7
Copyright © 1990-2011 Norman ASA
Norman Network Protection
Administrator Guide
Introduction | Implementation
Implementation
Network Protection machines can be placed anywhere within a network. Network Protection can be
used in a number of ways to protect all or parts of a network. The following paragraphs will describe
some common scenarios where it can be used to minimize the infection risk from viruses and other
malware.
Home or small office network
The most common method of connecting a network to the Internet is through a gateway server. All
requests to the Internet from the network clients are then seen to originate from this gateway server.
Traffic from the Internet to the client is also seen to originate from this server. By placing the Network
Protection server between the gateway and the LAN, as shown in Figure 2, it protects the entire LAN
from malicious code entering from the Internet.
Figure 2: Protecting a small office or home network
Business network
A business will usually connect to the Internet in the same way as a small office network. The dif-
ference is that the business network will have a number of resources it can make available to the
Internet. These resources are most likely an email server, a web server, and an FTP server. These
servers are normally placed in a demilitarized zone (DMZ) through a separate connection to the fire-
wall.
The firewall divides the network into an untrusted zone, a trusted zone, and a demilitarized zone
(DMZ). Network Protection thus protects the LAN from both the Internet and machines in the DMZ.
The DMZ is also protected from the Internet, providing a belt-and-braces security to the entire net-
work.