94
Chapter 14: Managing General TCP Services With Authentication
This is not an exhaustive list. The circuit proxy is protocol neutral, so you can tunnel a
variety of other stream-based applications. Weigh the risks carefully for each
application.
You can configure the circuit proxy to allow connections based on:
•
username
•
source host name
•
source IP address
•
source port
•
destination host name
•
destination IP address
•
destination port
Using these options, you can configure your firewall to allow certain users to use a
database server on a machine outside the defense perimeter. Employees working
outside the perimeter can access important services inside the perimeter.
The strong authentication features of the circuit proxy require users to authenticate
before connecting, if required. The circuit proxy also logs all successful and unsuccessful
connection attempts, and the amount of data transferred.
These access controls allow you to have much more control over the connections to and
from your system than without a firewall The logging capabilities are also much more
extensive.
How It Works
The firewall runs the circuit proxy (ck-gw) as a daemon on a user specified port (generally
on a port above 1024). The user initiates the connection by TELNETing to the port where
the circuit proxy is listening (which is a different port than the port on which the service
runs). When the proxy receives a request on this port, it checks its configuration
information (in the netperm-table) and determines whether the initiating host has
permission to initiate this type of connection. If the host has permission, the circuit proxy
authenticates the user with the authentication server specified in the configuration
information.
Содержание Gauntlet
Страница 1: ...Gauntlet for IRIX Administrator s Guide Document Number 007 2826 004 ...
Страница 16: ......
Страница 26: ......
Страница 27: ...PART ONE Understanding the Gauntlet Internet Firewall I ...
Страница 28: ......
Страница 43: ...PART TWO Configuring and Using Proxies II ...
Страница 44: ......
Страница 50: ......
Страница 56: ......
Страница 64: ......
Страница 72: ......
Страница 94: ......
Страница 109: ...PART THREE Administering General Gauntlet Firewall Services III ...
Страница 110: ......
Страница 140: ......
Страница 146: ...120 Chapter 17 The Graphical Management Interface Figure 17 3 Gauntlet Introductory Management Form 1 of 3 ...
Страница 147: ...Introductory Management Form 121 Figure 17 4 Gauntlet Introductory Management Form 2 of 3 ...
Страница 148: ...122 Chapter 17 The Graphical Management Interface Figure 17 5 Gauntlet Introductory Management Form 3 of 3 ...
Страница 150: ...124 Chapter 17 The Graphical Management Interface Figure 17 6 Networks and Interfaces Configuration Form 1 of 2 ...
Страница 151: ...Networks and Interfaces Configuration Form 125 Figure 17 7 Networks and Interfaces Configuration Form 2 of 2 ...
Страница 155: ...Routing Configuration Form 129 Figure 17 8 Routing Configuration Form ...
Страница 162: ...136 Chapter 17 The Graphical Management Interface Figure 17 10 Proxy Servers Configuration Form 1 of 3 ...
Страница 163: ...Proxy Servers Configuration Form 137 Figure 17 11 Proxy Servers Configuration Form 2 of 3 ...
Страница 164: ...138 Chapter 17 The Graphical Management Interface Figure 17 12 Proxy Servers Configuration Form 3 of 3 ...
Страница 170: ...144 Chapter 17 The Graphical Management Interface Figure 17 13 DNS Configuration Form 1 of 2 ...
Страница 171: ...DNS Configuration Form 145 Figure 17 14 DNS Configuration Form 2 of 2 ...
Страница 177: ...Sendmail on Gauntlet Servers 151 Figure 17 15 Sendmail Configuration Form ...
Страница 187: ...Logfiles and Reports Configuration Form 161 Figure 17 20 Reports and Logfiles Form 1 of 2 ...
Страница 191: ...Authorizing Users Form 165 Figure 17 22 Authorizing Users Form ...
Страница 192: ...166 Chapter 17 The Graphical Management Interface Figure 17 23 Add User Form ...
Страница 214: ......
Страница 232: ......
Страница 233: ...Appendixes IV ...
Страница 234: ......
Страница 294: ......
Страница 305: ......