telnet and FTP Proxies

Telnet and FTP proxies mediate the Telnet and FTP sessions from the internal network to the external one. In contrast to the NNTP and IRC gateways (requiring a single server specified by the system configuration), the Telnet and FTP gateways allow to connect to arbitrary external host. The user has to create two connections: at first, to the firewall gateway, and then to the external computer.

SOCKS

The SOCKS is a general-purpose gateway allowing to create arbitrary TCP connections by a client having corresponding support capabilities. The use of SOCKS client library makes the firewall completely transparent for the ordinary user.

The Mail Proxy

The mail proxy is the most complicated one and requires the cooperation of three programs; two of these (smap and sendmail) run in the firewall, the third one runs on the internal netwok host where the user mailboxes are located.

Usually, the sendmail program is used on UNIX computers to exchange email. The sendmail is very powerful and more security holes have been found in it than in any other program. This possible security risk is eliminated in the firewall by replacing the sendmail with the simple and easily checked smap mailer which takes care of the mail exchange with external computers. The incoming messages are fed to the sendmail for further processing. The sendmail will now run in the secure environment and thus presents no security risk any more.

The messages for the users are transferred to the mail server in the internal network, where users' mailboxes are located.

The Name Server

The name server (DNS server) converts IP addresses to the host names and vice versa. The server is split into two subservers: the internal name server accessible from the internal network only, and the public name server accessible from any computer.

The Information Servers

The Public HTTP Server

The BARRICADE contains a preconfigured public HTTP server, therefore it's very easy to set up a home page for your company.

The Public FTP Server

The Public FTP server allows two-way file exchange with other Internet users.

The DHCP Server

DHCP (Dynamic Host Configuration Protocol) allows to automatize the addition of the workstations to the internal network - from the subnetwork mask and the namee server address to the automatic and conflict-free distribution of the IP addresses.

The Configuration Server

This is a special WWW server through which some 99% of the firewall configuration is carried out. The familiar graphical user interface hides the tedious details of the firewall management, allowing to set the BARRICADE up fast and easy.

Реклама: Мини гидростанция самодельная

моторы лодочные хонда