-v nv - ibmpublib.boulder.ibm.com/tividd/td/sw_fs/sbsup/ko_ko/pdf/ct6rzko.pdfl %g 8: l %:...
TRANSCRIPT
Windows NT ® W AIXk IBM SecureWay ®
Boundary Server
C[!- v`nv
v| 2.0
GA30-1012-00
IBM
Windows NT ® W AIXk IBM SecureWay ®
Boundary Server
C[!- v`nv
v| 2.0
GA30-1012-00
IBM
V
L %z L %!- vxOB &0; gkOb |! 47 dLvG :NOB. VGgW;! VB O] $8& P8JC@.
L %: 3$G! /0Q p^L xB Q IBM SecureWay Boundary Server&0(GA30-1012-00)G v| 2, 1.: 0, v$
G 0 W pg DS 1.:M v$G! {kKOY.
gG(1999b 10y)
© Copyright International Business Machines Corporation 1999. All rights reserved.
qw
L %! kO) . . . . . . . . . . . . . . . . . . . . . . . . vii
L %G gkZ . . . . . . . . . . . . . . . . . . . . . . . . vii
2000b kq . . . . . . . . . . . . . . . . . . . . . . . . vii
-q: W vx . . . . . . . . . . . . . . . . . . . . . . . . vii
L %G 8: . . . . . . . . . . . . . . . . . . . . . . . .viii
kJ . . . . . . . . . . . . . . . . . . . . . . . . . . .viii
% $8 . . . . . . . . . . . . . . . . . . . . . . . . . . ix
uNn bI . . . . . . . . . . . . . . . . . . . . . . . . . ix
SecureWay Policy DirectorMG kU . . . . . . . . . . . . . . . ix
slC ?2:. . . . . . . . . . . . . . . . . . . . . . . . x
'T w\ . . . . . . . . . . . . . . . . . . . . . . . . . x
IBM SecureWay Firewall 4.1. . . . . . . . . . . . . . . . . . x
SecureWayk MIMEsweeper 2.0 . . . . . . . . . . . . . . . . xii
SurfinGate 4.05. . . . . . . . . . . . . . . . . . . . . . xiv
&1e SecureWay Boundary Server3d . . . . . . . . . . . . . . 1
O]{N SecureWay Boundary Server9& . . . . . . . . . . . . . . 2
&2e IBM SecureWay Boundary Server R3 . . . . . . . . . . . . 5
SecureWay Boundary Server$G . . . . . . . . . . . . . . . . . 5
SecureWay Boundary Server! JdQ L/ . . . . . . . . . . . . . . 6
FirstSecure! SecureWay Boundary Server& B_B f} . . . . . . . . . 6
SecureWay Boundary ServerG 8:dR . . . . . . . . . . . . . . . 6
IBM SecureWay Boundary Server3d . . . . . . . . . . . . . . 7
IBM SecureWay Policy Director3d . . . . . . . . . . . . . . . 7
IBM SecureWay Firewall3d . . . . . . . . . . . . . . . . . 8
MIMEsweeper3d . . . . . . . . . . . . . . . . . . . . . 8
SurfinGate3d . . . . . . . . . . . . . . . . . . . . . . 10
&3e SecureWay Boundary Server& 3!Ob |! . . . . . . . . . . 13
Xq f}. . . . . . . . . . . . . . . . . . . . . . . . . . 13
SecureWay Policy DirectorMG kU . . . . . . . . . . . . . . . 13
SecureWay Firewall. . . . . . . . . . . . . . . . . . . . . 14
SecureWay Boundary Server. . . . . . . . . . . . . . . . . . 16
SurfinGate . . . . . . . . . . . . . . . . . . . . . . . . 17
MIMEsweeper. . . . . . . . . . . . . . . . . . . . . . . 17
© Copyright IBM Corp. 1999 iii
&4e IBM SecureWay Boundary Server(SBS)d8gW . . . . . . . . 19
SecureWay Boundary ServerG Oe~n d8gW . . . . . . . . . . . 19
SecureWay Boundary Server! kQ RA.~n d8gW . . . . . . . . . 20
&5e SecureWay Boundary Server3! W 8: . . . . . . . . . . . 21
SecureWay Boundary Server8:dR 3! . . . . . . . . . . . . . . 21
SecureWay Firewall3! . . . . . . . . . . . . . . . . . . . 21
SecureWay Directory3! . . . . . . . . . . . . . . . . . . 21
SecureWay Policy Director3! . . . . . . . . . . . . . . . . 22
SecureWay Boundary Server3! . . . . . . . . . . . . . . . . 22
SurfinGate3! . . . . . . . . . . . . . . . . . . . . . . 23
MIMEsweeper3! . . . . . . . . . . . . . . . . . . . . . 23
SecureWay Boundary Server8:dR 8:. . . . . . . . . . . . . . 24
SecureWay Firewall8: . . . . . . . . . . . . . . . . . . . 24
Policy Director kU; 'Q SecureWay Firewall8: . . . . . . . . . 25
SurfinGateC/WN; gkOb 'Q SecureWay Firewall8:(Windows NT
|k) . . . . . . . . . . . . . . . . . . . . . . . . . 27
MAILsweeper& gkOb 'Q SecureWay Firewall8: . . . . . . . . 28
SecureWay Policy Director8: . . . . . . . . . . . . . . . . 28
SecureWay Directory8: . . . . . . . . . . . . . . . . . . 29
Policy Director kU; 'Q SecureWay Boundary Server8: . . . . . . 29
SurfinGateC/WN; gkR v V5O SecureWay Boundary Server8:
(Windows NT |k) . . . . . . . . . . . . . . . . . . . . 30
SurfinGate8: . . . . . . . . . . . . . . . . . . . . . . 30
MIMEsweeper8: . . . . . . . . . . . . . . . . . . . . . 32
'T w\ . . . . . . . . . . . . . . . . . . . . . . . . . 34
8: W:. . . . . . . . . . . . . . . . . . . . . . . . . . 37
&6e |C .- . . . . . . . . . . . . . . . . . . . . . . . 39
IBM SecureWay FirstSecure. . . . . . . . . . . . . . . . . . . 39
IBM SecureWay Firewall. . . . . . . . . . . . . . . . . . . . 39
MIMEsweeper. . . . . . . . . . . . . . . . . . . . . . . . 40
MAILsweeper . . . . . . . . . . . . . . . . . . . . . . . 40
WEBsweeper . . . . . . . . . . . . . . . . . . . . . . . 40
WEBsweeper HTTPSAOC . . . . . . . . . . . . . . . . . . 40
SurfinGate . . . . . . . . . . . . . . . . . . . . . . . . . 40
NOA. .& Xa . . . . . . . . . . . . . . . . . . . . . . . 41
IBM SecureWay FirewallG xk .& Xa. . . . . . . . . . . . . . 41
iv Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
fN v$ .& . . . . . . . . . . . . . . . . . . . . . . . 41
DNS GP . . . . . . . . . . . . . . . . . . . . . . . . 43
xk .&–MIMEsweeperXa . . . . . . . . . . . . . . . . . . 44
WEBsweeperW MAILsweeperB 0: C:[!- [?Ov JB M 0@OY 44
WEBsweeperG zOH :I . . . . . . . . . . . . . . . . . . 44
WEBsweepersL>: .& . . . . . . . . . . . . . . . . . . 45
WEBsweeperB Tp! + DO; YnNeR ' .&! _}UOY . . . . . 45
xk .&—SurfinGateXa . . . . . . . . . . . . . . . . . . . 46
SurfinConsole: Microsoft Internet Explorer! -A VB ?H!B @dOv
J@OY . . . . . . . . . . . . . . . . . . . . . . . . 46
SurfinGateC/WNG zOH :I . . . . . . . . . . . . . . . . 46
NOB. VGgW . . . . . . . . . . . . . . . . . . . . . . . 47
nOs% . . . . . . . . . . . . . . . . . . . . . . . . . . 48
kn . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
qw v
vi Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
L %! kO)
L %: Windows NT® W AIX k IBM SecureWay®Boundary Serverh9, 3
!, 8:, gk W.m .& Xa f}! kX 3mUOY.
L %G gkZB SecureWay Boundary Server& 3!Om 8:Ob |!
Firewall, VPN, Content SecurityW W.v) |.! kX sgQ vD; !v
m VB ML _dUOY. W.v) ;\!- LgnvB W<:& &nOB
Firewall; 3$Om 8:OGN Uz W.v) [? f}! kX LXX_ UO
Y. /w, IP VR, O|Q L' W.m -jW. 6:)G b;; LXX_ UO
Y.
L %G gkZ
L %: W.v)* IBM SecureWay Boundary Server& 3!, |. W.m g
kOB C:[ 8H |.Z& 'Q MTOY.
2000b kq
Li &0: 2000b! kQ Xq! Gn V@OY. |C .-! {s gkGB f
l LB 20 <bM 21 <b #! /% %LM& CYN 3., &x W.m vE
R v V@OY. \, L &0z T2 gkGB pg &0(9& in, Oe~n, R
A.~n W.m _~n)L $.Q /% %LM& &kN 3/R v Vn_ UO
Y.
-q: W vx
IBM SecureWay FirstSecure&0! wTH pg &0G -q:M vx! kX
-B IBM! .GOJC@. L1 &0 _ ONB IBM L\G vx; d8R v
5 V@OY. L1 &0; FirstSecure&0G ONN ^B fl IBM! .GO)
-q:M vx; ^8JC@.
© Copyright IBM Corp. 1999 vii
L %G 8:
L %: Y=z 0: e8N 8:KOY.
v 1 dLvG :&1e SecureWay Boundary Server3d;B SecureWay Boundary
ServerM W 8:dRG 3d& &xUOY.
v 5 dLvG :&2e IBM SecureWay Boundary ServerR3;B SecureWay
Boundary Server! JdQ L/! kQ $8& &xUOY.
v 21 dLvG :&5e SecureWay Boundary Server3! W 8:;: Windows
NT W AIX n5 <&!-G SecureWay Boundary ServerG 3!M 8:;
3mUOY.
v 13 dLvG :&3e SecureWay Boundary Server& 3!Ob |!;:
SecureWay Boundary ServerG h9 f}! kQ $8& &xUOY.
v 19 dLvG :&4e IBM SecureWay Boundary Server(SBS)d8gW;:
SecureWay Boundary ServerG VR d8gW! kQ $8& &xUOY.
v 39 dLvG :&6e |C .-;B SecureWay Boundary ServerG b8 .-
M |C &0G .-& #; v VB '!& KA]OY.
kJ
L %!-B Y=z 0: T"; gkUOY.
kJ GL
=:< 1Cu, \_ W.m mIz 0: gkZ NMdL:
dR
pk:dL: SecureWay Boundary Server! |CH 8.z p:
d. b;*
-> ^:!- OCG 1CWq; 8)]OY. 9& in,
DO-> G`; 1COi DO; )% D G`; )#
sB Mz 0@OY.
viii Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
% $8
SecureWay Boundary Server! kQ VE ;E $8B Y= % VR!- r;
v V@OY.
http://www.ibm.com/software/security/boundary/library
b8 IBM SecureWay FirstSecure&0! kQ $8B Y= % VR!- r;
v V@OY.
http://www.ibm.com/software/security/firstsecure/library
uNn bI
SecureWay Boundary ServerG v| 2.0!B n !v uNn bIL in V@
OY. !e _dQ u bI: Y=z 0@OY.
SecureWay Policy Director MG kU
SecureWay Policy DirectorB FirewallL SecureWay Boundary Server& gk
R v VB fl Firewall AOC gkZ& |.R v V@OY. Firewall AOC
gkZB Y= Firewall -q:! kX $GKOY.
v Z]
v FTP
v HTTP
v Socks
gkZM W |CH $%: LDAP(Lightweight Directory Access Protocol)%
LM#L:! zeKOY.
SecureWay DirectoryB ze, ;E, Kv W 3/! kX _S '!!- p:d
. $8& /v8vR v V5O LDAP& &xUOY. SecureWay Policy
DirectorB LDAP %LM#L:!- Firewall AOC gkZ& |.UOY.
L %! kO) ix
slC ?2:
slC ?2:: ;k JM5!- W.v) .!HG 8N& \`Ob 'X Finjan
SurfinGateC/WN; gkUOY.
'T w\
mI `: Firewall!- ?{ DENY T"; [:Ob 'X ANW%UOY. 'T
w\: Z? :)3.! kUI v V@OY.
IBM SecureWay Firewall 4.1
Windows NTk IBM SecureWay Firewall: Y=; &xUOY.
x] W<: -q:
Windows NT x] W<: -q:(RAS)B YLs w, ISDN GB
PPP(Point-to-Point Protocol)& gkOB X.25 Lpn& kX W.v)
,a; &xUOY. NDISWAN: RASG ONN &xGm Lu] LAN
%LMM /gO5O bJ& LgB PPP %LM& //OB W.v7 e
sLvTOY.
AIX 4.1k IBM SecureWay Firewall bs
AIX k IBM SecureWay Firewall: Y=; &xUOY.
bsH IPSec vx
IBM SecureWay Firewall 4.1!B 3_-DES O#-, u luG vx;
wTOB bsH IPSec vxL V@OY. LB GQ )/ IBM -v W
slMMG s# 6[ !I:S8 FOs u lu& vxOB 9: q-IBM
VPN &0; vxUOY.
k* Y_AN<-(SMP)
Firewall gkZB .ez :I bs; 'X RS/6000G Y_AN<- b
I; gkR v V@OY.
JM bs
x Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
JMB 8:!- u *: :I; &xR v V5O bsGz@OY. JM
T"G Y% /|; #; '!& 1CO) FirewallG :I; 6$R v
V@OY. L \!5, ,a; gkOB =v! bOKOY.
3$ 6}g
6}gB IBM SecureWay FirewallG Jb 8:; vxUOY. L 3$
6}gB u gkZ! IBM Firewall 3! LD! b; Firewall 8:;
C[Om ESOT G`R v VT UOY.
W.v) 8H (gb
W.v) 8H (gb(NSA)B W.v) -vM Firewall!- 8H 4L
* 8: @y& !KUOY. LB u |#m u _mOT bsGz@OY.
6On! kQ Z9n vx
6On! kQ Z9n vx: L& jszn, w#u%n, 5n, A{:n,
L;.Fn, O;n, Q9n, k8n, :dNn W.m _9n \! _!N
&xKOY.
W.v) VR //
W.v) VR //(NAT): Y-k-O VR JN; vxR v V5O b
sGz@OY. L1 JN: )/ LnO VR GB g3 VR!- w. x
#& gkO) m/Q JN; [:OB nOH {}Q VRN Lgn}O
Y.
AIX W Windows NT !- vxOB xk bI
Security Dynamics ACE/Server
Security Dynamics ACE/ServerB NuG N !v dN; &xUOY. L
bI: bsGm ag{N gm* mG! GQ 'T8NNM W.v)M
%LM Zx; 8#UOY.
8H ^O AOC bs
IBM Firewall 8H ^O AOCB Y=z 0: u bI; wTO) u
m bsGz@OY.
v KAx SPAMers(&\ qO)G ^Cv w\, ^Cv /?:z @d !
I:! kQ Ku .N(xOv JB ^Cv& w\OB KAx f}),
L %! kO) xi
^O ^Cv0 vEN v! kX 8: !IQ Qh, Vk ^Cv )b
! kQ 8: !IQ Qh n; wTOB ]-SPAM Km.r
v -BQ Nu ^?OrzG kU; wTOB anti-spoofingvx
v SNMP .& vx W MADMAN MIB ! kQ vx
v Firewallz Domino #! ^Cv& ,S8N _{R v VB bI; w
TQ ^Cv _{
Socks ANd] v| 5 bs
Socks ANd] v| 5B gkZ ID-O# Nu(UNPW), 5|/@d Nu
(CRAM) W.m Nu C/WN; wTOb 'X wW9LeGz@OY.
bO: gkZ!T NW ^Cv& PyOm bO 9'; v$R ' u 9
: &nG; &xOb 'X bsGz@OY.
HTTP AOC
IBM SecureWay Firewall: IBM WTE(Web Traffic Express)&0;
b]8N Q O|OT .a HTTP AOC 8v; &xUOY. HTTP A
OCB IBM Firewall; kX jslz d;; ?2{8N 3.OGN %
#F8b!- socks-v! JdxT KOY. gkZB ;N W.v)G 8
H; UsC0v Jm NM]!- /kQ $8& W<:R v V@OY.
jslzB HTTP AOC& gkR v V5O 8:Gn_ UOY.
SecureWay k MIMEsweeper 2.0
MIMEsweeper!B MAILsweeper 4.1_2, WEBsweeper 3.2_5W.m
WEBsweeper 1.0_2G 3 !v Vd 8:dR! V@OY. ON bs: Y=z 0
@OY.
MAILsweeper
SMTPk MAILsweeper 4.1_2B Content TechnologiesG VE MIMEsweeper
&08NG Vd wW9LeTOY. LB Y=z 0: u bI; &xUOY.
v gkOb ,n h~{ $% 86B {UQ 6w{ 9'!- 30 gkZnv p
N $%; {kR v VB 6k:; &xUOY.
v jw %X W!H gkZ NMdL:(GUI)B RA.~n 8:, $% [: W |
. [w; \x-UOY.
xii Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
v u PR |^ bI: v| 4G h~{ $% 8vG bITOY. vENL )/
mN ^Cv! kX $%: " vEN!T {kKOY. GQ; N) ^: vE
N: ^Cv& ^B ]i GQ; N) ^v xQ vEN: ENKOY.
v Y_ :9e ^Cv 3.B 3..; bsC0m @y! O* LsG :9e!
- _}R ' *Sv :9e& kX ^Cv 3.& hS x`R v V5O O
) _mT; _!R v V@OY.
v b8 x^w<G YL/: fv &0z ,hO) MAILsweeperB YL/: _
_ W ^CvM 7N $. bI; &xUOY.
v NEAR, AND, NOT W.m OR %v; gkOB m^ X:. P.: ^Cv
8.L* 86& b]8N Q w}{Lm ?z{N C*.@ [:! Vn- v
;- 6k:; &xUOY.
v ODBC #/ !I %LM#L:! %LM& |[OB bsH (g x.
v RJdQ L^O; |[OB M8N KAx gL.& *-OB RBL(Real-Time
Black List) -v& vxUOY. MAILsweeperB L qO! VB #:.MG
,a; ENR v V@OY.
v Content SecurityB L^O .!HG EB{N 8m-/W!A/w.& kX |.
OB ML u 1@OY.
v LDAP p:d.MG kU
v DSN(Delivery Service Notification): L& SNMPM NT f8b& vxUO
Y.
WEBsweeper
v _! :I bs: %LM 3. S5& bsC5OY.
v HTTPM FTP .!H! kQ YL/: :3JM T2 [wUOY.
WEBsweeper HTTPS
v WEBsweeperB L& u HTTPS AOC VgG; kX % b]G |Z sE
! @k ANW%! kQ O|Q vx; &xUOY.
L %! kO) xiii
SurfinGate 4.05
SurfinGatebs!B Y=L wTKOY.
JavaScript ;k Kg
SurfinGate 4.05B ag{8N .&& O83 v VB JavaScript[w;
#F8m 8g 8H $%z f9OB JavaScript& _vUOY. SurfinGate
4.05& kX |.ZB VisualBasic :)3.M m0! kQ :6. JM
5z T2 JavaScript, JavaW.m ActiveX! kQ $%; _S!- 3
$Om -& {kUOY.
S+ _d :I pOM5
SurfinGate 4.05!B q$s{N ?[(9& in, 18S @y); __O
m eVG fl SurfinGate& YC C[OB Z? xL in V@OY. L
B S+ _d 5*!- _dQ 8H bITOY.
u!H $% |.
SurfinGateB Z? w\; 'X P.Gv J: VC4 ANDO; %LM
#L:! TBUOY. |.ZB VC4/&n qO; m}R v V@OY.
FTP W SSL ANd] vx
SurfinGate 4.05B pt Ze! kX FTP(File Transfer Protocol)$N
; pOMOi- p#B gL! NM]! "n in% v VB Ze& (
CUOY. FTP \! SurfinGateB pt Ze! kX HTTP .!H; p
OMOm HTTPS .!H; _! e!N |^UOY.
Firewall HTTP AOCMG C/WN kU
SurfinGateB AOC <N!- AOCN [?OE* Windows NTk
FirewallG WTE! VB C/WN; kX AOCN [?UOY.
xiv Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
&1e SecureWay Boundary Server 3d
L 9&B MAILsweeper, WEBsweeper, Policy DirectorW.m SurfinGate8
:dR& gkO) Firewall; gkOB ,sLp.M -v #! % .!Hz ^
O; pOMOm fN v$OB 53G v):WLG; 8)]OY. L 9&!- G
&N P.H 53G v):WLG; gkUOY.
W2 1. IBM SecureWay Boundary Server8: 9&
© Copyright IBM Corp. 1999 1
O]{N SecureWay Boundary Server 9&
VR 3$; 'X Y=z 0: C:[; gkOB ML YwwUOY.
% 1. Boundary Server8:dR &0; 'Q Oe~n d8gW
&0 C:[
IBM Firewall Windows NT GB AIX
MAILsweeper Windows NT
WEBsweeper Windows NT
SurfinGate Windows NT
SecureWay Boundary Server& fPw 0kOAi W.v)! SecureWay Policy
Director! Vn_ UOY. L& kX Firewall AOC gkZ& SecureWay
Directory(LDAP)! zeR v V@OY.
HTTP 9&(Windows NT Firewall): O]{N C*.@!- NM] ;k! k
Q HTTP d;: ,sLp. C:[!- C[UOY. d;: Uz WEBsweeperN
L?UOY. FtYne fN!- d;: WEBsweeper! GX Firewall HTTP A
OCN AOCKOY.
Firewall HTTP AOC!- gkZB NuKOY. LML ,sLp. <GG 9 d
;Li gkZ ID/O#& TBX_ UOY. gkZ IDB Policy Director!- |
.OB LDAP %LM#L:! VB ,sLp.G 8H $%; #B% gkKOY.
,sLp.! kQ HTTP Nu $%z TBH O# .N az! {s d;; E
NOE* hS x`O5O ckR v V@OY. Nu [w!-B LDAP %LM#
L:* Security Dynamics ACE-v& u W<:X_ GB fl5 V@OY. 0
: <GG DS d;! kX jslzB gkZ ID/O#& Z?8N &xUOY.
,sLp.!- gkZ ID/O#& d8Ov Jv8 9 d;z 0: AN<:& k
X " d;: hS NuKOY.
&kN NuH fl d;: NM]!- d;H -vN AOCKOY.
Firewall HTTP AOC!- NM] -vG ;k; YC vEOi SurfinGateC
/WN!- L& 6gUOY. LDAP %LM#L:!- r: gkZG Wl $8
B $% a$G bX8N o; v V5O C/WN!- gkR v VT KOY. ;
k! SurfinGate!T _dQ ;kL x8i LB VRQG 3. @vleM T2
C/WN; |#T kzUOY. JavaScript! in VB ;k: C/WN!- J
2 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
MKOY. Java* ActiveX! in VB ;k: SurfinGate-vN |^Gn JM
Gm JMH ;k: Firewall HTTP AOCN .OKOY. SurfinGate C/WN
3. azN ;k: YC WEBsweeper-vN |[KOY.
;kL YC WEBsweeper-vN 9F@i WEBsweeper$%! {s JMGm
,sLp.N YC .OKOY.
HTTP 9&(AIX Firewall): AIX !- .!HG e': AIX Firewall!- gk
R v VB SurfinGateC/WNL xB fl& &\OmB ;z{8N ?OUO
Y. W/GN, SurfinGate-vB ,sLp.!- Firewallnv Lgnx AOC <
N!- AOCN 3$Gn_ UOY. WEBsweeperB d;; w" Firewall HTTP
AOCN |^OB kE SurfinGate -vN |^O5O 3$Gn_ UOY. W/
i SurfinGate-vB d;; Firewall HTTP AOCN |^O5O 8:X_ U
OY. SurfinGate-v!- Wl $8& gkR v x8GN $% a$: IP VR
8; bX8N o@OY.
^O 9&: MAILsweeperB ^O TL.~LN 3$KOY. MAILsweeper -v
! 5xOB ^O: Y= ^O -vN |^Gb |! W ;kL JMKOY.
8H ^O -v6Y ,sLp. ^O d;; MAILsweeper -vN |^O5O 8
:X_ UOY. Firewall ^O 3/b& 8:O) vE ^O; MAILsweeper -
vN |^X_ UOY.
MAILsweeperB VR! \N 5^N8N Gn VB ^O; Firewall ^O 3/
bN |[R v V5O 8:Gn_ UOY. MAILsweeperB VR! ;N 5^N
8N Gn VB ^O; CY% 8H ^O -vN |[R v V5O 8:Gn_ U
OY.
&1e SecureWay Boundary Server3d 3
4 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
&2e IBM SecureWay Boundary Server R3
; e!-B SecureWay Boundary Server3d& &xOg Y=z 0: =G8
N Lgn. V@OY.
v :SecureWay Boundary Server$G;
v 6 dLvG :SecureWay Boundary Server! JdQ L/;
v 6 dLvG :FirstSecure! SecureWay Boundary Server& B_B f};
v 6 dLvG :SecureWay Boundary ServerG 8:dR;
SecureWay Boundary Server $G
IBM SecureWay Boundary ServerB 3=8N O.Q fh 8H VgG; QZ
.! pF uR@OY. SecureWay Boundary ServerB Firewall 8#, VPN(virtual
private network)W.m Content Security& &xUOY. SecureWay Boundary
ServerB 8H jwG bz; IBMG vxz -q:N ^^'GB kUH VgG
V pF uR@OY. L VgG!B Y=L in V@OY.
v IBM SecureWay Firewall 4.1(Security Dynamic ACE/ServerwT)
v Content TechnologiesG MIMEsweeper
– MAILsweeper 4.1_2
– WEBsweeper 3.2_5
– WEBsweeper HTTPSAOC 1.0_2
v FinjanG SurfinGate 4.05
– SurfinGate-v
– SurfinConsole
– SurfinGate%LM#L:
– Windows NT 1.0k WTE kU! kQ SurfinGateC/WN
© Copyright IBM Corp. 1999 5
SecureWay Boundary Server ! JdQ L/
8H fhB #vOn5 W N{ Zxz 0: N- #, ;g W.v)M vg #,
g; W.v)M NM] #, 8gG % @k ANW%z m4 #, g; W.v)
* @k ANW%z 5w D.J # n pg w! JdUOY. fh 8H: W.
v), @k ANW% W $8& 8#R S8 FOs W |'& .eOb5 UO
Y. {}Q fh 8H!-B W.v)& W<:R v VB ZM W.v)!- T
BGE* bBGB $8& &nR v V@OY.
FirstSecure ! SecureWay Boundary Server & B_B f}
IBM SecureWay FirstSecureB kUH &0G P0vTOY. LB NM]z b
8 W.v)!- LgnvB W.v7G pg xi; 8HR v V5O w}{N
A9Sv)& &xUOY. LB vg uZQ M '! s# [k !IQ pbG f
D8N 8`Om 8H e-businessR/GG Q qk; VR-OB% 5r; ]O
Y. LB YL/:NNM 8#X Vm W<: &n, .!H ;k &n, O#-, p
vP Nu, Firewall, x6 W.m 8v -q:& &xUOY.
Boundary ServerB FirstSecure! BB &0 P0vTOY. LB ag{8N /
XQ YL/:(86 YL/: :5 &0 gk), JavaScript, JavaVC4, ActiveX
&n W.m JdxB L^O(SPAM); w\R ' gkR v VB NM]! k
Q fh& 8lOY. Boundary Server& !vm NM]!- W.v)N TBR ;
k; $.OT &nR v V@OY. SecureWay Policy Director& gkOi
Firewall AOC gkZM W Nu $%; |.R v V@OY.
SecureWay Boundary Server G 8:dR
SecureWay Boundary ServerG 3!v 8:dRB IBM Firewall, MIMEsweeper
W SurfinGateTOY. SecureWay Boundary ServerB IBM SecureWay Policy
DirectorM kUKOY.
6 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
IBM SecureWay Boundary Server 3d
IBM SecureWay Boundary ServerB + TpG 6wL W #MAsLn& m4,
x^wZ W.m D.J!T H|OT 3fO) |Z sE!! Vn- JdQ 8
#, W<: &n W.m Content Security& &xUOY. bI!B Y=L wTK
OY.
v W.v)! kQ Firewall 8#
v W.v)G |'& .eOb 'Q VPN(Virtual Private Network)
v 8gG %LM, LLv W.m EZ5M }j:; 8#Ob 'Q L^O W %
.!H! kQ ;k :3J
SecureWay Boundary ServerB W P_!- VmG bz; IBMG vxz -q
:N ^^'GB kUH VgG! pF uR@OY. LB AIX M Windows NT
n5 <&!- gk !IUOY.
SecureWay Boundary Server bI
SecureWay Boundary ServerB P6 JM5, AOC W Socks -v bzz
Content Security& {kO) W.v)M C:[; {bm 8#UOY. L1 bz
; kX |.ZB W.v)M Vm ^; v VB %LM& mC{8N $GR v
V@OY. LB ″-q: x]G EN″M X?! W.v)! 'TO) {}Q G+
& &QOv xO5O fvOB% 5r; ]OY. SecureWay Boundary ServerB
VPN VgG; &xO) x] -vM p) p)& NM] b] VgG8N k<
R v VT UOY.
Policy Director, SecureWay Boundary ServerB _S $% b] h9; gkO
) gkZ Nu; &xUOY. SecureWay Boundary Server!- YL/: fv
RA.~n& gkO) gkZ gL.& YL/:NNM 8#R v V@OY.
IBM SecureWay Policy Director 3d
Policy DirectorB v.{8N PjGn VB N.s]z ":.s]!- Zx;
O.OT 8HOB 63| GQ N) W 8H |. VgGTOY. ":.s]: W
<: &nM 8H bI; gkO) 1CH !TZ! NM]! "SH O* LsG
N.s]; gkOB fl W |'& &QOB VPN(virtual private network)T
OY. Policy DirectorB Nu, GQ N), %LM 8H W.m Zx |. -q:
&2e IBM SecureWay Boundary ServerR3 7
& &xUOY. Policy Director& %X NM] b] @k ANW%z ,hO) H
|Om _ |.H N.s]z ":.s]; 8`R v V@OY.
IBM SecureWay Policy Director bI
SecureWay Boundary ServerM T2 gkOB fl IBM SecureWay Policy
DirectorB AOC gkZ $%z Nu $8G ze5*; &xUOY.
IBM SecureWay Firewall 3d
IBM SecureWay Firewall: W.v) 8H ANW%TOY. Firewall: O* L
sG g3 ;N 8H W.v)M b8 W.v)* NM] #G w\7TOY.
Firewall: xOv JE* GQL N)Gv J: kEL 8H W.v)! in!
E* *@v J5O 7F]OY.
IBM SecureWay Firewall bI
IBM SecureWay Firewall: 8#H W.v), NM] W.m b8 W.v) <
. #! LgnvB W<:& &QUOY. LB GQ Y=; v`UOY.
v E_w &nH wN.! gwiL in!v xO5O &QUOY.
v x]Z! b8 fn7! "YOv xO5O 7@OY.
v gwiL E_w &nH wN.!- *@v xO5O &QUOY.
v ;N Firewall: GQL N)Gv J: wxL _dQ ;N $8! "YOv x
O5O P.UOY.
v W.v)! in!E* *C v VB .!H; &QUOY.
MIMEsweeper 3d
MIMEsweeperB |Z lmL* ye MLe %; kX Firewall; kzOB %
LM& P.O) Content Security& &xUOY. Content Security& kX 6w
: L^Oz ye MLe % gk! |CH w+ .&& ?z{8N |.R v V
@OY. L1 .&B W.v) kU:z w+ kU:8N *- v V@OY.
W.v) kU: JM58N Y=; v`R v V@OY.
v vE GB [E L^O! VB YL/:& D0Om &EUOY.
v xOv JB DO /|; JMUOY.
8 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
v J+ + DO; |.UOY.
v $<* ^O QU x]8N NQ -q: /GNNM W.v)& 8#UOY.
w+ kU: JM58N Y=; v`R v V@OY.
v bP )3z E! bPG /G; 7@OY.
v {}Q G+G kb; &QUOY.
v wxL L^Oz ye MLe % -q:& _x gkO) /GGB g; YT
OY.
v _x gkOE* {k{N x]8N NQ W.v) -q: /GNNM 8#UO
Y.
W.v) kU:; 'yOi %LMB QUGE* vvvm L^O e': _\G
g C:[ Oe~n! QUI v VGN, L pg M! GX W.v)! _\Gm
}j:L zOGg qQ $. W 98 qkL iT KOY.
W/* w+ kU:; 'yOi N@ u D+{Ln- v;- }{ qkL iT G
m v{ nO$8! /GGg 8gG m:z EZ5! 8]; TT KOY. w+
kU: .&B w+& $vC3 v V@OY.
MIMEsweeperB 6w!- L^Oz NM]; gkO) _}OB W.v) W w
+ kU: .&NNM 6w; 8#OB wh& 15OB &0TOY.
MIMEsweeper bI
MIMEsweeperB Y=; v`R v V@OY.
v {}Q ENZ& FtYne ^O! _!UOY.
v bP .-M %LM& 8#UOY.
v L^Oz % b] gkZ!T GQ; N)Om &nUOY.
v {k{N Za& ].OE* w\UOY.
v RJdQ L^O; w\UOY.
v 7N& :5Om {UQ ;k; YnNeUOY.
v YL/:M /XQ Ze& _vUOY.
v N{}Q % dLvM gL.& w\UOY.
&2e IBM SecureWay Boundary ServerR3 9
v 8m, NW W 88UOY.
SurfinGate 3d
SurfinGate 4.05B w+ .#hG! NM], ":.s] GB N.s]; gkO
B pg w+G pt Ze 8H xTOY. JavaScript& wTQ pt ZeG ;k
Kg& kX SurfinGateB {k{LE* jw 88 0?, %LM v$ W.m $
8 h&& wTQ Nv RD#G QU8NNM D;M W.v)& 8#R v V5
O vxUOY. SurfinGateG ;k Kg AN<:B _dQ Zx!- 3n. VB
TL.~L 9'!- Java, JavaScriptW.m ActiveX pt Ze ;k; KgO
m !IQ 8H )v& K.B Ze! m/Q IDM VC4 8H ANDO(ASP)
; RgUOY. SurfinGateB ag{8N .&& O83 v VB Ze! W.v)
! in !b |! L& D0UOY.
SurfinGate 4.05!B 4!v 8:dR! V@OY.
v SurfinGate-v
v SurfinConsole
v SurfinGate%LM#L:
v Windows NTk WTE kU! kQ SurfinGateC/WN
SurfinGate-vB HTTP AOC -vN [?UOY. SurfinGateB Firewall HTTP
AOCM WEBsweeperAOCM T2 AOC <NG ONN h!R v V@OY.
Windows NT! kX L& Firewall HTTP C/WN! kQ C/WN8N gk
I v5 V@OY. C/WN8N gkGB fl SurfinGateB d;OB AOC g
kZ! kX Wl $8& !.IOY. SurfinGateJM5 $%: L Wl $8&
bX8N UOY. L 86!-B C:[ x]L _}Ob |! pt Ze .!H
; $vOm KdR v V@OY. L 8:dRB 8g 8H $%0N 8#& &x
UOY.
SurfinConsole: pt Ze! kX _S 8g 8H $%; |.Om 3$OB g
kZ!T #wQ NMdL:TOY. SurfinConsole: W.v)!- )/ SurfinGate
-v& &nR v Vm gkZ* Wl0 8g |]! ID GB gkZ 3! qO
L* ck RI W ck !I Ze& kX pt Ze T"; -& G`R v V@
OY.
10 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
SurfinGate %LM#L:B gkZM Wl W.m W Xg 8H $%! |Q $
8& wTO) VC4 8H ANDO(ASP)G <NgW; zeUOY. %LM#L
:B ;eH W<: %LM#L: #xL* b8G Oracle %LM#L:& gkR
v V@OY. SurfinGateB pg pt ZeG ;k; ?{8N 6gOGN %LM
#L:B 8H! Jd xv8 kTpG 6[!- :I bs! 5r; ]OY.
SurfinGate G bI
SurfinGateB Y=; &xUOY.
v JavaVC4, ActiveX &n, JavaScript! kQ TL.~L 9' ;k 6g -
v
v GC# pOM5, ?{ 6g
v % b] pt Ze! kQ 8H $% -& G`
v ″pt Ze″(9& in, JavaVC4, ActiveX &n, JavaScript, Visual Basic
:)3., C/WN, m0)G 6g
SurfinGateB AOC <N!- GB Windows NTk FirewallG WTE C/WN
; kX AOCM T2 [?R v V@OY.
&2e IBM SecureWay Boundary ServerR3 11
12 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
&3e SecureWay Boundary Server & 3!Ob |!
; e!-B 6}g& gkO) SecureWay Boundary Server3!& XqOB
f}; 8)]OY. LB Y=z 0: =G8N Lgn. V@OY.
v :Xq f};
v 16 dLvG :SecureWay Boundary Server;
Xq f}
; =G!-B SecureWay Boundary ServerG 8:dR& XqOB f}; 8)
]OY.
SecureWay Policy Director MG kU
Windows NT* AIX !- b; IBM SecureWay Policy Director& 3$OAi
Y=; v`OJC@.
1. n5 <&! Policy Director& vxR v V5O &kN 8:Gn VBv .
NUOY.
2. |3 d8gW! !e _ BB -v 8:dRM L1 8:dR& 3!R C:
[; a$UOY.
3. DCE ON86! xB fl!B L& 3!Om 8:UOY.
4. SecureWay Directory(LDAP)& 3!Om 8:UOY.
5. ,sLp. Nu-& NuOB fl!B CAS(Certificate Authorization Service)
& 8:UOY.
6. NetSEAT ,sLp.& 3!UOY.
7. Policy Director -v 8:dR& 3!UOY.
8. |. \V; 3!UOY.
Policy Director! kQ Z<Q ;k: Policy Director Up and Running 3.0;
|6OJC@.
© Copyright IBM Corp. 1999 13
SecureWay Firewall
Windows NT* AIX !- b; IBM Firewall; 3$OAi Y=; v`OJC
@.
1. 19 dLvG :SecureWay Boundary ServerG Oe~n d8gW;! *-H
d8gW; ._m VBv .NUOY.
2. IBM Firewall 3$; h9UOY. L. gkR Firewall bIz W k5& a
$UOY.
3. Firewall!T W.v) 8H; 'X W NMdL: _ n2 ML ,aGn V
Bv KA]OY. FirewallL &kN [?OAi 8H NMdL:M q8H N
MdL:! Vn_ UOY. 8: ,sLp. =v ..!- C:[ |. zu
& -m NMdL:& -/ Firewall! VB W.v) NMdL: qO; >
OY. NMdL:G 8H sB& /fOAi NMdL:& 1COm /f; )
(OY.
V: NM]! "SOAi ISP(Internet Service Provider)! ,aO) Firewall
q8H NMdL:G nOH IP VR& .8UOY.
4. C:[ |. zu!- 8H $% k- sZ& W<:O) O] 8H $%; 3
$UOY. O]{N, Firewall 8:! kX
v DNS 68& ckUOY
v q8H NMdL:! kQ jNe3:. ^Cv& ENUOY
v q8H npM! kQ Socks& ENUOY
5. 5^N L' -q:M ^O -q:& 3$UOY. DNS Xs5& &xOv J
8i ?2{N kEL Lgnvv J@OY. 8: ,sLp. =v ..G C
:[ |. zu!- L1 bI; W<:UOY.
6. 8: ,sLp. =v ..G W.v) @j'. bI; gkO) Firewall!
-G W.v)(i) Vd dR& $GUOY. W.v) @j'.B Firewall; k
X .!H; 6}UOY. Y= Vd dR& W.v) @j'.N $GOJC@.
v FirewallG 8H NMdL:
v FirewallG q8H NMdL:
v 8H W.v)
v 8H W.v)!-G " -jW.
14 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
v XgOB fl Security Dynamics-vM Windows NT 5^N -v!
kQ #:. W.v) @j'.
7. Firewall!- -q:& gkR v VT UOY. LB 8H W.v)! VB g
kZ! q8H W.v)& W<:R ' gkOB ^Re(9& in, socks G
B AOC)TOY. 8vGB -q:B h9 \T!- LgnvB a$! GX
^s}OY. -q:& 8vR ' /$ /|G .!H; ckOAi ON ,a
8:; 3$X_ UOY. 9& in, 8H gkZ! HTTP AOC& gkO)
NM]G %; =vR v VT OAi FirewallG HTTP AOC pU; 8:
R S8 FOs ,a; 3$O) HTTP .!H; ckX_ UOY. Policy
Director& 3$OB fl 13 dLvG :SecureWay Policy DirectorMG k
U;& |6OJC@.
8. Windows NT |k: um nAvvB AN<:! GX NETBIOS& gkR
v xT GGN Nu!- Windows NT 5^N O#& gkOAi NuOb
'X EZR v VB Windows NT 5^N; =vR v VB bI; 8vO
B Windows ,sLp. Ze& 8:X_ UOY. EZR v VB Windows
NT -v!B TCP/IP #:. L'z VR! Vn_ Og LM Firewall gL
!B TCP/IP ,a:L Vn_ UOY. Firewall |.ZB Firewallz EZR
v VB Windows NT -v& ,aO) -N #! .!HL e#5O X_ U
OY.
9. W.v) VR //; gkOB fl Uz ISP! "SO) Y-k-O VR /
/! gkR nOH NM] VR& .8OJC@. L VRB 14 dLvG 3 \
h!- d;Q VR! _!Q MTOY. W1 D NAT 8: _! PNN L?
O) nOH NM] VR& Y-k-O IP VR Je! _!OJC@.
L1 \h& v`Oi b; Firewall 8:L G`KOY. IBM Firewall: W.v
) 8H; .NR v V5O C:[ NWM 0: b8 bI; &xUOY.
FirewallL $s{8N* q$s{8N >aOB fl 8: %LMB Oe esL
j! zeGm YC NCR ' Z?8N YC 0:-GGN 5b; ^v J@O
Y. W/*, 0:-H FTP <Gz 0: ON 0:-H ,aL NM4.Gz=; K
AVB /$ Firewall NW ^Cv! _}UOY.
&3e SecureWay Boundary Server& 3!Ob |! 15
SecureWay Boundary Server
SecureWay Boundary Server6}g& gkO) Policy DirectorM kUOb '
X gkZ |.!- IBM SecureWay Policy Director& gkR v V5O Firewall
; 3$UOY. 1C{8N, L 6}gB Firewall HTTP AOC& 8:O) Nu
$8& SurfinGateC/WN(Windows NT |k)! |^UOY.
Firewall! kX IBM SecureWay Boundary Server& 8:R ' JdQ $8B
Y=z 0@OY.
v FirewallL gkR IBM SecureWay Directory-vG #:. L'z 5^N.
v IBM SecureWay Directory-v! ;kOB w.G v. b; w.B 389TO
Y.
v IBM SecureWay Directory-vG SecurityMasterO#.
v L Firewall!- AOC gkZ& 8POb 'X gkOB 5^N L'. L L
'; gkOB pg Firewall: 0: gkZ <.& |.UOY. O]{8N,
Firewall C:[G O|Q #:. L'; gkOT KOY.
v SecureWay Directory! zeH AOC gkZ& W<:R ' gkOB Firewall
|.Z L'. L L': SecureWay Policy Director!- [:H pg AOC
gkZ& v$R v V5O W<:! ckKOY. Firewall C:[G O|Q #
:. L'; gkX_ UOY.
v IBM SecureWay Directory! %LM#L:!- Firewall gkZ =v; C[
OB g.N gkOB DN(Distinguished Name).LB Policy Director gk
Z& zeOb 'X SecureWay Directory!- [:Q "LgLn_ UOY.
v IBM SecureWay Directory-v! ,aR ' gkR FirewallG |.Z ID
G O#.
Firewallz SecureWay Directory-v gL! .!HL e#5O ,a; [:X
_ UOY.
19 dLvG :SecureWay Boundary ServerG Oe~n d8gW;! *-H d
8gW; ._m VBv .NUOY.
16 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
SurfinGate
SurfinGate& gkOAi Windows NT Service Pack 5! 3!Gn Vn_ U
OY. 19 dLvG :SecureWay Boundary ServerG Oe~n d8gW;! *-
H d8gW; ._m VBv .NUOY.
Y=; v`O) SurfinGate& gkOJC@.
v Oracle %LM#L:& gkOB fl L& 8:X_ UOY.
v Windows NT Firewall; gkOB fl C/WN; gkR MNv FOi A
OC pe& gkR MNv a$X_ UOY.
v WTE!- SurfinGateC/WN; gkOAi Firewall C:[! SurfinGateC
/WN; 3!Om SecureWay Boundary Server6}g& 3!UOY.
v SurfinGateC/WN!- SurfinGate-vN .!HL e#5O OAi ,a;
[:X_ UOY.
MIMEsweeper
MIMEsweeper& gkOAi W.v)G [? f}; LXX_ UOY. 19 dL
vG :SecureWay Boundary ServerG Oe~n d8gW;! *-H d8gW;
._m VBv .NUOY.
MAILsweeper
MIMEsweeper& 8:OB fl MAILsweeperM WEBsweeper& -N Y% C
:[! 3!X_ UOY.
MAILsweeper& 8:Ob |! Y= [w; v`OJC@.
v ;N{8N gkOB ^O 5^N; a$UOY. MAILsweeperM Firewall ^
O 3/bB ""G ^O 5^N! kX ^O; ^; v V5O 8:Gn_ U
OY.
v 5^N; vxOB 8H ^O -v& a$UOY. MAILsweeperB VR! ^
O 5^N8N Gn VB ^O; CY% 8H ^O -vN |[R v V5O
8:Gn_ UOY.
&3e SecureWay Boundary Server& 3!Ob |! 17
:
:
v MAILsweeper -vG VR& a$UOY. ""G 8H ^O -vB ;N ,s
Lp.!- vEQ ^O; MAILsweeper -vN |^R v V5O 8:Gn_
UOY.
v FirewallG VR& a$UOY. MAILsweeperB VR! \N 5^N8N Gn
VB ^O; Firewall ^O 3/bN |^O5O 8:Gn_ UOY.
WEBsweeper
WEBsweeper& 8:Ob |! Y= [w; v`OJC@.
v WEBsweeper-vG VR& a$UOY. LB W.v)G " ,sLp. % j
slz!- JdUOY. jslzB WEBsweeper-v& HTTP, FTP W.m
HTTPSG AOCN gkR v V5O 8:Gn_ UOY.
v FirewallG 8H NMdL: VR& a$UOY. WEBsweeperB AOC d;
; Firewall! sVOB HTTP AOCN |^R v V5O 8:Gn_ UOY.
v ,sLp.! % ;k JM5; }+Ov J5O OAi Firewall!- ,a; 3
$O) WEBsweeperW/GB SurfinGate -v! kQ AOC W<:& &Q
X_ UOY.
18 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
&4e IBM SecureWay Boundary Server(SBS) d8gW
; e!-B SecureWay Boundary ServerG VRQG d8gW; &xUOY.
SecureWay Boundary Server G Oe~n d8gW
Boundary Server8:dR &0! kQ Oe~n d8gW: Y= %! V@O
Y.
% 2. Boundary Server8:dR &0; 'Q Oe~n d8gW
Boundary Server
8:dR
bh /| p:) x# ^p. b8
Policy Director N/A 64 MB 16 MB N/A
IBM Firewall v Windows NT:
266 MHz Ls
v AIX: 4.3.2& vx
OB RS/6000 C
:[
Windows NT: 200
MB
AIX: 200 MB
Windows NT: 64
MB
AIX: 128 MB
W.v) NMdL:
+e(NIC) 23
ACE/Server v Windows NT:
166 MHz Ls(\
O AN<-8)
v AIX: AIX 4.2 &
vxOB bh
v b; -v RA.
~n: 50 MB
v iw -v: 22MB
v Jb gkZ %L
M#L:: 4MB
v 3!: 240MB
VR: 32MB G& boe! Jd
.: gkZ v!
{s Y(OY.
MAILsweeper Windows NT: 400
MHz LsG AN<
-
1 GB 128 MB N/A
WEBsweeper Windows NT: 450
MHz LsG AN<
-
1 GB 128 MB N/A
m<} /f! kQ
WEBsweeper C:
[ d8gW
Windows NT: 450
MHz LsG AN<
-
3 GB 512 MB N/A
SurfinGate 4.05
Server
Windows NT: 233
MHz LsG AN<
-
20 MB 256 MB N/A
© Copyright IBM Corp. 1999 19
% 2. Boundary Server8:dR &0; 'Q Oe~n d8gW (hS)
SurfinGate 4.05
Console
Windows NT: 233
MHz LsG AN<
-
15 MB 64 MB N/A
V: Z<Q ;k! kX-B AIX k IBM SecureWay FirewallL* )/ pn!
kQ Windows NT v| 3$ W 3!& |6OJC@. GQ, Netscape
Browser! kX-B p:) x#L 138 MB JdUOY.
SecureWay Boundary Server ! kQ RA.~n d8gW
Boundary Server8:dR &0! kQ RA.~n d8gW: Y= %! V@
OY.
% 3. Boundary Server8:dR &0! kQ VRQG RA.~n d8gW
&0 Windows AIX b8
Policy Director -v Service Pack 5! 3!H
Windows NT v| 4.0
4.3.1 N/A
IBM Firewall Service Pack 5! 3!H
Windows NT v| 4.0
4.3.2 N/A
SecureWay Boundary
Server
IBM SecureWay
Firewall 4.1
IBM SecureWay
Firewall 4.1
N/A
MAILsweeper Service Pack 5! 3!H
Windows NT v| 4.0,
Internet Explorer 4.01
Ls, Microsoft
Management Console
1.1, NTFS esLj,
Windows Messaging
N/A gkR YL/: fv x
WEBsweeper Service Pack 5! 3!H
Windows NT v| 4.0
N/A gkR YL/: fv x
SurfinGate Server Service Pack 5! 3!H
Windows NT 4.0 v|
N/A N/A
SurfinGate 4.05
Console
Service Pack 5! 3!H
Windows NT v| 4.0
GB Windows 95
N/A N/A
20 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
&5e SecureWay Boundary Server 3! W 8:
; e!-B Windows NTM AIX !- SecureWay Boundary Server& 8:O
m 3!OB f}; KA]OY.
v :SecureWay Boundary Server8:dR 3!;
v 24 dLvG :SecureWay Boundary Server8:dR 8:;
v 34 dLvG :'T w\;
SecureWay Boundary Server 8:dR 3!
; =G!-B Windows NTM AIX k IBM SecureWay Firewall, SurfinGate
W.m MIMEsweeper& 3!R v V5O 5M]OY.
SecureWay Firewall 3!
Windows NT W AIX k IBM SecureWay FirewallV kQ Z<Q ;k: 13
dLvG :Xq f};; |6OJC@. LB 8H NMdL:& $GOB f}, 8
H $%; a$OB f} W.m W.v) @j'.& $GOB f}; 3mUO
Y. SecureWay Firewall3!! kQ Z<Q ;k: IBM SecureWay Firewall
Installation Guide for AIXW IBM SecureWay Firewall Installation Guide for
Windows NT& |6OJC@.
SecureWay Directory 3!
SecureWay Boundary ServerG LDAP bI; gkOB fl SecureWay
Directory& 3!X_ OB% IBM SecureWay Policy Director Up and Running
3.0; |6OJC@.
SecureWay Directory-vB gkZG Firewall 8H ;N! '!X VE*
Firewall 8H DMZ! V@OY.
© Copyright IBM Corp. 1999 21
SecureWay Policy Director 3!
SecureWay Boundary ServerG LDAP bI; gkOB fl SecureWay Policy
Director& 3!X_ UOY(IBM SecureWay Policy Director Up and Running
3.0 |6).
SecureWay Boundary Server 3!
Windows NT!- SecureWay Boundary Server& 3!OAi Y=; v`OJ
C@.
v Windows NTk SecureWay Firewall; 3!UOY.
v SecureWay Boundary Server CD!- setup.exe& G`UOY.
v pn& 1COm .N; )(OY.
v InstallShieldB SecureWay Boundary Server& np! 3!Om M:v /@
OY. Windows NT b; p:d.B C:\Program Files\IBM\SBSTOY.
v YC N.UOY.
AIX !- SecureWay Boundary Server& 3!OAi Y=; v`OJC@.
v AIX k SecureWay Firewall; 3!UOY.
v CD& pTOm SMITTY& gkO) 3!UOY.
v RA.~n 3! W /v8v& 1CUOY.
v RA.~n 3! W ;E; 1CUOY.
v gk !IQ VE RA.~n!- 3! W ;E; 1CUOY.
v TB e!& d8OB fl 1CWq; *-Om CD-ROM esLj& 1CU
OY.
v 3!R RA.~n 1CWq; *-Om sbs& 1CUOY.
v Enter& -/ RA.~n& 3!UOY.
v YC N.UOY.
22 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
SurfinGate 3!
SurfinGate!B SurfinGate ServerM SurfinGate ConsoleG N 8:dR! V@
OY. SurfinGateG N 8:dR_ O*& 3!OAi SurfinGate CDG
\docs\install.pdf! VB 3! H;-& |6OJC@.
SurfinGate C/WN
Windows NTk IBM SecureWay Firewall! SurfinGate C/WN; 3!OA
i SurfinGate CDG \docs p:d.! '!Q 3! H;-& |6OJC@.
MIMEsweeper 3!
MIMEsweeper!B MAILsweeper, WEBsweeperW.m WEBsweeper HTTPS
n 3!v 8:dR! V@OY.
MAILsweeper 4.1: NTFS D<G! 3!Gn_ UOY.
MAILsweeper 3!
MAILsweeper& 3!OAi MIMEsweeper CDG \install\MSW4_0_2
\docs\qsg.pdf! VB Getting Started Guide& |6OJC@.
MAILsweeper& WEBsweeper HTTPAOCM 0: C:[! 3!Ov 6JC
@.
MAILsweeper& WEBsweeper HTTPSAOCM 0: C:[! 3!Ov 6J
C@.
WIndows NT CD!- MAPI32.dll; 3!Q D MIMEsweeper CD!-
Microsoft |. \V 1.1; 3!Oi MAPI32.dllG CY% v|L Microsoft |
. \Vz T2 3!H * 9' v|8N cD2)}OY. Microsoft |. \V;
3!Q D ]eC MAPI32.dll v| 4.0 Ls; 3!OJC@. dll: 8k
Windows Messaging8:dR! V@OY.
WEBsweeper 3!
WEBsweeper& 3!OAi MIMEsweeper CDG \install\WSW3_2_5\d
ocs\manual.pdf! '!Q |.Z H;-& |6OJC@.
WEBsweeper& MAILsweeperM 0: C:[! 3!Ov 6JC@.
&5e SecureWay Boundary Server3! W 8: 23
:
:
WEBsweeper HTTPS 3!
WEBsweeper HTTPS& 3!OAi MIMEsweeper CDG \install
\WSWHTTPS1_0_2\readme.txt! '!Q Readme& |6OJC@.
WEBsweeper HTTPSAOC& MAILsweeperM 0: C:[! 3!Ov 6J
C@.
SecureWay Boundary Server 8:dR 8:
SecureWay Firewall 8:
b; IBM Forewall 3$! kX:
1. IBM Firewall 3$; h9UOY. L. gkR Firewall bIz W k5& a
$UOY.
2. Firewall!T W.v) 8H; 'X W NMdL: _ n2 ML ,aGn V
Bv KA]OY. FirewallL &kN [?OAi 8H NMdL:M q8H N
MdL:! Vn_ UOY. 8: ,sLp. =v ..!- C:[ |. zu
& -m NMdL:& -/ Firewall! VB W.v) NMdL: qO; >
OY. NMdL:G 8H sB& /fOAi NMdL:& 1COm /f; )
(OY.
3. C:[ |. zu!- 8H $% k- sZ& W<:O) O] 8H $%; 3
$UOY. O]{N, Firewall 8:! kX
v DNS 68& ckUOY.
v q8H NMdL:! kQ jNe3:. ^Cv& ENUOY.
v q8H npM! kQ Socks& ENUOY.
4. 5^N L' -q:M ^O -q:& 3$UOY. DNS Xs5& &xOv J
8i ?2{N kEL Lgnvv J@OY. 8: ,sLp. =v ..G C
:[ |. zu!- L1 bI; W<:UOY.
5. 8: ,sLp. =v ..G W.v) @j'. bI; gkO) Firewall!
-G W.v) Vd dR& $GUOY. W.v) @j'.B Firewall; kX
.!H; 6}UOY. Y= Vd dR& W.v) @j'.N $GOJC@.
v FirewallG 8H NMdL:
24 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
v FirewallG q8H NMdL:
v 8H W.v)
v 8H W.v)!-G " -jW.
v XgOB fl Security Dynamics-vM Windows NT 5^N -v! k
Q #:. W.v) @j'.
6. Firewall!- -q:& gkR v VT UOY. LB 8H W.v)! VB g
kZ! q8H W.v)& W<:R ' gkOB ^Re(9& in, socks G
B AOC)TOY. 8vGB -q:B h9 \h!- LgnvB a$! GX
^s}OY. -q:& 8vR 'B /$ /|G .!H; ckOb 'X ON
,a 8:; 3$X_ UOY. 9& in, 8H gkZ! HTTP AOC& g
kO) NM]G %; =vR v VT OAi FirewallG HTTP AOC pU
; 8:R S8 FOs ,a; 3$O) HTTP .!H; ckX_ UOY.
7. Firewall gkZ& 3$UOY. FtYne % W<:M 0: bIL* Firewall
|.Z! kQ NuL JdOi L1 gkZ& Firewall!- $GX_ UOY.
SecureWay Policy Director& gkO) AOC gkZ& LDAP! zeOB
fl AOC gkZ& [:Ov 6JC@. Policy Director \V; gkO)
Policy Director 8: _! Firewall AOC gkZ& [:UOY.
L1 \h& v`Oi b; Firewall 8:L C[Gm G`KOY. IBM Firewall
: W.v) 8H; .NR v V5O C:[ NWM 0: b8 bI; &xUO
Y.
FirewallL $s{8N* q$s{8N >aOB fl 8: %LMB Oe esL
j! zeGm YC NCR ' Z?8N g0:-GGN 5b; ^v J@OY. W
/*, 0:-H FTP <Gz 0: ON 0:-H ,aL NM4.Gz=; KAV
B /$ Firewall NW ^Cv! _}UOY.
Policy Director kU; 'Q SecureWay Firewall 8:
Firewall: Policy DirectorMG kU; 0kOb 'X IBM SecureWay Policy
Director& SecureWay Boundary Server6}gM T2 gkR v V5O 8:
Gn_ UOY. IBM SecureWay Policy Director! gkGv J8i AOC g
kZB Firewall W!H gkZ NMdL:(GUI)88N $GKOY. L1 gkZ
B SecureWay Policy Director!- |.R v x@OY.
&5e SecureWay Boundary Server3! W 8: 25
SecureWay Firewall: SecureWay DirectoryM kER v V5O ,aL Lg
n}OY. SecureWay DirectoryB FirewallG 8HJN 8H DMZ* 8H W.
v)! Vn_ UOY.
,a 3$! kQ Z<Q ;k: IBM SecureWay Firewall User’s Guide for
Windows NTW IBM SecureWay Firewall User’s Guide for AIX& |6OJ
C@. ,a 3$ $8B Y=z 0@OY.
d;! kX Y=: FtYne T"; 3$OB% JdQ WqTOY.
v R:B FirewallG 8H npM VR! KOY.
v ks: SecureWay DirectoryVR! KOY.
v R: w.B 10238Y .OY.
v ks w.B 389M 0@OY.
v NMdL:B 8HL KOY.
v slC: NCTOY.
v fb: FtYneTOY.
@d! kX Y=: NYne T"; 3$OB% JdQ WqTOY.
v R:B SecureWay DirectoryVR! KOY.
v ks: FirewallG 8H npM VR! KOY.
v R: w.B 389M 0@OY.
v ks w.B 10238Y .OY.
v NMdL:B 8HL KOY.
v slC: NCTOY.
v fb: NYneTOY.
,a 9&B Y=z 0@OY.
# Service : ldap# Description :
permit 9.67.130.153 255.255.255.255 9.67.141.85255.255.255.255 tcp gt 1023 eq 389 secure bothoutbound l=y f=y t=0 e=none a=none
26 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
permit 9.67.141.85 255.255.255.255 9.67.130.153255.255.255.255 tcp/ack eq 389 gt 1023 secure localinbound l=y f=y t=0 e=none a=none
SecureWay Boundary Server3$ 6}g& G`UOY. FirewallL Policy
DirectorM T2 [wR v V5O IG; 1CUOY. u Z<Q ;k: 29 dL
vG :Policy Director kU; 'Q SecureWay Boundary Server8:;; |6
OJC@.
SurfinGate C/WN; gkOb 'Q SecureWay Firewall 8:
(Windows NT |k)
SecureWay FirewallL SurfinGate -vM kER v V5O ,aL Lgn}O
Y. SurfinGate-vB FirewallG 8HJ! Vn_ UOY.
,a 3$ f}! kQ Z<Q ;k: IBM SecureWay Firewall User’s Guide
for Windows NT& |6OJC@. ,a 3$ $8B Y=z 0@OY.
d;! kX Y=: FtYne T"; 3$OB% JdQ WqTOY.
v R:B FirewallG 8H npM VR! KOY.
v ks: SurfinGate-vG VR! KOY.
v R: w.B 10238Y .OY.
v ks w.B 3141z 0@OY.
v NMdL:B 8HL KOY.
v slC: NCTOY.
v fb: FtYneTOY.
d;! kX Y=: NYne T"; 3$OB% JdQ WqTOY.
v R:B SurfinGate-vG VRTOY.
v ks: FirewallG 8H npM VR! KOY.
v R: w.B 3141z 0@OY.
v ks w.B 10238Y .OY.
v NMdL:B 8HL KOY.
&5e SecureWay Boundary Server3! W 8: 27
v slC: NCTOY.
v fb: NYneTOY.
L1 ,a 9&B Y=z 0@OY.
# Service : SurfinGate Plugin Communication# Description :
permit 9.67.143.113 255.255.255.255 9.67.143.115 255.255.255.255 tcp gt 1023 eq 3141secure local outbound l=y f=ypermit 9.67.143.115 255.255.255.255 9.67.143.113 255.255.255.255 tcp eq 3141 gt 1023secure local inbound l=y f=y
V: ,a: 0: 81! Vn_ UOY.
GQ, :5GB %LM& ckO5O SurfinGate -v& 8:X_ UOY.
SurfinConsole(SurfinGateG |. NMdL:)!- O] G X! VB C/WN p
e IG; .NX_ UOY. GQ, FirewallG HTTP AOCG VRM w. x#
& AOC GG Y= AOC Je! TBX_ UOY.
MAILsweeper & gkOb 'Q SecureWay Firewall 8:
SecureWay Fireewall!- $GH ^O 3/bB G& 8H ^O -v kE
MAILsweeper C:[; !.Q_ UOY. MAILsweeper Z<B ^O; 8H ^
O -vN |^UOY.
SecureWay Policy Director 8:
SecureWay Directory! 3!Gn VBv .NUOY. SecureWay Directory! 3
!H C:[G VR, ;k _N w., SecureWay Directory-v!-G |.Z ID
W |.Z O#& Km Vn_ UOY.
SecureWay Directory LDAP,sLp.& SecureWay Policy DirectorM 0:
C:[! 3!OJC@. (SecureWay DirectoryG C:[z 0: M; gkOm
SecureWay Policy Director& gkOB fl ,sLp.B LL 3!Gn V;
v5 V@OY.)
SecureWay DirectoryG LDAP h9; v$O) Policy Director eProxyUsers&
vxX_ UOY. h9 _!B Policy Director!- &xOB N DO! zeKO
Y. Policy Director CDG /schema p:d.! '!Q secschema.defM
puschema.def DOL JdUOY.
28 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
SecureWay Directory-v!- LDAP h9; v$OAi Y= mI; Policy
Director C:[!- G`OJC@.
ldapmodify -h <LDAPHOST> -p <LDAPPORT> -D <LDAPADMINUSER> -w <LDAPADMINPWD> -f secschema.def
ldapmodify -h <LDAPHOST> -p <LDAPPORT> -D <LDAPADMINUSER> -w <LDAPADMINPWD> -f puschema.def
)b-:
v <LDAPHOST>B SecureWay Directory -v L'TOY
v <LDAPPORT>B -v! ;k _N w.TOY
v <LDAPADMINUSER>B |.Z IDTOY
v <LDAPADMINPWD>B |.Z O#TOY
O\ LDAP h9; v$O) AOC gkZ& vxOi Policy Director Console
! k X A O C g k Z & 3 . X _ U O Y . L 8 T O A i \Program
Files\IBM\IVConsole p:d.! '!Q console.properties DO!-
Proxyusers TaskViewY; V. X&X_ UOY.
SecureWay Directory 8:
Policy Director gkZ! zeGB g.N gkGB SecureWay Director!- "
Lg& $GX_ UOY. LDAP! "Lg& _!OAi IBM SecureWay Directory
Administrator’s Guide& |6OJC@. 9& in, O]{N "LgB Y=z 0
@OY.
o=yourcompany,c=yourcountry
O\ Policy Director gkZ& zeOb 'Q "Lg& _!Oi W W<: &n
qO(ACL); CYN 3$X_ UOY. Policy Director 8H Wl! kQ u "
Lg! pg W<: GQ; &xX_ UOY. Policy Director 8H Wl! kQ
DN: Y=z 0@OY.
cn=securitygroup,secauthority=default
Policy Director kU; 'Q SecureWay Boundary Server 8:
6}g& gkO) SecureWay Boundary-v& 8:R v V@OY. L 6}g
B FirewallL Boundary Server! VB b8 &0 W Policy DirectorM T2 [
wR v V5O 3$OB% JdQ \h& H;X ]OY. Y=! *@B PN:
&5e SecureWay Boundary Server3! W 8: 29
LDAP -v! kX z.UOY. JdQ pg $8& $n fl 6}gB Firewall
; 3$O) Policy Director! gkZ W Wl $%! gkOB Mz 0: LDAP
%LM#L:& gkO5O UOY. L 6}gB GQ Nu $8& SurfinGateC
/WN(Windows NT Firewall |k)! |^R v V5O Firewall HTTP AO
C& 8:OE* 8: X&UOY.
IBM SecureWay Boundary Server& 8:OAi SecureWay Boundary Server
6}g& 8:OJC@. AIX !- sbswizard mI; G`O) Windows NT!-
C[->ANW%->SecureWay Boundary Server& 1CUOY. LB SBS 6}
g& R/IOY.
1. IG; 1CO) FirewallL Policy DirectorM LDAP %LM#L:& x/
O5O 3$UOY.
2. 16 dLvG :SecureWay Boundary Server;! VB $8& gkO) z.
! @dUOY.
SurfinGate C/WN; gkR v V5O SecureWay Boundary Server8:(Windows NT |k)
C[->ANW%->SecureWay Boundary Server& 1CUOY. LB SBS 6}
g& R/IOY.
1. IG; 1CO) Nu $8& SurfinGate C/WN8N |^R v V5O
Firewall HTTP AOC& 8:UOY.
2. k-& OaUOY.
SurfinGate 8:
Windows NT!- N !v f}8N SurfinGate& 8:R v V@OY.
v <N AOCN
v Firewall HTTP AOCG C/WN8N
AIX !- Q !v f}8N SurfinGate& 8:R v V@OY.
v <N AOCN
30 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
<N AOCN SurfinGate 8:
,sLp. % jslzB SurfinGate& HTTP, FTP W.m HTTPSG AOCN
gkR v V5O 8:Gn_ UOY. SurfinGate! ;k _N w. x#(b;*
: 8080)& ]eC v$OJC@.
SurfinConsole(SurfinGateG |. NMdL:)!- O] G X! VB AOC p
e IG; .NX_ UOY. GQ, FirewallG HTTP AOCG VRM w. x#
& AOC GG Y= AOC Je! TBX_ UOY. GB _! AOC! LL
$GH fl L& Y= AOCN v$R v V@OY.
Firewall HTTP AOC! kX C/WN8N SurfinGate 8:
W2 2. SurfinGate8:
&5e SecureWay Boundary Server3! W 8: 31
,sLp. % jslzB Firewall HTTP AOC& HTTP, FTPW.m HTTPSG
AOCN gkR v V5O 8:Gn_ UOY. Firewall HTTP AOC! ;k _
N w. x#(b;*: 8080)& v$OJC@.
SurfinConsole(SurfinGateG |. NMdL:)!- O] G X! VB C/WN p
e IG; .NX_ UOY. GQ, FirewallG HTTP AOCG VRM w. x#
& AOC GG Y= AOC Je! TBX_ UOY.
V: L bI: Windows NTk SecureWay Firewall!-8 gkR v V@OY.
MIMEsweeper 8:
MAILsweeper 8:
W2 3. SurfinGate8:
32 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
\xQ /f!- MAILsweeperB 3! _! LgnvB z.! GX 8:Gn_
UOY. _!N 8:OAi C[->ANW%->SMTPk MAILsweeper->SMTP \
Vk MAILsweeper; G`UOY. u Z<Q ;k: MAILsweeper Getting
Started Guide& |6OJC@.
WEBsweeper 8:
8:OAi &nG8N !- WEBsweeperVC4; 1CUOY. u Z<Q ;k
: MIMEsweeper CD! VB WEBsweeper Administrator’s Guide& |6OJ
C@.
WEBsweeper HTTPS 8:
8:OAi &nG8N !- WEBsweeper HTTPSVC4; 1CUOY. u Z
<Q ;k: WEBsweeper Administrator’s Guide& |6OJC@.
W2 4. MAILsweeper8:
W2 5. WEBsweeper8:
&5e SecureWay Boundary Server3! W 8: 33
'T w\
mI ` /?.<& gkO) /$ IP VR& w\R v VB JM& [:UOY.
w\GB VRB ;k 6g az! GX ?{8N a$I v V@OY. mI: Y
=z 0@OY.
v fwadd_deny
v fwdelete_dynamic
fwadd_deny
ANW%L E3/v xL #bGi JdQ E3/vG |D! kQ AR
A.& -i %CUOY.
E3/vB Y=z 0@OY.
JM ID
Windows NT Firewall! kX Y=L {kKOY. IDB /v
8v& 8:Ob 'X JM! RgI v V@OY. IDB 1!- C
[O) @'wx8N RgKOY. W.m Y=8N gkR v V
B ID x#8Y t: ID! &xGi RgH IDB ANW%! &
xH ID x#! FQ Y=8N gk !IQ ID x#! KOY.
9& in, ID 1! n !v T"L VB% ID 3N JM T" <
.& [:OAm Oi ID 2! kE RgKOY. )/ T"! 0
: ID x#! RgI v V@OY. delete_dynamicANW%; g
kO) T"L h&Gi LB IDN |6GGN IDN T"; [:
R 'B L T"iL 0: ID& x/OB fl L& Wl8N h
&OJC@.
T"L _!Gi gkH ID x#! %CKOY.
JM ID
AIX Firewall ! kX Y=L {kKOY. IDB x#N RgI v
V@OY. 9& in, JM id! ID 12O fl LB ID=12N R
gKOY. AIX !B 0: ID x#N RgH JM! x@OY. "
JMB "" m/Q ID! V@OY.
34 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
R: IP VR
P6 R:! gkR IP VRB 255.255.255.255M 0: !P. J
x %b}8N TBGn_ UOY.
R: IP 6:)
L JeB R: IP VRM T2 gkGn_ Om !P. Jx %
b}8N TBKOY. 9& in, R: IP VR! 10.5.8.08N T
BGm R: IP 6:)! 255.255.255.0Li 10.5.8.1!-
10.5.8.255nvG pg P6L O!KOY.
ks IP VR
P6 ks! gkR IP VRB 255.255.255.255M 0: !P.
Jx %b}8N TBGn_ UOY.
ks IP 6:)
L JeB ks IP VRM T2 gkGg !P. Jx %b}8
N TBKOY. 9& in, ks IP VR! 10.5.8.08N TBG
m ks IP 6:)! 255.255.255.0Li 10.5.8.1!- 10.5.8.255
nvG pg P6L O!KOY.
npM npM :e: Y=z 0@OY.
S 8H8N v$H npM! kX
N q8H8N v$H npM! kX
B pg npM! kX(8H W q8H)
v$H /|! BB npM(i)!- C[Q P6: T"z O!U
OY.
/? |'
Firewall; kQ P6 .!v3G /? |'B Y= * _ O*
! I v VB L E3/vN v$KOY.
L NC P6! kX
R fN v$H P6! kX
B NCz fN v$H P6! kX
&5e SecureWay Boundary Server3! W 8: 35
fb NYne, FtYne GB gJ fb8N x`OB .!H; v
$UOY.
I NYne .!H! kX
O FtYne .!H! kX
B NYneM FtYne .!H! kX
bO ?{ JM 0?! kX bOOAi Y& v$Om bOOv J8
Ai N; v$UOY.
fwdelete_dynamic
L ANW%L E3/v xL #bGi vg $GH pg ?{ JM! %
CKOY.
>>>> Dynamic Rule Id = 1>>>>>>>> Jump = 0>>>>>>>> Filter Action = Deny>>>>>>>> Source Address = 9.192.8.7>>>>>>>> Source Mask = 255.255.255.0>>>>>>>> Destination Address = 9.192.240.1>>>>>>>> Destination Mask = 255.255.255.0>>>>>>>> Protocol = Any>>>>>>>> Source Port = Any 0>>>>>>>> Destination Port = Any 0>>>>>>>> Adapter = Both (Secure and NonSecure)>>>>>>>> Scope = Both (Routed and Local)>>>>>>>> Direction = Both (Inbound and Outbound)>>>>>>>> Tunnel Id = 0>>>>>>>> Logging Enabled = Unavailable>>>>>>>> Fragments Allowed = No
V: fwdelete_dynamic mI; gkO) h&Gn_ OB T"! 9s ID! V
Bv& Uz .NUOY.
ANW%L /?Q JM IDM T2 #bGi ?{ T": h&Gm h&H T"G
vB id! VB x T" __: xG |D8N %CKOY.
fm: _9 JM& _!OAm Oi JM! LL VYB M; KA]OY. JM ID
xL JM& _!OAm Oi fm @y& ^T KOY.
36 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
AIX 'T w\: s' 9' T" <.! T"L V8i cD2)z v V@OY.
'T w\L gkGi kNPG T": O' 9' T" <.! Vn_ UOY. ?
{ T": L1 N T" <. _#! _!KOY. .!H; ckOB T"L s'
9'! V8i ?{ T"8N .!H; [? _vC3 v x@OY.
8: W:.
L| "!- pg 3$; OaQ D W 3$; W:.X_ UOY. SecureWay
Boundary ServerG 8:; W:.OAi Y=; v`OJC@.
1. Policy Director& gkO) Firewall AOC gkZ& 3$UOY. gkZ!
8H Z]! kX Firewall O#& gkO5O 3$Om W gkZ! kX O
#& 3$UOY.
2. SecureWay Boundary Server6}g& G`O) Firewallz Directory(LDAP)
#! 5)& 3$UOY.
3. 8H ,sLp.!- AOC Z] <G; C[UOY.
4. gkZ 3$; Policy Director! TBUOY.
5. O#& TBUOY.
6. L& gkZB NuKOY.
&5e SecureWay Boundary Server3! W 8: 37
:
:
:
:
38 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
&6e |C .-
; e! VB .-& gkO) IBM SecureWay Boundary Serverv| 2.0z
W |C &0! kX u 9: $8& r; v V@OY.
IBM SecureWay FirstSecureY= IBM SecureWay FirstSecureh9 W kU, v| 2.0!B FirstSecure! k
Q $8! in V@OY. L %: FirstSecure& 8:Om pg IBM SecureWay
&0 gk; h9R v V5O 5MVB &0; 3mUOY.
IBM SecureWay FirewallY= .-!B Windows NTk IBM SecureWay Firewall! kQ $8! in
V8g IBM SecureWay Firewall CDG x:\books\en_US p:d.!- PDFM
HTM |D8N gkR v V@OY.
v IBM SecureWay Firewall for Windows NT Setup and Installation
v IBM SecureWay Firewall for Windows NT User’s Guide
v IBM SecureWay Firewall for Windows NT Reference
v Guarding the Gates Using the IBM eNetwork Firewall for Windows NT
3.3 (redbook)
Y= .-!B AIX k IBM SecureWay Firewall! kQ $8! in V8g IBM
SecureWay Firewall CDG books/en_US p:d.!- PDFM HTM |D8N
gkR v V@OY.
v IBM SecureWay Firewall for AIX Setup and Installation
v IBM SecureWay Firewall for AIX User’s Guide
v IBM SecureWay Firewall for AIX Reference
v A Comprehensive Guide to Virtual Private Networks, Volume 1: IBM
Firewall, Servers and Client Solutions(redbook)
© Copyright IBM Corp. 1999 39
MIMEsweeper
MAILsweeper
Y= .-!B MAILsweeper! kQ $8! in V8g MIMEsweeper CDG
\install!- PDFM HTM |D8N gkR v V@OY.
v Getting Started GuideB \install\MSW4_0_2\Doc\qsg.pdf! V@OY
v ReadmeB \install\MSW4_0_2\README.htm! V@OY
WEBsweeper
Y= .-!B WEBsweeper! kQ $8! in V8g MIMEsweeper CDG
\install!- PDFM HTM |D8N gkR v V@OY.
v WEBsweeper Administrator’s GuideB \install\WSW3_2_5\Doc\manual.pdf
! V@OY
v 1.: $8B \install\WSW3_2_5\Doc\RELNOTES.htm! V@OY
WEBsweeper HTTPS AOC
Y= .-!B WEBsweeper HTTPAOC! kQ $8! in V8g
MIMEsweeper CDG \install!- TXT |D8N gkR v V@OY.
v ReadmeB \install\WSWHTTPS1_0_2\readme.txt! V@OY
SurfinGateY= .-!B SurfinGate! kQ $8! in V8g SurfinGate CDG \docs
!- PDF |D8N gkR v V@OY.
v SurfinGate Installation GuideB \Docs\install.pdf! V@OY
v SurfinGate User’s Manual: \Docs\manual.pdf! V@OY
v 1.: $8B \Docs\SFG 405 RelNotes.pdf! V@OY
v SurfinGateC/WN! kQ $8B \docs p:d.! V@OY.
40 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
NOA. .& Xa
; e!-B SecureWay Boundary Server! |CH .&& __Om XaOB
% 5r; ]OY.
IBM SecureWay Firewall G xk .& Xa
fN v$ .&
IBM Firewall: fN v$ .&& pvWOB% 5rL I v VB IP fN v
$ W:.sm Gn VB Security Policy k- sZ! bI; &xUOY. L 1
Cu; gkR v VT Om ,a 8:; 0:-Og ,a T" bO; gkUO
Y. W1 D Firewall NW& 6gO) Firewall; kzOB pg P6! kQ
s<Q $8& >OY.
IP VR& gkQ D #:. L'; gkO) Uz L1 W:.& v`OJC@.
Firewall !- #:.& Ping R v x@OY
.& 3m
W.v) NMdL:! &kN 8:Gn Vv J@OY.
Ge 6!
n5 <& .-& |6OJC@.
.& 3m
q8H W.v)! kQ ,aL &kN 8:Gv JR@OY.
Ge 6!
NM] -q: &xZ!T vx; d;OJC@.
.& 3m
8H W.v)! slM Z! ].Gn V8i Firewall!B W slM!
kQ ${ fN! Vn_ UOY. netstat -rn; gkO) ${ fN v
$; .NOJC@.
netstat -rn
© Copyright IBM Corp. 1999 41
bB: ANd] PP. 2! kX Y=z 0F_ UOY.
nrr.nrr.nrr.nrr
NM]! kQ slM& *8;m LB b; fNTOY. b; f
NB ${ fN(C!W=UG)TOY.
nnn.nnn.nnn
q8H 5^N; *8@OY. LB NMdL: fN(C!W=U)T
OY.
nnn.nnn.nnn.nnn
q8H NMdL:& *8@OY.
sss.sss.sss
8H 5^N; *8@OY. LB NMdL: fN(C!W=U)TO
Y.
sss.sss.sss.sss
8H NMdL:& *8@OY.
ss1.ss1.ss1
W.v)G 8HJG -j 5^N; *8;m srr.srr.srr.srr: W
-j 5^N! kQ slM& *8@OY. LB ${ fN(C!W
=UG)TOY.
127.0.0.1
gAiLE* NC #:.TOY. LB NMdL: fN(C!W=U)
TOY.
" NMdL:! kX NMdL: fN! Vn_ Om b; fNB Firewall
G q8HJ! VB slM& !.Q_ UOY.
Destination Gateway Flags ....default nrr.nrr.nrr.nrr UGnnn.nnn.nnn nnn.nnn.nnn.nnn Usss.sss.sss sss.sss.sss.sss Uss1.ss1.ss1 srr.srr.srr.srr UG127 127.0.0.1 U
W2 6. netstat -rnG 9& bB.
42 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
Ge 6!
${ fN& slM! _!OJC@. slM |.Z!T .GOJC@.
route add mI; gkUOY.
.& 3m
8H NMdL:! VB -jW. 6:)* "SOAB #:.! 21 v
V@OY.
Ge 6!
,sLp. 8: /?.<& gkO) 6:) 3$; $$OJC@.
8H #:.!- q8H #:.& Ping R v x@OY(GB W ]k)
.& 3m
Firewall! N"X VB " slM!B Firewall Z! VB ks W.v
)G TL.~LN Firewall; v$OB ${ fN! Vn_ UOY.
Ge 6!
slMG |.Z!T .GOJC@.
.& 3m
8H W.v)!- RFC 1597! v$H 3N VR& wTO), LnOL
m q8H W.v)!- fN v$R v VB VR& gkOB fl P6
: |[Z!T YC fN v$Gv J@OY.
Ge 6!
Windows NT |k: ,sLp.& nOH VRM T2 gkOJC@.
FirewallG NAT bI: TCP W UDP .!H! gkI v Vv8 NATB
ICMP P6!- VR& ping33 //Ov J@OY.
Ge 6!
AIX |k: ,sLp.& nOH VRM T2 gkOJC@.
DNS GP
V: DNSB Windows NT |kL FUOY.
NOA. .& Xa 43
.& 3m
Microsoft DNS -q:& Microsoft DNS -q: |.ZN 8:_8G
N DNS @y ^Cv& vE_@OY.
Ge 6!
3! v'; YC |6Om
1. |< p:d.N \winnt\system32\DNS& h&O) Microsoft DNS
& &EUOY.
2. Microsoft DNS& YC 3!UOY.
3. YC N.UOY.
4. DNS hotfix& YC 3!UOY.
5. YC N.UOY.
xk .&–MIMEsweeper Xa
WEBsweeper W MAILsweeper B 0: C:[!- [?Ov JB M 0@
OY
.& 3m
MAILsweeperM WEBsweeper& 0: C:[!- G`OAm R ' .
&! _}UOY.
Ge 6!
MAILsweeperM WEBsweeper& -N Y% C:[! 3!OJC@.
WEBsweeper G zOH :I
.& 3m
WEBsweeper& gkO) % ;k; YnNeR ' 87:4v xOT v
,KOY.
Ge 6!
1. WEBsweeper&nG VC4; gkO) bOOv xOT UOY.
44 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
2. WEBsweeper& gkR v VB Oe~n _ !e |% M! 3!U
OY.
WEBsweeper sL>: .&
.& 3m
WEBsweeper 3.2_5& WEBsweeperG L| v|L 3!H C:[! 3
!Q fl sL>: 0 f9L _}R v V@OY. WEBsweeper! C
[I ' ;N Windows @y ^Cv: 2140L _}Oi L%. %Cb!
- @k ANW% NW& .NUOY. WEBsweeperG ^CvB Y=z 0
@OY. ″PAKMSG @y: gkZ L': L|! $GH sL>: =Gz
f9UOY.″
Ge 6!
Windows 9v:..!- L| sL>: 0& &EOJC@. Regedit& #
F 8 m \ \HKEY_LOCAL_MACHINE\SOFTWARE\Content
Technologies\MIMEsweeper\LicensefN!- #F8JC@. )b- 0
& O* Ls #8i, ″IBM MIMEsweeper System″8N 9LmL Yv
J: M; h&OJC@. YC N.UOY.
WEBsweeper B Tp! + DO; YnNeR ' .&! _}UOY
.& 3m
WEBsweeperB JM5OB _! DO; zeOb 'Q !s ^p.! N
7R v V@OY.
Ge 6!
WEBsweeper-v!- G& ^p..; C.JC@.
NOA. .& Xa 45
xk .&—SurfinGate Xa
SurfinConsole : Microsoft Internet Explorer ! -A VB ?H!B @
dOv J@OY
.& 3m
SurfinConsole@k ANW%: Internet Explorer! -A VB ?H L
sQ ?[; 8LE* @dOv J@OY. L1 N @k ANW%: f9
OGN ?C! G`R v x@OY.
Ge 6!
Internet ExplorerM SurfinConsole; ?C! NeOv 6JC@.
SurfinGate C/WNG zOH :I
.& 3m
%; kQ pt Ze YnNeB SurfinGateC/WN; gkR ' El
@3OY.
Ge 6!
Y= AOC JeB SurfinConsoleG AOC =G!- SecureWay Firewall
HTTP AOCN 3$Gn_ UOY.
46 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
NOB. VGgW
L %!- IBM &0, ANW% GB -q:& |6_Ym X- IBML 5w _
N pg *s!- L& gkR v VYB M; GLOvB J@OY. L %!-
IBM gkG ANW% GB IBM &0; p^_YmX- ]eC IBM ANW%
L* &08L gkGn_ T; GLOvB J@OY. IBMG v{ gjG; 'X
Ov JB Q bI{8N ?nQ &0,ANW% GB -q:& IBM &0, ANW
% GB -q: kE gkR v V@OY. IBML /0w mCOv JB Y% &
0z |CH 6[G r! W Ku: gkZG %STOY.
IBM: L %! *@B /$ Wq! kQ /c& 8/Om VE* vg bx _
O v V@OY. L %; &xQYm X- W /c! kQ gkGnv N)OB
M: FUOY. /c gkG! kX-B Y= VRN -i .GOJC@.
150-010
-o/0C 5nw8 )G5? 25-11, QxXnty
Q9 FL.q.% VD8g
v{ gjGN
(i)05N [:H ANW%z b8 ANW%(L ANW%; wTQ) #G $8 3
/ W (ii)3/H $8G s# Lk; q{8N L! kQ $8& xOB gkGZ
B Y= VRN .GOJC@.
150-010
-o/0C 5nw8 )G5? 25-11, QxXnty
Q9 FL.q.% VD8g
RA.~n gw;N
IBM m4 h`(ICA) O! ANW%G gkGL N)Gv J@OY. LB IBM
9& ANW% gkG h`(IPLA) O! gkGL N)KOY.
L %: }jkL FOg sw: GB /$ q{! kQ 8g:! kQ 8u; w
TO) n0Q >yG 8u5 &xOv Jm vskN L %; &xUOY.
© Copyright IBM Corp. 1999 47
L &0!B CERN!- [:Om gkR v VT 8inx D;M RA.~n!
in V@OY. L BN: CERN D;M RA.~n! wTH pg &0!- Z
<w p^Gn_ UOY.
nOs%
Y= knB L9L* b8 9!!- gkGB IBM gG nOs%TOY.
AIX
IBM
MicrosoftM Windows NTB MicrosoftG s% GB nOs%TOY.
**SurfinGateB Finjan SoftwareG s%TOY.
**MIMEsweeper, **MAILsweeper W.m **WEBsweeperB Content
TechnologiesG s%TOY.
0%! N 3(**) %CH b8 8g, &0 W -q:m: Y% 8gG nOs%*
-q: s%TOY.
48 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
kn
!
TL.~L(gateway). -N Y% 86G N D;M W.v)& s# ,aOB bI{ e!.
b;*(default). mC{8N v$H ML xB fl #VGB *, S: GB IG.
s
gAi NMdL:(loopback interface). $8G VR! ?OQ C:[G #<<N v$H fl RJdQ kE bI;
}+OB NMdL:TOY.
6
6}g(wizard). gkZ! /$ [w; x`X *% v V5O \h0 v'; gkOB @k ANW%G k-TOY.
g
-v VR(server address). W.v)& kX DO -v, Nb -v GB ^O -vM 0: b8 D;M! x/ -q:
& &xOB " D;M! RgH m/Q Ze. %X IP VRB 32 q. VR JeTOY. -v VRB !P. Jx IP
VRLE* #:. L'O v V@OY.
-v(server). W.v)& kX Y% D;M! x/ -q:& &xOB D;M. 9& in, DO -v, Nb -v GB
^O -v nL V@OY.
-q:(service). 9& in, HTTP, FTP GB Z]z 0: O* LsG ke!- &xOB bITOY.
)(shell). gkZ v):WLG!- mI `; ^FiLm 3.OB RA.~n. Korn ): gk !IQ )/ UNIX
) _ O*TOY.
C#Jz(timeout). 6[L G`I v V5O RgH C# #]TOY.
F
%(Web). kNP: HTTP -vG b8 .-! kQ 5)! in VB OL[X:. .-N ANW%z DOL VB
HTTP -vG W.v)TOY. ye MLe %(World Wide Web)Lsm5 UOY.
© Copyright IBM Corp. 1999 49
NM](Internet). NM] ANd] Wl; gkOm xk W<:& ckOB | <h{8N -N ,aH W.v)G
C:G.
N.s](intranet). NM] %Xz @k ANW%(9& in, % jslz); 6wG b8 D;M W.v7 ON86M
kUOB g3 8H W.v).
+
,sLp.(client). O]{8N -vsm OB G Y% D;M C:[L* AN<:G -q:& d;OB D;M C:
[ GB AN<:. )/ ,sLp.B xk -v! kQ W<:& x/R v V@OY.
8
Z](Telnet). MLN !D9LG ANd]N- x] ,a -q:! kQ TCP/IP @k ANW% ANd]TOY. Z]
; kX Q gL.! VB gkZB 6! gkZG v):WLGL x] #:.! w" ,aH M33 W #:.& W<
:R v V@OY.
D
w.(port). _s{N kE e!& D0OB x#. % -vB b;{8N w. 80; gkUOY.
ANd](protocol). kEL LgnvB fl kE C:[G bI{ \'G 6[; |.OB T" <.. ANd]: Y
L.G q.! |[GB x-M 0: C:[ # NMdL:G O^ <NgW; a$R v V@OY. LB GQ DO |
[z 0: @k ANW% # s^ 3/; a$R v V@OY.
D
DMZ. Demilitarized Zone.\N gkZ! 8g %LM! in VB -v& w" W<:Ov xOT OB e!.
F
Firewall. O*G W.v)M Y% W.v) #! ,a; 8#Om &nOB bI{ e!. Firewall: xOv JE*
GQL N)Gv J: kE .!HL 8#H W.v)! in@v xO5O 7m 1CH kE .!H8 8#H W.v)
!- *C v V5O UOY.
FTP(File Transfer Protocol). DO; W.v) D;MM Vm ^; ' gkOB @k ANW% ANd]. FTPB
gkZ ID! JdOm ''N x] #:. C:[! VB DO! kQ W<:& ckOb 'X O#! JdUOY.
50 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
I
ICMP. (Internet Control Message Protocol).NM] ANd](IP) h~!- @yM &n ^Cv& 3.R ' gkO
B ANd]. .& 8mM _xH %LMW% ks: x! %LMW% R:N .OKOY.
IP. (Internet Protocol).W.v)* s# ,aH W.v)!- %LM& ,a xL fN v$OB ANd]. IPB u
t: ANd] h~z G& h~ #! _# *R; UOY.
IP VR(IP address). NM] ANd] VR. W.v)!- " e!* v):WLGG G& '!& v$OB m/Q
32 q. VR. LB GQ NM] VRsm5 UOY.
IPSEC. (Internet Protocol Security).W.v)* W.v) kEG P6 3. h~!- 3_ _N 8H %XTOY.
N
NAT. (Network Address Translation). Firewall!- 8H IP VR& nOH \N VRN //OB M. L& kX \
N W.v)M kER v Vv8 Firewall ;N!- gkGB IP VR& 6:)UOY.
P
PICS. (Platform for Internet Content Selection). PICS& gkR v VB ,sLp.B gkZ! gkR n^ -q
:& a$Om " n^ -q:!- ckR v VB n^z ckR v xB n^; a$R v VT UOY.
Ping. @d; ^; M8N bkOi- ICMP !Z d; P6; #:., TL.~n GB slMN |[OB mI.
S
SMTP. (Simple Mail Transfer Protocol).NM] ANd] Wl!- NM] /f! VB gkZ #! ^O; |[R
' gkOB @k ANW% ANd]TOY. SMTPB ^O 3/ x-M ^Cv |D; v$UOY. LB TCP(Transmission
Control Protocol)& bJ ANd]N #VUOY.
T
TCP. (Transmission Control Protocol).NM]!- gkGB kE ANd]TOY. TCPB EZR v VB #:.
# $8 3/; &xUOY. LB IP& bJ ANd]N gkUOY.
TCP/IP. (Transmission Control Protocol/Internet Protocol)." W.v)!- gkOB kE bz! |hxL W.
v) #! kER v VT 3hH ANd] WlTOY.
kn 51
U
UDP. (User Datagram Protocol).NM] ANd] Wl!- EZR v xB \}H %LMW% -q:& &xOB
ANd]TOY. L& kX Q C:[! VB ANW%L* AN<:B %LMW%; Y% C:[! VB @k ANW%
L* AN<:N |[UOY. UDPB IP& gkO) %LMW%; |^UOY.
V
VPN. (Virtual Private Network).N 3 LsG W.v)& ,aOB O* LsG 8H IP MNN 8:H W.v)T
OY.
W
WTE. (Web Traffic Express).El ?2{N 3C T9; kX O] gkZG @d C#; !S-OB% 5r; Y
v VB 3C AOC -vTOY. /,Q PICS JM5: W.v) |.Z! O*G _S '!!- % b] $8! kQ
W<:& &nR v V5O 5M ]OY.
52 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
kn 53
54 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv
IBM
N0 x#: CT6RZKO
Printed in Singapore
GA30-1012-00
CT6RZKO
Spine information:
IBM
Windows NT ® W AIXkIBM SecureWay ®
Boundary Server C[!- v`nv v| 2.0