MIDWESTERN INTERMEDIATE UNIT IV – A CASE STUDY IN INTERNET SECURITY
WatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA 98104 www.watchguard.com
10
any desktop application by simply right-clicking on the Firebox SSL Secure Access icon and selecting the person
with whom they want to collaborate.
Operation Through NAT Firewalls and Proxies
The Firebox SSL VPN Gateway tunnel is established using HTTPS, Proxied HTTPS, or SOCKS. This makes it firewall
friendly and thus allows computers to reliably access private networks from behind another organization’s firewalls
without requiring reconfiguration of the network or client.
Encryption Algorithms
The Firebox SSL VPN Gateway tunnel is encrypted with SSL/TLS. Whole data streams are encrypted, including any
header information, such as the IP header. The Firebox SSL VPN Gateway supports 196-bit encryption, as well as
higher or lower bit values set in the certificate. The Firebox SSL VPN Gateway also supports all OpenSSL ciphers:
CAST, CAST5, DES, Triple-DES, IDEA, RC2, RC4, and RC5.
Handling Bi-Directional Protocols
FTP and many real-time voice applications require the client to establish a connection with the server, which in turn
creates a new connection with the client. For these applications, the Citrix® Secure Access client is able to provide
the local application a private IP address which the WatchGuard Firebox SSL VPN Gateway will use on the internal
network to maintain bi-directional communications between the client and the server.
Performance and Real-time Traffic
Many applications, such as voice and video, are real-time, and therefore implemented over UDP. With these
applications, it is more important to deliver packets in real time than to ensure that all packets are delivered. How-
ever, with any tunneling technology over TCP, such real-time performance requirements cannot be met.
The WatchGuard Firebox SSL VPN Gateway overcomes this issue by routing UDP packets over the secure tunnel as
custom IP packets that do not require TCP acknowledgements. Even if the packets get lost in the network, there is
no attempt made by either the client or the server applications to regenerate them, so real-time (UDP-like) perfor-
mance is achieved over a secure, TCP-based tunnel.
The Secure Access Client Approach
The WatchGuard Firebox SSL VPN Gateway provides secure remote network-level access to an organization’s
networks and all applications, over SSL/TLS. This application is appropriate for employees accessing the
organization remotely and for intranet access from restricted LANs such as wireless networks and client sites.
With the WatchGuard Firebox SSL VPN, features such as Always-On roaming, integrated endpoint security, and
remote control are integrated into the product, instead of requiring point product purchases for these
requirements.
KIOSK MODE
The Kiosk Mode is designed to provide access to corporate resources from public computers such as those found
in Internet café’s or libraries in addition a range of other devices such as PDA’s which can support a Java Virtual
Machine.
(54 pages)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels