NT and AIX IBMpublib.boulder.ibm.com/tividd/td/SW_FS/sbsup/zh_TW/PDF/ct6rztc.pdf · IBM SecureWay®...
Transcript of NT and AIX IBMpublib.boulder.ibm.com/tividd/td/SW_FS/sbsup/zh_TW/PDF/ct6rztc.pdf · IBM SecureWay®...
IBM SecureWay ® Boundary Server for WindowsNT® and AIX
ÒÊP⌡µ©» 2.0
IBM
IBM SecureWay ® Boundary Server for WindowsNT® and AIX
ÒÊP⌡µ©» 2.0
IBM
Æù
ÏλΩTÎΣΣ©ºú~ºeAв\¬Ä41¶ºyþ²B. `NƵzUº@δΩTC
»×q©AÎ≤ IBM SecureWay Boundary Serverú~©» 2 ©¸ 0 ×qh¸ 0APÒ³ß≥©¸A½ìs×q
©ñt³ⁿÜ°εC
ÄG© ]1999 ~ 10 δ^
© Copyright International Business Machines Corporation 1999. All rights reserved.
ز
÷≤»Ñ . . . . . . . . . . . . . v»ÑºAÎ∩H . . . . . . . . . . . v2000~º]³. . . . . . . . . . . . vAÈPΣ© . . . . . . . . . . . . . v»Ñº²c . . . . . . . . . . . . . vDÒ . . . . . . . . . . . . . . . viWeb ΩT . . . . . . . . . . . . . vi³≤s\αH . . . . . . . . . . . . viP SecureWay Policy DirectorπX . . . . vi¼eÄv . . . . . . . . . . . . viiIJÊΩ . . . . . . . . . . . . viiIBM SecureWay Firewall 4.1© . . . . viiMIMEsweeper 2.0 for SecureWay. . . . ixSurfinGate 4.05 . . . . . . . . . . x
Ä1¹ SecureWay Boundary Server º[ . 1嬧 SecureWay Boundary ServerdÒ . . . 1
Ä2¹ IBM SecureWay Boundary Server ²
¶. . . . . . . . . . . . . . . . 5°≥O SecureWay Boundary ServerH . . . . 5°≤ÚÝn SecureWay Boundary ServerH . . 5SecureWay Boundary Serverp≤πXìFirstSecureH . . . . . . . . . . . . 6SecureWay Boundary Server³þǸ≤H . . 6
IBM SecureWay Boundary Serverº[ . . . 6IBM SecureWay Policy Directorº[ . . . 7IBM SecureWay Firewallº[ . . . . . 7MIMEsweeperº[ . . . . . . . . . 7SurfinGateº[ . . . . . . . . . . 8
Ä3¹ bwË SecureWay Boundary Serverºe . . . . . . . . . . . . . . 11p≤ÇÆH . . . . . . . . . . . . 11P SecureWay Policy DirectorπX . . . 11SecureWay Firewall. . . . . . . . . 11SecureWay Boundary Server. . . . . . 13SurfinGate. . . . . . . . . . . . 13MIMEsweeper. . . . . . . . . . . 14
Ä4¹ IBM SecureWay Boundary Server]SBS^ ≥»nD . . . . . . . . . 15
SecureWay Boundary ServerwΘ≥»°≤ . . 15SecureWay Boundary ServernΘ≥»nD . . 16
Ä5¹ wËÎ[c SecureWay BoundaryServer . . . . . . . . . . . . . . 19wË SecureWay Boundary Server≤ . . . 19wË SecureWay Firewall. . . . . . . 19wË SecureWay Directory . . . . . . 19wË SecureWay Policy Director. . . . . 19wË SecureWay Boundary Server. . . . 19wË SurfinGate. . . . . . . . . . 20wË MIMEsweeper. . . . . . . . . 20
[c SecureWay Boundary Server≤ . . . 21[c SecureWay Firewall. . . . . . . 21[c SecureWay Firewalliµ PolicyDirector πX . . . . . . . . . . . 22[c SecureWay FirewallÏÎ SurfinGatePlugin]È¡ Windows NT . . . . . 23[c SecureWay FirewallÏÎMAILsweeper. . . . . . . . . . . 24[c SecureWay Policy Director. . . . . 24[c SecureWay Directory . . . . . . 25[c SecureWay Boundary ServeriµPolicy DirectorπX . . . . . . . . 25[c SecureWay Boundary ServerÒÎSurfinGate Plugin]È¡ Windows NT . 26[c SurfinGate. . . . . . . . . . 26[c MIMEsweeper. . . . . . . . . 28
IJÊΩ . . . . . . . . . . . . . 29úÕzºtm. . . . . . . . . . . . 32
Ä6¹ Û÷ºσ≤ . . . . . . . . . . 33IBM SecureWay FirstSecure. . . . . . . 33IBM SecureWay Firewall. . . . . . . . 33MIMEsweeper. . . . . . . . . . . . 33
MAILsweeper. . . . . . . . . . . 33WEBsweeper. . . . . . . . . . . 34WEBsweeper HTTPS Proxy. . . . . . 34
SurfinGate. . . . . . . . . . . . . 34
þ²A. ðÆÑ . . . . . . . . . . 35
© Copyright IBM Corp. 1999 iii
ÑM IBM SecureWay Firewallº@δÝD . . 35¼eÝD . . . . . . . . . . . . 35DNS óÄ . . . . . . . . . . . . 37
ÑM@δÝD-MIMEsweeper. . . . . . . 37WEBsweeperÎ MAILsweepern³LkbÛPº≈¹WÏÎ . . . . . . . . . 37WEBsweepert×ÜC. . . . . . . . 38WEBsweeperÂvÝD. . . . . . . . 38WEBsweeperUⁿj¼É×ÉoÍÝD . . 38
ÑM@δÝD--SurfinGate. . . . . . . . 38
SurfinConsolebÒ Microsoft InternetExplorerß±ε^³ . . . . . . . . 38SurfinGate Plugint×wC . . . . . . 39
þ²B. `NƵ . . . . . . . . . . 41ÓÐ. . . . . . . . . . . . . . . 42
WⁿÑÀ . . . . . . . . . . . . . 43
¬ÌNúϕ . . . . . . . . . . . . 47
iv IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
ֲȄ
»Ñíúp≤Wº IBM SecureWay®Boundary Server for Windows NT® and AIX
ºwËBtmBÏÎPðÆÑC
ѽnº@≤ÆOAblwËÎ[c SecureWay Boundary ServerºeAzÝn
πƳ÷¾⌡≡BΩÀMÎ⌠⌠BºewþÎ⌠⌠ÞzΦ±ºRÀ¾ÑC]°N
n]wÎ[cÎÓ±ε⌠⌠iXsúº¾⌡≡Az²·²AÑ⌠⌠p≤B@Cz
×ΣÝnAѳ÷ IP ìB¹πºWÙÎl⌠⌠Bnº≥»¾ÑC
»ÑºAÎ∩H
»Ñ«bw∩tdwËBÞzÎÏÎ IBM SecureWay Boundary Severº⌠⌠Ît
ÎwþÞzÌúÑÑÒC
2000 ~º]³oÇú~Òwµn 2000~º]³CϕzÚÚoÇú~ºÛ÷σ≤ÓÏΪÌAu
noÇú~ºÛ÷ú~]ÒpAwΘBnΘP´Θ^PªÌºíαAϕµ½δT
ºΘÁΩÆAhb 20 @÷P 21 @÷íAoÇú~τα¿TBzBúÑPµ¼Θ
ÁΩÆC
AÈPΣ©
pnúo IBM SecureWay FirstSecureú~ñÒ³ú~ºAÈPΣ©AÐp¸
IBMC oÇú~ñ³Çiα|ÑÓD IBM Σ©C pGzOq FirstSecureΓ~
ñúooÇú~AÛ÷AÈPΣ©Ðp¸ IBMC
»Ñº²c
»Ñ]tHUU¹G
v Ä1¶ºyÄ1¹ SecureWay Boundary Serverº[zúÑ SecureWay Boundary
ServerÎΣ¸≤ºº[C
v Ä5¶ºyÄ2¹ IBM SecureWay Boundary Server²¶zúѳ÷°≤ÝnÏ
Î SecureWay Boundary ServerºΩTC
v Ä19¶ºyÄ5¹ wËÎ[c SecureWay Boundary Serverzíúb Windows NT
Î AIX @~tÎWwËÎtm SecureWay Boundary ServerC
© Copyright IBM Corp. 1999 v
v Ä11¶ºyÄ3¹ bwË SecureWay Boundary Serverºezúѳ÷p≤Wº
SecureWay Boundary ServerºΩTC
v Ä15¶ºyÄ4¹ IBM SecureWay Boundary Server]SBS ≥»nDzúÑ
³÷ SecureWay Boundary ServerºÌ≥»nDΩTC
v Ä33¶ºyÄ6¹ Û÷ºσ≤zíúìþÌúo SecureWay Boundary Serverº
Σªσ≤ÎÛ÷ú~ºσ≤C
DÒ
»ÑÏÎUCDÒG
DÒ Nq
ÊΘ ÏÎ̶±¸ÀApÄ∩ØB÷sÎⁿO
ÑerΘ P SecureWay Boundary ServerÛ÷ºyk
Îزw]È
-> πÜ\αϕñ@tCº∩µCÒpG∩úÉ
×-> ⌡µϕÜ÷@UÉ×AMß÷@U⌡µ
Web ΩT³÷ SecureWay Boundary ServerºÌs≤sΩTibHU⌠úoG
http://www.ibm.com/software/security/boundary/library
³÷Σª IBM SecureWay FirstSecureú~º≤sΩTAÐyXUC⌠G
http: //www.ibm.com/software/security/firstsecure/library
³≤s\αH
SecureWay Boundary Server©» 2.0 ]t@ÇsºSÊC̳NqºsSÊCX
pUC
P SecureWay Policy Director πX
pG Firewall ÒÎ SecureWay Boundary ServerAh SecureWay Policy Directori
Þz Firewall ProxyÏÎÌCUC Firewall AÈÓwq Firewall ProxyÏÎÌG
v Telnet
v FTP
v HTTP
vi IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
v Socks
ÏÎÌÎΣÛ÷ºFªúxsbu´ËÆزsúqT≤wv]LDAP^ΩÆw
ñC
SecureWay DirectoryúÑ LDAP ΦkAib@Ó°ñìmû@زΩTAHK⌡
µxsB≤sB^úε½@~C SecureWay Policy Director|Þzb LDAP Ω
Æwñº Firewall proxyÏÎÌC
¼eÄv
¼eÄvÏÎ Finjan SurfinGate pluginAHYεºeLoºq⌠⌠⌠yqC
IJÊΩ
ⁿOµíAÎÓb Firewall WØßÊA DENY WhCJIÊΩiHπXÜÛÊ
ƺ script ñC
IBM SecureWay Firewall 4.1 ©
IBM SecureWay Firewall for Windows NT©úÑG
·ÝsúAÈ
Windows NT Remote Access Service]RAS ÏÎI∩IqH≤w]PPP
zL·¹íBISDN Î X.25 CΘúÑ⌠⌠sµC NDISWAN O⌠⌠XÊ
íAúÑ@° RAS º@í≈AiN≥ª PPPΩÆα½°þⁿAÓÏì
⌠⌠ΩÆC
IBM SecureWay Firewall Enhancements for AIX 4.1 ©
IBM SecureWay Firewall for AIXúÑG
jƺ IPSec Σ©
IBM SecureWay Firewall 4.1©]Awjƺ IPSecΣ©A[\T½ DES
[KAÎΣ©sÐYCª]Σ©MhØ IBM °A¹Î⌠ѹAÎ\hΣ©
sÐYºD IBM VPN ú~ºíºµ¼@~αOC
∩Ùh½Bz¹ ]SMP^
¾⌡≡ºÏÎÌiHBÎ RS/6000ºh½Bz¹SÊAWiÕπαOPÄ
αC
WjLoí
wg[jLoíAHKzLtmúÑ≤nºÄαCziH∩ÜnqþÌ
MΣúPºLoWhþ¼AǹÕπ Firewall ºÄαC¹~A]|O²Ï
Îsµº¸ÆC
ֲȄ vii
wËδF
δF|²Uiµ IBM SecureWay Firewallº_ltmC¹wËδF²s
ÏÎÌbwËn IBM Firewall ºßAYiÖt]w@M≥»º Firewall t
mÃl⌡µC
⌠⌠wþ]Öí
u⌠⌠wþ]Öív]NSA^ |Ëdzº⌠⌠°A¹Î FirewallAεÝ
³Lwþ|Îtmù~C¹\αwjÆAÜo≤ÖtÃB≤jjC
wσΩÚyÑΣ©
ΩÚyÑΣ©bW[FwσA쳺yÑ]AGÚΦ²σúσB²σú
σB^σBkσBqjQσBΘσBúσB²ΘñσBΦZúσÎcΘñ
σC
⌠α½
⌠α½ ]NAT^ wjÆ°Σ©h∩@ìMgCoÇMgOqhÓº
í¼n²ÎMÎìA∩MÜwn²ºXkìAªÏÎ≡¹Øßß@º
MgC
AIX Î Windows NT ©Σ©º@P\α
Security Dynamics ACE/Server
Security Dynamics ACE/ServerúÑΓزO]ÀC¹SÊwgLjÆAÃ
BiO@zº⌠⌠PΩÆΩ½K≤Dⁿiα|y¿aºN~ÎcNJ
IC
Wj Secure Mail Proxy
IBM Firewall Secure Mail ProxywgLjÆAØe]AUCs\αG
v ¾ε SPAM tΓkA]AÊΩÓÛw¾²½ SPAM ̺Tº]ú~M
µ^Bw∩Tº³ÄÊPia׺τÒËd]ÊΩúⁿw∩Tººw
¾Φk^BitmChl≤Tººµ¼HÆ¡εBitmChTºº
jp¡ε
v ÏBFΣ©A]APjjº²O≈επX
v SNMP ]´Σ©ÎΣ© MADMAN MIB
v TºlÜA]AKÁlܾ⌡≡Î Domino ºíºTº
Wj Socks Protocol Version 5
Socks Protocol Vers ion 5wgÉÅ°]AÏÎÌ ID-KX²O
]UNPW^BËÖ^³²O ]CRAM^ βO plug-inC
viii IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
ΘxOⁿwjÆAúÑÏÎÌi@B±εAÏÎÌiHNΘxTºÀþÎ
ⁿwΘxOⁿh¸C
HTTP Proxy
IBM SecureWay FirewallH IBM Web Traffic Express]WTE^ú~°
≥ªAúÑ@M\α¹πº HTTP proxy IµΦkC HTTP proxy zL
IBM Firewall ³ÄvaBzs²¹nDAÓú²b Web s²@~ñÏÎ
socks°A¹CÏÎÌiHsú⌠Ú⌠⌠Wº³ÎΩTAÓúÝnbΣºí
⌠⌠ºwþW´≤Cs²¹²·[c°ÏÎ HTTP proxyC
MIMEsweeper 2.0 for SecureWayMIMEsweeperπ³TÓDn¸≤GMAILsweeper 4.1_2 BWEBsweeper 3.2_5 ÎWEBsweeper 1.0_2CΣñºYÇWjµØ]AG
MAILsweeperMAILsweeper 4.1_2 for SMTPO∩ Content TechnologiesXÑ MIMEsweeperú
~º@jÉÅÞNCªúÑUCsSÊG
v e÷ÏκÑhíFª[cAαuÊaNAϕÕ´hźFª[cMÎìÓO
ºÏÎÌC
v Ƴ~ÉÐǺÏÎíÏÎ̶± ]GUI^A²ÆnΘtmBFªØßÎÞzÑ
ÇC
v sºuÀμevSÊO©» 4 ºÑhíFªIµ\αº@A∩≤π³hìµ
¼ÌºTºAiw∩C@ÓµⁿÌÞÎúPFªC≥Âvºµ¼Ìiµ¼ìT
ºA¼≥Âvºµ¼ÌhQÚ´C
v h⌡µⁿTºBzÇ∩iúqÃWij´ÊAΣΦkOApG³@ÎhÓ⌡
µⁿoÍù~ÉAhÏÎÑlº⌡µⁿA²TºBzÇ~≥iµC
v MΣªÑ³Óº¾rú~s²AMAILsweeperúÑw∩TºPþ≤iµfr»ú
ÎMúC
v ÏÎ NEARBANDBNOT Î OR ϕÜíº²iσrÀRΦkAbÚÚTºy
kÎb[cWØß³Äsxºí`WAúÑFÑjuÊC
v wjƺfÖuπAiHÇeΩÆÜ⌠≤ ODBC ÛeΩÆw
v Σ©uYÉÂWµv]RBL^ °A¹ACXw¾|ÇeUúqll≤º⌠¸C
MAILsweeperiHÚ´P¹MµWº⌠≤Dqúºsu
v zLlÞHºqll≤yq°i/ÏÎ/ÏϕÎíAϺewþÊ≤e÷Þz
v P LDAP زπX
v u¼eAÈq¾v]DSN biΣ© SNMP Î NT µÜ¹
ֲȄ ix
WEBsweeper
v þ[ºÄαWjA∩iΩÆBzt×C
v ÏÎ HTTP Î FTP yqºufr½y¹v
WEBsweeper HTTPS
v WEBsweeperbzLsº HTTPS proxyÑMΦ×A¹πΣ© web ¼qlÓ
ȳÎí
SurfinGate 4.05SurfinGateºWj\α]AG
JavaScript ºeËτ
SurfinGate 4.05|MΣτbºÝD JavaScript@~AÃ|±εM°~wþ
FªÛÄ≡º JavaScriptC SurfinGate 4.05²ÞzÌi°ñ]wÎΩI∩
JavaScriptBJavaÎ ActiveX ºFªAH¼z¼LoÇLo VisualBasic
Script P cookiesC
±÷⌠ȺÄαÊþí
SurfinGate 4.05]A@ÓÛÊuπAi»úú¿`ºµ°]p⌡µÉíù
~^AÃibóÄɽsÒÊ SurfinGateC¹°±÷⌠ÈΓ캲ÆwþS
ÊC
∩iFªÞz
SurfinGate|NLkÀδº applet]wÉΘJΩÆwAHiµÛÊÊΩC
ÞzÌiHsΦ applet/controlMµC
Σ© FTP Î SSL qH≤w
SurfinGate 4.05|Ê°É×αeqH≤w ]FTP qDñº≈ÊíXA
ù≥dÝiα|q⌠Ú⌠⌠τJºíXCúF FTP~ASurfinGate]Ê
° HTTP yqñº≈ÊíXAÃǼ HTTPSyqÜþ[ºËmC
Plugin P¾⌡≡ HTTP proxy πX
SurfinGate|ß⌠ proxy ì²ñº@Ó proxy AÎzL Firewall for
Windows NTW Web Traffic Expressñº pluginÓB@C
x IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
Ä1¹ SecureWay Boundary Server º[
¹dÒÏÑϕÜ 5 xu@¸AªÌÀOÏÎ MAILsweeperBWEBsweeperB Policy
DirectorÎ SurfinGate¸≤AQÎ Firewall ʰμeqݸP°A¹ºíº web
yqPl≤Cb¹dÒñAÚÌ|ÏÎ 5 íΩÚWÀºu@¸C
嬧 SecureWay Boundary Server dÒ
ÚÌسzÏÎUC≈¹@°≥»]wG
ϕ 1. Boundary Server ≤ú~wΘ≥»°≤
ú~ ≈¹
IBM Firewall Windows NTÎ AIX
MAILsweeper Windows NT
Ï 1. IBM SecureWay Boundary ServertmdÒ
© Copyright IBM Corp. 1999 1
ϕ 1. Boundary Server ≤ú~wΘ≥»°≤ (~≥)
WEBsweeper Windows NT
SurfinGate Windows NT
pGzƵRÀBÎ SecureWay Boundary ServerºuIAzº⌠⌠ñ²·³
SecureWay Policy DirectorC]°p¹i² Firewall proxyÏÎÌxsb SecureWay
Directory ]LDAP^ ñC
HTTP dÒ]Windows NT Firewall ^G bσ¼ºí`ñAb⌠Ú⌠⌠W HTTP
ºeºnD|ÓÛÎßÝ≈¹CnDº²|yÜ WEBsweeperCbX≡⌠|WAÓ
nD|Ñ WEBsweeperΩÀÜ Firewall HTTP proxyC
b Firewall HTTP proxyñAÏÎÌ|ⁿì²OCpGoOÓÛqݸs²Ñq@
~ºÄ@ÓnDAN|euÏÎÌ ID/KXËÖvCÏÎÌ|QÎÏÎÌ ID A
bÑ Policy DirectorÞzº LDAP ΩÆwñd\ÎßݺwþFªCÚÚqݸ
º HTTP²OFªAÎËdΘJºKXº²GAÓnDiα|Qڴι\~≥Ω
yC²O@~iαÝni@Bsú LDAP ΩÆwÎ Security Dynamics ACE°A
¹CbqÛPs²Ñq@~ºß≥nDñAs²¹|ÛÊúÑÓÏÎÌ ID/KXC
qݸú|A×QËÖAúLC@ÓnD´ngLMÄ@ÓnDÛPº²OB
zC
pG²O¶Q¹¿AÓnD|QΩÀÜÒnDº⌠Ú⌠⌠°A¹C
ϕÓÛ⌠Ú⌠⌠°A¹ººeµ¼^ Firewall HTTP proxy ÉAÓºe|Ñ
SurfinGate pluginËdCq LDAP ΩÆwúoºÏÎÌsÕΩT|úѹ pluginA
@°MªºÎCpGºeñS³]t SurfinGatenΣºΩTAYiÖtqL
pluginAΣBzÉíÑuC]t JavaScriptººe|b plugin ñLoC]t Java
Î ActiveX ººe|Qα¼Ü SurfinGate°A¹iµLoAÓLoLººe|Q
Ç^ Firewall HTTP proxyCÑ SurfinGate pluginBzLߺ²Gºe|Qe^
WEBsweeper°A¹C
ϕºeΦF WEBsweeper°A¹ÉA|ÚÚ WEBsweeperFª[HLoAMß~
Ç^qݸC
HTTP dÒ]AIX Firewall ^G b AIX WAyqºy]ÛPAúLb AIX
Firewall WS³ SurfinGate pluginiÎC]¹ASurfinGate°A¹²·]w¿Oq
Ý¸Ü Firewall º proxy ì²ñº@Ó proxyC WEBsweeper³]w°α¼nD
Ü SurfinGate°A¹AÓúO½µÜ Firewall HTTP proxyC SurfinGate°A¹
²·[c°α¼nDÜ Firewall HTTP proxyCb SurfinGate°A¹WS³sÕΩ
TiÎA]¹MªuαÚÚ IP ìC
2 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
l≤dÒG MAILsweeper]w¿@Ól≤hDCΦF MAILsweeper°A¹ºl
≤AbQα¼ìU@Ól≤°A¹ºeAΣºe|gLLoC
²·NzºC@íwþl≤°A¹[c°Nqݸl≤nDα¼Ü MAILsweeper°
A¹C²·N Firewall l≤µ½í²·[c°NiJl≤α¼Ü MAILsweeper
°A¹C
²·N MAILsweeper[c°Nⁿwe¹~íΓìºl≤AÇeÜ Firewall l≤µ
½íC²·N MAILsweeper[c°Nⁿwe¹°ºíΓìºl≤ÇeÜ¿Tº
wþl≤°A¹C
Ä1¹ SecureWay Boundary Serverº[ 3
4 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
Ä2¹ IBM SecureWay Boundary Server ²¶
»¹úÑ SecureWay Boundary Serverºº[ÃB]AUCU`G
v y°≥O SecureWay Boundary ServerHz
v y°≤ÚÝn SecureWay Boundary ServerHz
v Ä6¶ºySecureWay Boundary Serverp≤πXì FirstSecureHz
v Ä6¶ºySecureWay Boundary Server³þǸ≤Hz
°≥O SecureWay Boundary Server HIBM SecureWay Boundary Serverº¸N¹πºÉ¡wþÑMΦ×πXb@_C
SecureWay Boundary ServerúѾ⌡≡O@BΩÀMÎ⌠⌠ VPN κewþÑ
\αC SecureWay Boundary ServerNwþu~ºÞN°ñb@MπXºÑMΦ×
ñAÃH IBM Σ©ÎAȵßÞC¹ÑMΦ×]AG
v IBM SecureWay Firewall 4.1]]A Security Dynamic ACE/Server
v ÓÛ Content Technologiesº MIMEsweeper
– MAILsweeper 4.1_2
– WEBsweeper 3.2_5
– WEBsweeper HTTPS proxy 1.0_2
v ÓÛ Finjan º SurfinGate 4.05
– SurfinGate Server
– SurfinConsole
– SurfinGateΩÆw
– SurfinGate Plugin for WTE integration for Windows NT 1.0
°≤ÚÝn SecureWay Boundary Server HìBúÝn³wþÉ¡--]AUíùºíApuMHOΩ½íùB`½q⌠⌠
M·Ýì½ÇºíBzº½q⌠⌠M⌠Ú⌠⌠ºíBzº½q Web³ÎíMÈ
ߺíAÎzº½q⌠⌠M≤OtÓºíCÉ¡wþúuiHO@zº⌠⌠B³
ÎíÎΩTAª]iHµùΣ²ñd≥CAϕºÉ¡wþnD±εþÇHiH
súzº⌠⌠AÎþÇΩÆiXzº⌠⌠C
© Copyright IBM Corp. 1999 5
SecureWay Boundary Server p≤πXì FirstSecure HIBM SecureWay FirstSecureO@MπXºú~M≤CªúÑsxºÕ´[cAi
≤UzTOb⌠Ú⌠⌠ÎΣª⌠⌠WÒ³⌠⌠\αºwþCª≤UzHÒÕÆB
iµ¼Þ@ºú~bz³ºδΩWØßAðCĵwþqlÓ~Òݺ`ù
³¿»CªúÑfrO@Bsú±εByqºe±εB[KBÆìíÌÒB¾⌡
≡Buπ°ÎΩ@AÈC
Boundary ServerOiπXì FirstSecureººú~M≤CªØßP⌠Ú⌠⌠ºÉ¡A
ziHÏιɡÊΩiα³`ºfr]ÏÎs²ºfr½yú~^BJava
ScriptBJava AppletBActiveX ±εAÆÜ]AUúqll≤]SPAM^CzL
Boundary ServerAziH¹þ±εþÇΩÆiHq⌠Ú⌠⌠iJzº⌠⌠CgÑ
SecureWay Policy DirectorAziHÞz Firewall proxyÏÎÌÎΣ²OFªC
SecureWay Boundary Server ³þǸ≤H
SecureWay Boundary ServerºTÓ¸≤]A IBM FirewallBMIMEsweeperÎ
SurfinGateC SecureWay Boundary ServerúÑM IBM SecureWay Policy Director
πXC
IBM SecureWay Boundary Server º[
IBM SecureWay Boundary Server∩j¼Õ´úÑBÎqlÓ~ÒÝnºO@Bs
ú±εκewþAª²Õ´iHwþa∩ÈßBѳÓP≤OtÓ±Σ°
~CΣSÊ]AG
v ⌠⌠¾⌡≡O@
v ΩÀMÎ⌠⌠]VPN^Aµù⌠⌠²ñ
v qll≤Î Web yqºe½yAO@zº½qºΩÆBv³Îd⌠PÍúO
SecureWay Boundary ServerNwþú~ºÌÎÞN°ñ¿@MπXºÑMΦ×A
ÃH IBM Σ©ÎAÈ@ßÞC¹ú~]A AIX Î Windows NT @~tÎΓØ
©»C
SecureWay Boundary Server º\α
SecureWay Boundary ServerÞÎÊ]LoBproxy Î socks°A¹ÞNPºew
þA⌠ÃÎO@zº⌠⌠tÎCoÇÞN²ÞzÌiúTawqþÇΩÆiiJ
ÎyXzº⌠⌠C¹\αi≤U¾εuÚ´AÈíº≡»vÎqúbÈÁÕIJ
⌠⌠AÃB¡εkßd⌠C SecureWay Boundary ServerúѺ VPN ÑMΦ×A
i²zH⌠Ú⌠⌠°≥ªººÑMΦ×AÓúN·Ý°A¹PÆÚñßC
6 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
SecureWay Boundary ServerYP Policy Director@_GpÉAiÚÚ°ñíFª
pºAÓ²OÏÎÌC¾rnΘiHM SecureWay Boundary Server@_ÎÓúÑ
⌠¸frO@C
IBM SecureWay Policy Director º[
Policy DirectorO@MWßíÂvÎwþÞzÑMΦ×Aªα°²GUaº°~º
⌠⌠ΰ~~⌠⌠úÑÝ∩ÝΩ½wþO@C°~~⌠⌠O@ØΩÀMÎ⌠⌠
]VPN^AÏÎsú±εÎwþSÊAȲSwºÎßN°~º⌠⌠sµÜ⌠Ú
⌠⌠C Policy DirectorúѲOBÂvBΩÆwþÎΩ½ÞzAÈC Policy Director
iMÐǺ⌠Ú⌠⌠¼³Îí@_ÏÎAØmwþÎÞznº°~º⌠⌠M
°~í⌠⌠C
IBM SecureWay Policy Director º\α
IBM SecureWay Policy DirectorM SecureWay Boundary Server@_ÏÎÉAi
úÑÎÓxs proxy ÏÎÌFªÎ²OΩTºxsΘC
IBM SecureWay Firewall º[IBM SecureWay FirewallO⌠⌠wþO@íC¾⌡≡O¶≤@ÎhÓwþººí
MÎ⌠⌠ÎΣª⌠⌠Î⌠Ú⌠⌠ºíºÊΩC¾⌡≡i¾εúⁿw∩μgÂv
ºqHiXwþ⌠⌠C
IBM SecureWay Firewall º\αIBM SecureWay Firewalli¡εⁿO@º⌠⌠B⌠Ú⌠⌠ÎΣª⌠⌠°ºíºsú
@~Cª]iH⌡µUC@~G
v ¡εHûÑ´½±εºIiJ
v ¾ε≡»Ìa±Σª¾m
v ¡εHûÑ´½±εºI≈
v ºí¾⌡≡iNÓPººíΩTP¼≥Âvºûuj≈
v ¡εiX⌠⌠ºyq
MIMEsweeper º[MIMEsweeperúÑuºewþËdv\αAiÀRgÑqll≤ÎþyΩT⌠yg
Firewall ºΩÆCuºewþËdvi²°~³ÄaÞzPÏÎqll≤MþyΩ
T⌠Û÷ºÓ~ÝDCoÇÝDiÏÀ°⌠⌠¹πÊÎÓ~¹πÊC
⌠⌠¹πÊLoiHG
v ÑOÃB¾úiJÎeXºqll≤ñºfr
v LoúnºÉ×þ¼
Ä2¹ IBM SecureWay Boundary Server²¶ 7
v ÞzLjºÉ×
v ¾ε]l≤µu≡»ÉPº⌠⌠ÖδÎAÈyó
Ó~¹πÊLoiHG
v ¾εI`≈KÎαóÓ~≈K
v εÖkßd⌠
v °C]ûu~Îqll≤ÎþyΩT⌠y¿ºló
v ¾ε]~ÎÎcN≡»y¿º⌠⌠AÈló
∩⌠⌠¹πʺÂÙA|´lΰúΩÆBñεqll≤ºyqAÃBl`tÎ
wΘAoÇúiα|y¿⌠⌠GÙBlóÍúOÎMzP^_¿»L¬C
∩Ó~¹πÊÒc¿ºÂÙAhiα≤π³aOAª|ÉPejºkß¿»B
ló¼z]úÎÓAⁿlCÓ~¹πÊÝDiα|ÏozºÓÈB@±yC
MIMEsweeperO~ÉΓ²ºwþú~AiHÏÕ´ú²±]ÏÎqll≤Î⌠Ú
⌠⌠AÓlͺ⌠⌠PÓ~¹πÊÝDC
MIMEsweeper º\αMIMEsweeperiHG
v bX≡l≤ñ[Jkߺú~nú
v O@≈Kσ≤ÎΩÆ
v Âvαεqll≤P Web ÏÎÌ
v j≈ÎÊΩ≡»ÊºΩT
v ÊΩUúqll≤
v ½yþ≤ÎUⁿÉ×ñO_]túAϕººe
v ²×frÎcNºíX
v ÊΩúAϕº⌠¶Î⌠¸
v °iBOⁿÎOs
SurfinGate º[
SurfinGate 4.05O≈ÊíXwþuπAMÑH⌠Ú⌠⌠B°~~⌠⌠ΰ~º⌠
⌠iµÓ~µ÷º⌠≤°~ÏÎCzLËτ≈ÊíXººeA]A JavaScriptb
ºASurfinGate³U≤²qú⌠⌠K≤cNÎLNºlaAÒpú~íÒBΩÆ×
∩ÎΩTRúÑC SurfinGateººeËτBz|bhDh¸M·≈½nΩ½ºBA
°ε JavaBJavaScriptÎ ActiveX ≈ÊíXººeAÃⁿwß@º ID P Applet
wþ]wÉ ]ASP ¹íXBOU⌠≤iαºwþIÇƵC SurfinGate|b
íXiJ⌠⌠ºeAÑOτbºÝDíXC
8 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
SurfinGate 4.05]A|Ó¸≤G
v SurfinGate Server
v SurfinConsole
v SurfinGateΩÆw
v SurfinGate Plugin for WTE integration for Windows NT
SurfinGate Server\αpP HTTP proxy°A¹C SurfinGateiHM Firewall HTTP
proxy Î WEBsweeper proxy@_@° proxy 첺@í≈CpGO Windows
NTAªiHÀNÊa@° Firewall HTTP proxyº pluginCϕ@° pluginÏÎÉA
SurfinGate|°úXnDº proxy ÏÎÌúosÕΩTC SurfinGateºLoFª
YiÚÚ¹sÕΩTiµC¹[cib≈ÊíXoÍ≡»ºeA²±εΰε
≈ÊíXyqC¹¸≤iÚÚ°~wþFªúÑO@C
SurfinConsoleO@ÓËÁºÏÎ̶±AiÎÓÞzÎ]w≈ÊíXºñí°~
wþFªC SurfinConsolei±ε⌠⌠Wºhí SurfinGate ServerAÃBiÚÚÓ
OÏÎÌBÓOsÕAÎzLÛqºúiµⁿPiµⁿíXMµAbπÓ½q
ºΩI≈ÊíXWhC
SurfinGateΩÆwñxs Applet wþ]wÉ ]ASP ºúÓA]A³÷ÏÎÌ
MsÕÎΣ∩³ºwþFªΩTC¹ΩÆwiHÏκغsúΩÆwÞºA]
iHÏγº OracleΩÆwCÑ≤ SurfinGate|HÉ°εÒ³≈ÊíXºº
eA]¹ÃúÝnoÓΩÆwÓTOwþAúLªbj¼@~ñTΩiWiÄ
αC
SurfinGate º\α
SurfinGateúÑG
v ∩ Java appletBActive X controlsBJavaScriptºhDh¸ºeËτ°A¹
v YÉÊ°BÊAËτ
v w∩H Web °Dº≈ÊíXΩIwþFª
v Ëτu≈ÊíXv]ÒpAJava appletBActiveX controlBJavaScriptBVisual
Basic scriptBplug-inBcookies
SurfinGateiM proxy ì²ñº proxy @_ÏÎAÎzL Firewall for Windows
NT Wº WTE pluginÓB@C
Ä2¹ IBM SecureWay Boundary Server²¶ 9
10 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
Ä3¹ bwË SecureWay Boundary Server ºe
»¹íúp≤ÏÎδFÓwË SecureWay Boundary ServerAÃB]AUCU`G
v yp≤ÇÆHz
v Ä13¶ºySecureWay Boundary Serverz
p≤ÇÆH
»`íúp≤ÇÆ SecureWay Boundary Serverº¸≤C
P SecureWay Policy Director πX
Ynb Windows NTÎ AIX W]w≥»º IBM SecureWay Policy DirectorAÐ
⌡µUCBJG
1. τÒzº@~tÎO_wAϕ[c°iΣ© Policy DirectorC
2. Mwþ@Ó°A¹¸≤ÌAXzºGp≥»nDAÎnbþÇ≈¹WwËoÇ
¸≤C
3. pGÙS³ºÜAÐwËÎ[c@Ó DCE ≥ª[cC
4. wËÎ[c SecureWay Directory]LDAP^C
5. pGz´ΓnµqݸÌÒ²OA[cuÌÒÂvAÈv]CAS C
6. wË NetSEATqݸC
7. wË Policy Director°A¹¸≤C
8. wËuÞzD±xvC
pÝúo³÷ Policy DirectorºΣlΩTAÐÑ\ Policy Director ÒÊP⌡µ
3.0C
SecureWay FirewallYnb Windows NTÎ AIX W]w≥»º IBM FirewallAÐ⌡µUCBJG
1. Twzwgπ³Ä15¶ºySecureWay Boundary ServerwΘ≥»°≤zCXº
²ÆÝDC
2. Wºzº IBM Firewall ]wCƲMwnÏÎþǾ⌡≡\αÎnp≤Ïκ
Ç\αC
3. iD FirewallAªºþ@Ó¶±sµÜwþ⌠⌠Cz²·n³@Ówþ¶±M@
ÓDwþ¶±Azº¾⌡≡~αAϕB@Cq[cqݸɲ≡¼²cñA
© Copyright IBM Corp. 1999 11
ÒutÎÞzvΩÆ¿AMß÷@U¶±AYiÝìbz¾⌡≡Wº⌠⌠M
µCYnÜ≤¶±ºwþ¼AAÐ∩úÓ¶±AMß÷@UÜ≤C
ù: pGznsµÜ⌠Ú⌠⌠AÐóßzº⌠Ú⌠⌠AÈúÑÌ ]ISP Aúo
¾⌡≡Dwþ¶±ºn² IP ìC
4. súutÎÞzvΩÆ¿ñºwþFª∩ÜØAHK]w@δwþFªCpG
O嬧 Firewall [cG
v e\ DNS dß
v Ú´s½TºÜDwþ¶±
v Ú´ SocksÜDwþtµd
5. ]wΓìWÙAÈÎl≤AÈCpGz¼úÑ DNSÑRAqHú|³ÄvCo
Ç\αOq[cqݸɲ≡¼²cWºutÎÞzvΩÆ¿súC
6. ÏÎ[cqݸɲ≡¼²cWº⌠⌠½≤\αAwqzº⌠⌠÷Σ¸Àܾ
⌡≡C⌠⌠½≤|±εgL FirewallºyqCwqUC÷Σ¸À@°⌠⌠½≤G
v Firewall ºwþ¶±
v Firewall ºDwþ¶±
v wþ⌠⌠
v zºwþ⌠⌠WºC@Ól⌠⌠
v pGAXºÜAzºuwþÊÊAv°A¹Îzº Windows NTΓì°A
¹ºDqú½≤C
7. ÒÎ Firewall WºAÈCoÇΦk]p socksÎ proxy ²bwþ⌠⌠ººÏ
ÎÌiHsúDwþ⌠⌠CΩÚWIµºAÈAOúM≤zbWºÑqÒµº
MwCΩIAÈq`Ýn]w@Çsµ[cA¹\Swºyqþ¼CÒpAY
n²zºwþ⌠⌠ÏÎÌzL HTTP proxys²⌠Ú⌠⌠Wº WebAzúuÝ
nb Firewall W[c HTTP proxy`níA]Ýn]w¹\ HTTP yqº
sµCpGz´Γn]w Policy DirectorAÐÑ\Ä11¶ºyP SecureWay
Policy DirectorπXz@`C
8. È Windows NT GÑ≤jÆBz|±Î NETBIOSA]¹pGznÏÎ
Windows NT ΓìKXHK²OAz²·[c Windows qݸíXAÏΣ
ΩIjMⁿH⌠º Windows NTΓìiµ²Oº\αCⁿH⌠º Windows NT
°A¹²·π³ TCP/IPDqúWÙÎìAÃBπ³ªÌM Firewall ºíº
TCP/IPsqÊC¾⌡≡ÞzÌÝnØß Firewall PⁿH⌠º Windows NT°
A¹ºíºsµAÏyqibΓΣºíΩyC
9. pGznÏÎ⌠α½Aвóßzº ISPúon²º⌠Ú⌠⌠ìA@°h
∩@ì૧ÎC¹ìOMbÄ11¶º3BJnDºB~ìCMßA⌡
ÜsW NAT [ce±ANwn²º⌠Ú⌠⌠ìsWÜh∩@ IP ìµì
ñC
12 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
ϕ`oÇBJA³i¹¿¾⌡≡º≥»[cÃl⌡µC IBM Firewall |úÑΣ
ª\αAptÎΘxAi≤UzTwzº⌠⌠ºwþÊC
ϕ Firewall ]@δκ`]À÷¼ÉAzº[cΩÆú|ⁿvTA]°[cΩÆw
xsbwÐñAÃB|b½s≈ÉAÛÊAÒÊCúLA|X@Ǿ⌡≡Θ
xTºAⁿXí≈@ÎñºsuQÃ_AÒpA@Îñº FTP Ñq@~C
SecureWay Boundary ServerziHÏÎ SecureWay Boundary ServerδFA]w Firewall ÏÎ IBM SecureWay
Policy Director@°ÏÎÌÞzAM Policy DirectorπXC¹δF]iN Firewall
HTTP Proxy[c°Ç¼²OΩTÜ SurfinGate plugin]È¡ Windows NT C
° Firewall [c IBM SecureWay Boundary ServerÝnºΩTpUG
v Firewall NnÏκ IBM SecureWay Directory°A¹ºDqúWÙÎΓìC
v IBM SecureWay Directory°A¹ÊѺsµ≡¹XCw]≡¹O 389C
v IBM SecureWay Directory°A¹º SecurityMasterKXC
v ÎÓÏÀ¹ Firewall º proxy ÏÎ̺ΓìWÙC⌠≤ÏιWÙº¾⌡≡ú
|ÞzP@ÕÏÎÌCq`z|ÏÎ Firewall ≈¹º¹πDqúWÙC
v ÎÓsú proxy ÏÎ̺ Firewall ÞzÌWÙ|xsb SecureWay Directory
ñC¹WÙ|QÂP×∩b SecureWay Policy DirectorñØߺҳ proxy Ï
Î̺súvCz³ÓÏÎ Firewall ≈¹º¹πDqúWÙC
v uÑOWÙvA² IBM SecureWay Directory@°_IAÃqÓBljMΩ
Æwñº Firewall ÏÎÌC¹ÑOWÙOzb SecureWay DirectoryñØßÎ
Óxs Policy DirectorÏÎ̺rÀC
v nsµ IBM SecureWay Directory°A¹ÉÏκ Firewall ÞzÌ ID ºKXC
zÝnØß@ÓsµA²yqib Firewall Î SecureWay Directory°A¹ºíΩ
yC
Twzwgπ³Ä15¶ºySecureWay Boundary ServerwΘ≥»°≤zCXº²
ÆÝDC
SurfinGateYnÇÆlÏÎ SurfinGateAz²·²wË Windows NT Service Pack 5CTw
zwgπ³Ä15¶ºySecureWay Boundary ServerwΘ≥»°≤zCXº²ÆÝ
DC
⌡µUCBJAÇÆÏÎ SurfinGateG
v pGzOÏÎ OracleΩÆwA²·²NΣ[cnC
Ä3¹ bwË SecureWay Boundary Serverºe 13
v pGzOÏÎ Windows NT FirewallAzÝnMwnÏÎ plugin Î proxy ÒíC
v Ynb WTE WÒÎ SurfinGate pluginAN SurfinGate pluginwËb Firewall
≈¹WAMß⌡µ SecureWay Boundary ServerδFC
v zÝnØß@ÓsµA²yqib SurfinGate pluginÎ SurfinGate°A¹ºí
ΩyC
MIMEsweeperYnÇÆlÏÎ MIMEsweeperAzÝnAÑzº⌠⌠np≤B@CTwzwgπ
³Ä15¶ºySecureWay Boundary ServerwΘ≥»°≤zCXº²ÆÝDC
MAILsweeperpGzn[c MIMEsweeperAMAILsweeperM WEBsweeper²·ìbúPº≈¹
WC
bl[c MAILsweeperºeAв⌡µUC@~G
v MwbºíÏκl≤ΓìC²·[c MAILsweeperÎ Firewall l≤µ½í
HKµⁿÓÛoÇl≤Γìºl≤C
v MwþÇwþl≤°A¹nΣ©þÓΓìC²·[c MAILsweeperANⁿwe
¹⌠≤zºl≤Γìºl≤α¼Ü¿Tºwþl≤°A¹C
v Mw MAILsweeper°A¹ºìC²·[czºC@Ówþl≤°A¹°Nq
ºíqݸµ¼ìºl≤Aα¼Ü MAILsweeper°A¹C
v Mw Firewall ºìC²·[c MAILsweeper°Nw°~íΓìºl≤α¼
Ü Firewall l≤µ½íC
WEBsweeperbl[c MAILsweeperºeAв⌡µUC@~G
v Mw WEBsweeper°A¹ºìCbzº⌠⌠ñºC@Óqݸ Web s²¹
úÝn¹ìCs²¹²·[c°ÏÎ WEBsweeper°A¹@°Σ HTTPBFTP
Î HTTPSº proxyC
v Mw Firewall ºwþ¶±ìC²·[c WEBsweeperHKα¼ proxy nDÜ
ìb Firewall Wº HTTP proxyC
v pGzúƵqݸñL WebºeLoÇAzÝnb Firewall W]w@Ós
µA¡ε proxy súzº WEBsweeperÎ/Î SurfinGate°A¹C
14 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
:
:
Ä4¹ IBM SecureWay Boundary Server ]SBS^ ≥»nD
»¹úѳ÷ SecureWay Boundary Serverº≥»nDΩTC
SecureWay Boundary Server wΘ≥»°≤
Boundary Server ≤ú~ºwΘ≥»°≤πÜbHUϕµñC
ϕ 2. Boundary Server ≤ú~wΘ≥»°≤
BoundaryServer ¸≤
≈¼ ÏÐÅí OÐΘ Σª
PolicyDirector
L 64 MB 16 MB L
IBM Firewall v W i n d o w s
NTG266 MHz
Î≤¬
v A I X GΣ©
4 . 3 . 2 º
RS/6000≈¹
Windows
NTG200 MB
AIXG200 MB
Windows
NTG64 MB
AIXG128 MB
2 i⌠⌠¶±d
]NIC^
ACE/Server v W i n d o w s
NTG166 MHz
Î≤¬]È¡
µ@Bz¹^
v A I X GΣ©
AIX 4.2 º≈
¹
v D°A¹n
ΘG 50 MB
v Æ≈°A¹G
22MB
v _lÏÎÌΩ
ÆwG 4 MB
v wËG 240
MB
ÌÖG 32 MB ΩÚxsΘÝD
ÚÚÏÎÌHÆ
Ów
MAILsweeper Windows
NTG400 MHz
Bz¹Î≤¬
1 GB 128 MB L
WEBsweeper Windows
NTG450 MHz
Bz¹Î≤¬
1 GB 128 MB L
WEBsweepertÎÝn¬eq
⌠Ò
Windows
NTG450 MHz
Bz¹Î≤¬
3 GB 512 MB L
© Copyright IBM Corp. 1999 15
ϕ 2. Boundary Server ≤ú~wΘ≥»°≤ (~≥)
SurfinGate4.05 Server
Windows
NTG233 MHz
Bz¹Î≤¬
20 MB 256 MB L
SurfinGate4.05 Console
Windows
NTG233 MHz
Bz¹Î≤¬
15 MB 64 MB L
ù: ÐÑ\ IBM SecureWay Firewall for AIXÎ Windows NT ©]wPwËh
ΩyÑ©ñºúÓCNetscapes²¹]Ýn 138 MB ÏÐÅíC
SecureWay Boundary Server nΘ≥»nD
Boundary Server ≤ú~ºnΘ≥»nDπÜbHUϕµñC
ϕ 3. Boundary Server ≤ú~≥»nΘ≥»nD
ú~ Windows AIX Σª
Policy Director °
A¹
Windows NT©»
4.0 Aπ³ Service
Pack 5
4.3.1 L
IBM Firewall Windows NT©»
4.0 Aπ³ Service
Pack 5
4.3.2 L
SecureWayBoundary Server
IBM SecureWay
Firewall 4.1
IBM SecureWay
Firewall 4.1
L
MAILsweeper Windows NT©»
4.0 π Service Pack
5F Internet Explorer
4.01 Î≤s©F
Microsoft
Management Console
1.1; NTFSÏÐ≈F
Windows Messaging
L z´ΓÏκ¾ru
π
WEBsweeper Windows NT©»
4.0 Aπ³ Service
Pack 5
L z´ΓÏκ¾ru
π
SurfinGate Server Windows NT©»
4.0 Aπ³ Service
Pack 5
L L
16 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
ϕ 3. Boundary Server ≤ú~≥»nΘ≥»nD (~≥)
SurfinGate 4.05Console
Windows NT©»
4.0 Aπ³ Service
Pack 5Î Windows
95
L L
Ä4¹ IBM SecureWay Boundary Server]SBS ≥»nD 17
18 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
Ä5¹ wËÎ[c SecureWay Boundary Server
»¹íúp≤b Windows NTÎ AIX W[cÎwË SecureWay Boundary ServerC
v ywË SecureWay Boundary Server≤z
v Ä21¶ºy[c SecureWay Boundary Server≤z
v Ä29¶ºyIJÊΩz
wË SecureWay Boundary Server ¸≤
»`≤UzwË IBM SecureWay FirewallBSurfinGateÎ MIMEsweeper Windows
NT P AIX ©C
wË SecureWay FirewallpÝúo³÷ SecureWay Firewall for Windows NT and AIX≥»[cºΣlΩ
TAÐÑ\Ä11¶ºyp≤ÇÆHzCΣñíúp≤wqwþ¶±Bp≤Mwz
ºwþFªÎp≤wq⌠⌠½≤CpÝúowË SecureWay FirewallºΣlΩTA
ÐÑ\ IBM SecureWay FirewallwËΓU AIX © Î IBM SecureWay Firewallw
ËΓU Windows NT©C
wË SecureWay DirectorypGznÏÎ SecureWay Boundary Serverº LDAP SÊAz²·wË SecureWay
DirectoryAÐÑ\ IBM SecureWay Policy DirectorÒÊP⌡µ 3.0 ©C
SecureWay Directory°A¹²·ìbzº Firewall ºwþÝAÎìb Firewall w
þD¾mÏ ]DMZ^ ºC
wË SecureWay Policy DirectorpGznÏÎ SecureWay Boundary Serverº LDAP SÊAz²·wË SecureWay
Policy Director]ÐÑ\ IBM SecureWay Policy DirectorÒÊP⌡µ 3.0 ©^C
wË SecureWay Boundary ServerpGnb Windows NTWwË SecureWay Boundary ServerAÐ⌡µUCBJG
v wË SecureWay Firewall for Windows NT
v q SecureWay Boundary Server CDA⌡µ setup.exe
v ∩ÜzºyÑAMß÷@UTw
© Copyright IBM Corp. 1999 19
v InstallShield|ßÝznN SecureWay Boundary ServerwËbþÌC Windows
NT ©ºw]زOG C:\Program Files\IBM\SBS
v ½s≈
pGnb AIX WwË SecureWay Boundary ServerAÐ⌡µUCBJG
v wË SecureWay Firewall for AIX
v ±J CD MßÏÎ SMITTY iµwË
v ∩úunΘºwËPû@v
v ∩úuwËP≤snΘv
v ∩úuwËP≤sÌsºnΘv
v ϕQnDúÑΘJËmÉAÐCX∩ÜAMß∩ÜuúÐ≈v
v CXnw˺nΘ∩µAMß∩Ü sbsC
v ÷ Enter lwËnΘ
v ½s≈
wË SurfinGateSurfinGateπ³ΓÓ¸≤GSurfinGate ServerÎ SurfinGate ConsoleCYnwË
Surf inGate º⌠≤¸≤AÐÑ\ìb Surf inGate CDWºuwËvΓU
\docs\install.pdfC
SurfinGate pluginYnN SurfinGate pluginwËb IBM SecureWay Firewall For Windows NTWA
ÐÑ\ SurfinGate CDW \docs زººwËΓUC
wË MIMEsweeperMIMEsweeperπ³TÓ¸≤GMAILsweeperBWEBsweeperÎ WEBsweeper
HTTPSC
MAILsweeper 4.1²·wËb NTFS ÀÎÏñC
wË MAILsweeperYnwË MAILsweeperAÐÑ\ìb MIMEsweeper CDWº
\install\MSW4_0_2\docs\qsg.pdf ººJùΓU C
ÐÅN MAILsweeperwËbM WEBsweeper HTTP proxyÛPº≈¹WC
ÐÅN MAILsweeperwËbM WEBsweeper HTTPS proxyÛPº≈¹WC
20 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
:
pGzq Windows NT CDwË MAPI32.dllAMßq MIMEsweeper CDwË
Microsoft Management Console 1.1ÉA MAPI32.dll º¿T©»|QM Microsoft
Management Console@_w˺e@Ó©¸∩gCbwË Microsoft Management
ConsoleºßAÐTwnwË MAPI32.dll ©» 4.0 Î≤s©C dll q`ìb
Windows Messaging ≤ñC
wË WEBsweepernwË WEBsweeperÉAÐÑ\ìb MIMEsweeper CDº
\install\WSW3_2_5\docs\manual.pdf ºº Administrator’s GuideC
ÐÅN WEBsweeperwËbM MAILsweeperÛPº≈¹WC
wË WEBsweeper HTTPSnwË WEBsweeper HTTPSÉAÐÑ\ìb MIMEsweeper CDº
\install\WSWHTTPS1_0_2\readme.txtºº ReadmeC
ÐÅN WEBsweeper HTTPS proxywËbM MAILsweeperÛPº≈¹WC
[c SecureWay Boundary Server ¸≤
[c SecureWay Firewall≥»º IBM Firewall ]wG
1. Wºzº IBM Firewall ]wCƲMwnÏÎ Firewall ºþÇ\αÎnp≤
ÏκÇ\αC
2. iD Firewall Aªºþ@Ó¶±sµÜwþ⌠⌠Cz²·n³@Ówþ¶±M
@ÓDwþ¶±Azº¾⌡≡~αAϕB@Cq[cqݸɲ≡¼²cñA
ÒutÎÞzvΩÆ¿AMß÷@U¶±AYiÝìbz¾⌡≡Wº⌠⌠M
µCYnÜ≤¶±ºwþ¼AAÐ∩úÓ¶±AMß÷@UÜ≤C
3. súutÎÞzvΩÆ¿ñºwþFª∩ÜØAHK]w@δwþFªCpG
O嬧 Firewall [cG
v e\ DNS dß
v Ú´s½TºÜDwþ¶±
v Ú´ socksÜDwþtµd
4. ]wΓìWÙAÈÎl≤AÈCpGz¼úÑ DNSÑRAqHú|³ÄvCo
Ç\αOq[cqݸɲ≡¼²cWºutÎÞzvΩÆ¿súC
5. ÏÎ[cqݸɲ≡¼²cWº⌠⌠½≤\αAwqz⌠⌠º÷Σ¸ÀÜ
FirewallC⌠⌠½≤|±εgL Firewall ºyqCwqUC÷Σ¸À@°⌠⌠½
≤G
Ä5¹ wËÎ[c SecureWay Boundary Server 21
:
v Firewall ºwþ¶±
v Firewall ºDwþ¶±
v wþ⌠⌠
v zºwþ⌠⌠WºC@Ól⌠⌠
v pGAXºÜAzºuwþÊÊAv°A¹Îzº Windows NTΓì°A¹
ºDqú½≤C
6. ÒÎ Firewall WºAÈCoÇΦk]p socksÎ proxy ²wþ⌠⌠ººÏÎ
ÌiHsúDwþ⌠⌠CΩÚWIµºAÈOúM≤zbWºÑqµºMwC
ΩIAÈq`Ýn]w@Çsµ[cA¹\Swºyqþ¼CÒpAYzn²
zºwþÏÎÌH HTTP proxyÏÎ⌠Ú⌠⌠Wº WebAzúuÝnb Firewall
[c HTTP proxy`níAÙÝn]w² HTTP µyºsµC
7. ]w Firewall ÏÎÌCpGznDw∩X≡ WebsúÑ\αÎ Firewall Þz
Ìiµ²OAzÝnwqoÇÏÎÌÜ FirewallCpGznÏÎ SecureWay
Policy DirectorN proxy ÏÎÌxs≤ LDAP ñAÐÅb¹ÉØß proxy Ï
ÎÌCÐ≤[c Policy DirectorÉAÏÎ Policy DirectorD±xØß Firewall
proxy ÏÎÌC
oÇBJ³i≤Uz¹¿ Firewall º≥»[cÃl⌡µC IBM Firewall |úÑ
Σª\αAptÎΘxAi≤UzTwz⌠⌠ºwþÊC
ϕ Firewall ]@δκ`]À÷¼ÉAzº[cΩÆú|ⁿvTA]°[cΩÆw
xsbwÐñAÃB|b½s≈ÉAÛÊAÒÊCúLA|X@Ǿ⌡≡Θ
xTºAⁿXí≈@ÎñºsuQÃ_AÒpA@Îñº FTP Ñq@~C
[c SecureWay Firewall iµ Policy Director πX
²·[c FirewallAN IBM SecureWay Policy DirectorM SecureWay Boundary
ServerδF@_ÏÎA~αúoM Policy DirectorπXºuICpGS³ÏÎ IBM
SecureWay Policy DirectorA proxyÏÎÌuαzLu FirewallÏÎíÏÎ̶±v
]GUI^wqCoþÏÎÌúαÑ SecureWay Policy DirectorÞzC
²·Øß@ÓsµA~α² SecureWay FirewallM SecureWay DirectoryqHC
SecureWay Directory²·ìb Firewall ºwþÝAoiHObwþ DMZ ºÎw
þ⌠⌠ºC
pݳ÷p≤]wsµºΣlΩTAÐÑ\ IBM SecureWay Firewall for Windows
NTÏÎΓUÎ IBM SecureWay Firewall for AIXÏÎΓUC]wsµºΩTpUC
∩≤nDAHUO]wX≡WhÒݺµØG
v Ó½° Firewall ºwþtµdìC
v غa° SecureWay DirectoryìC
22 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
v Ó½Ýsµ≡²·j≤ 1023C
v غasµ≡Ñ≤ 389C
v ¶±°wþ¶±C
v ¼e°»Ý¼eC
v ΦV°X≡C
∩≤^¬AHUO]wJ≡WhÒݺµØG
v Ó½° SecureWay DirectoryìC
v غa° Firewall ºwþtµdìC
v Ó½Ýsµ≡Ñ≤ 389C
v غasµ≡²·j≤ 1023C
v ¶±°wþ¶±C
v ¼e°»Ý¼eC
v ΦV°J≡C
sµdÒπÜpUG
# AÈ G ldap# íú G
permit 9.67.130.153 255.255.255.255 9.67.141.85255.255.255.255 tcp gt 1023 eq 389 secure bothoutbound l=y f=y t=0 e=none a=none
permit 9.67.141.85 255.255.255.255 9.67.130.153255.255.255.255 tcp/ack eq 389 gt 1023 secure localinbound l=y f=y t=0 e=none a=none
⌡µ SecureWay Boundary Server]wδFC∩úϾ⌡≡M Policy Director@
_Ïκ∩µCpÝΣlΩTAÐÑ\Ä25¶ºy[c SecureWay Boundary Server
iµ Policy DirectorπXzC
[c SecureWay Firewall ÏÎ SurfinGate Plugin ]È¡ WindowsNT^
²·Øß@ÓsµA~α² SecureWay FirewallM SurfinGate°A¹qHC
SurfinGate°A¹²·ìb Firewall ºwþÝC
pÝúop≤]wsµºΣlΩTAÐÑ\ IBM SecureWay Firewall for Windows
NT ÏÎΓUC]wsµºΩTpUC
∩≤nDAHUO]wX≡WhÒݺµØG
Ä5¹ wËÎ[c SecureWay Boundary Server 23
v Ó½° Firewall ºwþtµdìC
v غa° SurfinGate°A¹ºìC
v Ó½Ýsµ≡²·j≤ 1023C
v غasµ≡Ñ≤ 3141C
v ¶±°wþ¶±C
v ¼e°»Ý¼eC
v ΦV°X≡C
∩≤nDAHUO]wJ≡WhÒݺµØG
v Ó½° SurfinGate°A¹ºìC
v غa° Firewall ºwþtµdìC
v Ó½Ýsµ≡Ñ≤ 3141C
v غasµ≡²·j≤ 1023C
v ¶±°wþ¶±C
v ¼e°»Ý¼eC
v ΦV°J≡C
¹ØsµºdÒπÜpUG
# AÈ G SurfinGate Plugin Communication# íú Gpermit 9.67.143.113 255.255.255.255 9.67.143.115 255.255.255.255 tcp gt 1023 eq 3141secure local outbound l=y f=ypermit 9.67.143.115 255.255.255.255 9.67.143.113 255.255.255.255 tcp eq 3141 gt 1023secure local inbound l=y f=yþùGsµ³XbP@µC
zÙÝn[c SurfinGate°A¹AHeÇNQ½ËºΩÆCb
SurfinConsole]SurfinGateÞz¶±^WAzÝnÄ∩u@δvÐÒUº Plugin Òí∩µCz]nb ProxyÐÒºuU@Ó ProxyvµìñAΘJ Firewall º HTTP
proxy ìP≡¹C
[c SecureWay Firewall ÏÎ MAILsweeperSecureWay Firewallñwqº Mail ExchangerÝnⁿV MAILsweeper≈¹AÓ
úOΩÚºwþl≤°A¹C MAILsweeper»¡|¼el≤Üwþl≤°A¹C
[c SecureWay Policy DirectorTwwwËn SecureWay DirectoryCz²·¾DwË SecureWay Directory≈¹
ºìBªÊѺsµ≡B SecureWay Directory°A¹WºÞzÌ ID ÎÞzÌ
KXC
24 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
N SecureWay Directory LDAPqݸwËbM SecureWay Policy DirectorÛP
º≈¹WC]pGzº SecureWay DirectoryÎ SecureWay Policy Directorìb
ÛPº≈¹WANϕÜqݸiαwgwËnFC^
z²·×∩ SecureWay Directoryº LDAP ⌡ØAHΣ© Policy Director
eProxyUsersC⌡ØsWΩTxsb Policy DirectorúѺΓÓÉ×ñCz|Ýn
ìb Policy Director CDW /schema زºº secschema.def Î puschema.def
É×C
Yn×∩ SecureWay Directory°A¹Wº LDAP ⌡ØAÐb Policy Director≈
¹W⌡µHUⁿOG
ldapmodify -h <LDAPHOST> -p <LDAPPORT> -D <LDAPADMINUSER> -w <LDAPADMINPWD> -f secschema.defldapmodify -h <LDAPHOST> -p <LDAPPORT> -D <LDAPADMINUSER> -w <LDAPADMINPWD> -f puschema.def
ΣñG
v <LDAPHOST> O SecureWay Directory °A¹WÙ
v <LDAPPORT> O°A¹ÊѺsµ≡
v <LDAPADMINUSER> OÞzÌ ID
v <LDAPADMINPWD> OÞzÌKX
ϕz×∩n LDAP ⌡ØHKΣ© proxy ÏÎ̺ßAz²·ÒÎ Policy Director
Consoleº proxy ÏÎÌÞ@Cn⌡µ¹Ê@ÉAz²·Nìb \Program
Files\IBM\IVConsole زºAconsole.properties É׺ Proxyusers TaskView
o@µú°ùÑÐÜC
[c SecureWay Directoryz²·wq@ÓrÀÜ SecureWay DirectoryA@°xs Policy DirectorÏÎ̺
ÚìmCYnsWrÀÜ LDAPAÐÑ\ IBM SecureWay DirectoryÞzΓUCÒ
pAσ¼ºrÀiαpUG
o=yourcompany,c=yourcountry
ϕzsWnÎÓxs Policy DirectorÏÎ̺rÀºßAz²·¿T]wΣsú±
εMµ ]ACL^Cz²·NsrÀºÒ³súvúѹ Policy DirectorwþsÕC
Policy DirectorwþsÕºÑOWÙ ]DN^ OG
cn=securitygroup,secauthority=default
[c SecureWay Boundary Server iµ Policy Director πX
ziHÏÎδF[cÓ SecureWay Boundary°A¹C¹δF|ÉÞzgL@ÇB
JAHK]w FirewallAÏΣM Boundary ServerÎ Policy DirectorñºΣªú
Ä5¹ wËÎ[c SecureWay Boundary Server 25
~@_ÏÎCµUÓXºe±|ßÝz³÷z LDAP °A¹ºÝDCϕz±J
Ò³²ÝºΩTºßAδF|]w Firewall ÏÎ Policy DirectorÎbÏÎÌMs
ÕFªºÛP LDAP ΩÆwC¹δF]iH[c Firewall HTTP ProxyAÏΣǼ
²OΩTÜ SurfinGate plugin]È¡ Windows NT Firewall AÎú°¹[cC
Yn[c IBM SecureWay Boundary ServerAÐ⌡µ SecureWay Boundary Server
δFCb AIX WA⌡µⁿO sbswizard Ab Windows NTWA∩úl->í°->SecureWay Boundary Server Cp¹Y|ÒÊ SBSδFC
1. ∩ú]w Firewall HKM Policy Director @Î LDAP ΩÆw∩µC
2. ÏÎÄ13¶ºySecureWay Boundary ServerzñºΩTA^¬ÒúXºÝDC
[c SecureWay Boundary Server ÒÎ SurfinGate Plugin ]È¡
Windows NT ^∩úl->í°->SecureWay Boundary Server Cp¹Y|ÒÊ SBSδFC
1. ∩ú[c Firewall HTTP Proxy HKǼ²OΩTÜ SurfinGate plugin ∩
µC
2. ¹¿∩ÜC
[c SurfinGateb Windows NTW@³ΓØΦíi[c SurfinGateG
v [c°ì²º proxy
v [c° Firewall HTTP proxyº plugin
b AIX Wȳ@ØΦíi[c SurfinGateG
v [c°ì²º proxy
[c SurfinGate °ì²º Proxy
26 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
²·[cqݸ Webs²¹HÏÎ SurfinGate@°Σ HTTPBFTPÎ HTTPSº
proxyCÐȲnⁿw SurfinGateÊѺ≡¹]w]ÈO 8080 C
b SurfinConsole]SurfinGateÞz¶±^WAzÝnÄ∩u@δvÐÒUº ProxyÒí∩µCz]nb ProxyÐÒºuU@Ó ProxyvµìñΘJ Firewall º HTTP
proxy ìP≡¹Ct~ApGz³wgwqºB~ proxyAziHⁿVoÇ proxy
µ°U@Ó proxyC
[c SurfinGate ° Firewall HTTP Proxy º Plugin
Ï 2. SurfinGatetm
Ä5¹ wËÎ[c SecureWay Boundary Server 27
qݸ Webs²¹²·[c°ÏÎ Firewall HTTP proxy@°Σ HTTPBFTPÎ
HTTPSº proxyCⁿw Firewall HTTP proxyÊѺ≡¹]w]ÈO 8080 C
b SurfinConsole]SurfinGateÞz¶±^WAzÝnÄ∩u@δvÐÒUº PluginÒí∩µCz]nb ProxyÐÒºuU@Ó ProxyvµìñΘJ Firewall º HTTP
proxy ìP≡¹C
ù: ¹µ\αÈb SecureWay Firewall for Windows NTW~³C
[c MIMEsweeper
[c MAILsweeper
Ï 3. SurfinGatetm
28 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
pGzº⌠ÒܵÂAhbwËÉ^¬ÝDAYi[c MAILsweeperCYniµB
~ºtmAÐ⌡µUCBJGl->í°->MAILsweeper forSMTP->MAILsweeper for SMTP Console C pÝúoΣlΩTAÐÑ\
MAILsweeper Getting Started GuideC
[c WEBsweeper
niµ[cÉAÐܱεxÃB∩ú WEBsweeper appletCpÝúoΣlΩTAÐ
Ñ\ MIMEsweeper CDWº WEBsweeper Administrator’s GuideC
[c WEBsweeper HTTPSniµ[cÉAÐܱεxÃB∩ú WEBsweeper HTTPS appletCpÝΣlΩTA
ÐÑ\ WEBsweeperÞzΓUC
IJÊΩ
ÏÎⁿOµ½ÎíAØßiHÊΩSw IP ìºLoíCibËτºeº
ßAÊAMwnÊΩºìCⁿO°G
v fwadd_deny
v fwdelete_dynamic
Ï 4. MAILsweepertm
Ï 5. WEBsweepertm
Ä5¹ wËÎ[c SecureWay Boundary Server 29
fwadd_denypGíÒÊɼ]t⌠≤ÑÆAª|πÜ@húÜAnDⁿwÒݺÑ
ƵíC
ÑÆ°G
Loí IDpGO Windows NT Firewall AAÎHUípG iⁿw@Ó ID
ÜLoíAHÕ´Σû@@~Cq 1 lHÉ¡¶Çⁿw IDA
ÃBpGúѺ ID ¬≤U@Óiκ¹XÉAhⁿwº ID |O
U@Óiκ¹XAÓúOúÑ¹íº ID ¹XCÒpApGY
ÇWhw³ ID 1 sbAÓzÁÕH ID 3 Øß@ÕLoWhA
h|∩°ⁿw ID 2CÛPº ID iHⁿw¹hµWhCϕÏÎ
delete_dynamicíRúWhÉA|H ID ÓÑÓWhA]¹ϕÌ
ID ØßWhÉAn²WºApGoÇWh@ÎÛPº ID ÉAh
RúªÌÉNº°°sÕRúC
ϕsWnWhÉAÒÏκ ID ¹X|πÜXÓC
Loí IDpGO AIX Firewall AAÎHUG ID iH¹XⁿwCÒpAp
GLoí ID O ID 12AhiHⁿw ID=12Cb AIX WAúP
ºLoíúiⁿwÛPº IDCC@ΣLoí²·π³Σß@
º IDC
Ó½ IP ì@°Ê]Ó½º IP ìA²·ΘJ°HIjºQiìOÆkA
p 255.255.255.255C
Ó½ IP Bn¹µìMÓ½ IP ìtXÏÎAÃBnΘJHIjºQiìO
ÆkCÒpApGΘJºÓ½ IP ìO 10.5.8.0AÃBÓ½Bn
O 255.255.255.0Ahq 10.5.8.1ì 10.5.8.255ºíºÒ³Ê]ú
ÅXC
غa IP ì@°Ê]غaº IP ì²·ΘJ°HIjºQiìOÆkA
p 255.255.255.255C
غa IP Bn¹µìMغa IP ìtXÏÎAÃBnΘJHIjºQiì
OÆkCÒpApGΘJºØºa IP ìO 10.5.8.0AÃBغ
aBnO 255.255.255.0Ahq 10.5.8.1ì 10.5.8.255ºíºÒ³
Ê]úÅXC
30 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
tµd tµdWµ°G
S ⁿw°wþºtµd
N ⁿw°Dwþºtµd
B Ò³tµd]]AwþÎDwþ^
ÓÛtµdºÊ]YÅXⁿwºþ¼AYÅXWhC
d≥ qL¾⌡≡ºÊ]d≥OH¹ÑÆⁿwAªiHOUCΣñ@Ó
ÈG
L »ÝÊ]
R ¼eÊ]
B »ÝμeÊ]
ΦV ⁿwyqyV°J≡BX≡ÎùVC
I J≡yq
O X≡yq
B J≡ÎX≡yq
ΘxOⁿ
ⁿw Y ÒÎOⁿAÎ N ÷¼ÊALoííÊOⁿC
fwdelete_dynamicpG¹íÒʼþ[ÑÆAh|CXØewqºÒ³ÊALoíC
>>>> ÊAWh = 1>>>>>>>> ⌡L = 0>>>>>>>> LoíÊ@ = Ú´>>>>>>>> Ó½Ýì = 9.192.8.7>>>>>>>> Ó½ÝBn = 255.255.255.0>>>>>>>> غaì = 9.192.240.1>>>>>>>> غaBn = 255.255.255.0>>>>>>>> qH≤w = ⌠≤>>>>>>>> Ó½Ýsµ≡ = ⌠≤ 0>>>>>>>> غasµ≡ = ⌠≤ 0>>>>>>>> tµd = ΓÌ ]wþÎDwþ^>>>>>>>> d≥ = ΓÌ ]¼eλÝ^>>>>>>>> ΦV = ΓÌ ]J≡ÎX≡^>>>>>>>> qD Id = 0>>>>>>>> ÒÎΘxOⁿ = LkÏÎ>>>>>>>> e\ùq = _
ù: º²²·ÏÎ fwdelete_dynamic ⁿOτÒnRúºWhO_π³iwÁº
IDC
Ä5¹ wËÎ[c SecureWay Boundary Server 31
pGíOH³ÄºLoí ID ÒÊAh|RúÊAWhAÃBRúºWhÆØ
|πÜ¿Σì x ÓWhº id °G xC
µiGpGzÁÕsW½ÆºLoíAtÎ|iDzÓLoíwgsbCp
GzÁÕsWLoí²¼ⁿwuLoí IDvAz|µ¼ì@hù~µiTºC
pG¬hWh°Xñ³WhsbAKiHÐg AIX JIÊΩCpGÏÎJIÊΩA
hjí≈ºWh²·ìbCh]wñCÊAWh|sWÜoΓMWhºñíCp
G¬hñºWhe\yqqLAzúiHQÎÊAWhÓ÷¼yqC
úÕzºtm
ϕz¹¿e@¹ñíúºÒ³]wºßA²·úÕ]wO_iµCYnúÕ
SecureWay Boundary ServerºtmAÐ⌡µUCBJG
1. ÏÎ Policy Director]w Firewall ProxyÏÎÌC]wÏÎÌÏÎ Firewall K
Xiµwþ telnetAÃB]wÏÎ̺KXC
2. ⌡µ SecureWay Boundary ServerδFAØß Firewall Î Directory]LDAP^
ºíºì²C
3. q@wþqݸÒÊ@Ó proxy telnetÑq@~C
4. ΘJb Policy Directorñ]wºÏÎÌC
5. z|QúÜΘJKXC
6. zbwqL²OC
32 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
:
:
:
Ä6¹ Û÷ºσ≤
ziHÏλ¹CXºσ≤AÓMΣ³÷ IBM SecureWay Boundary Server©»
2.0 ÎÛ÷ú~ºΣlΩTC
IBM SecureWay FirstSecureHUo»Ñ IBM SecureWay FirstSecure Planning and IntegrationA©» 2.0 ñ]
t³÷ FirstSecureºΩTC»Ñíú FirstSecureÎÕ¿ FirstSecureºú~AÃ
Bi≤UzlWºp≤ÏÎÒ³º IBM SecureWayú~C
IBM SecureWay FirewallUCσ≤]t³÷ IBM SecureWay Firewall for Windows NTºΩTA¹ΩTb
IBM SecureWay Firewall CDWº x:\books\zh_TW زºH PDF Î HTM µ
íúÑG
v IBM SecureWay Firewall for Windows NT]wPwËΓU
v IBM SecureWay Firewall for Windows NTÏÎÌΓU
v IBM SecureWay Firewall for Windows NTÑÒΓU
v Guarding the Gates Using the IBM eNetwork Firewall for Windows NT 3.3]⌡
ÖÑ^
UCσ≤]t³÷ IBM SecureWay Firewall for AIXºΩTA¹ΩTb IBM
SecureWay Firewall CDWº books/zh_TW زºH PDF Î HTM µíúÑG
v IBM SecureWay Firewall for AIX]wPwËⁿn
v IBM SecureWay Firewall for AIXÏÎÌΓU
v IBM SecureWay Firewall for AIXÑÒΓU
v A Comprehensive Guide to Virtual Private Networks, Volume 1: IBM Firewall,
Servers and Client Solutions]⌡ÖÑ^
MIMEsweeper
MAILsweeperUCσ≤]t³÷ MAILsweeper ºΩTA¹ΩTb MIMEsweeper CDWº
\INSTALL زºH PDF Î HTM µíúÑG
© Copyright IBM Corp. 1999 33
v Getting Started Guideìb \install\MSW4_0_2\Doc\qsg.pdf
v Readmeìb \install\MSW4_0_2\README.htm
WEBsweeperUCσ≤]t³÷ WEBsweeperºΩTA¹ΩTb MIMEsweeper CDWº
\INSTALL زºH PDF Î HTM µíúÑG
v WEBsweeper Administrator’s Guideìb \install\WSW3_2_5\Doc\manual.pdf
v ©»`NƵìb \install\WSW3_2_5\Doc\RELNOTES.htm
WEBsweeper HTTPS ProxyUCσ≤]t³÷ WEBsweeper HTTPS proxyºΩTA¹ΩTb MIMEsweeper
CD Wº \INSTALL زºH TXT σrɵíúÑG
v Readmeìb \install\WSWHTTPS1_0_2\readme.txt
SurfinGateUCσ≤]t³÷ SurfinGateºΩTA¹ΩTb SurfinGate CDWº \docsز
ºH PDF µíúÑG
v SurfinGate Installation Guideìb \Docs\install.pdf
v SurfinGate User’s Manualìb \Docs\manual.pdf
v ©»`NƵìb \Docs\SFG 405 RelNotes.pdf
v ³÷ SurfinGate pluginºΩTìb \docsزºC
34 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
þ²A. ðÆÑ
»¹i≤Uz»úPÑMP SecureWay Boundary ServerÛ÷ºÝDC
ÑM IBM SecureWay Firewall º@δÝD
¼eÝD
IBM Firewall bwþFª∩ÜØñúÑ@ÓSÊAÙ°úÕ IP ¼eA¹\α³U
≤iµ¼eÝDúùCÐÒιÄ∩ØAÒÊusutmvAMßÒÎusuW
hOⁿvCµUÓËdzº firewall logAË°Σñ³÷qLzº¾⌡≡ºÒ³
Ê]ÔÓΩTC
º²ÏÎ IP ì⌡µoÇúÕAMßAÏÎDqúWÙµúÕC
Lkq¾⌡≡sqúÕDqú
ÝDíú
zº⌠⌠¶±¼¿T[cC
سÊ@
ÐÑ\zº@~tÎσ≤C
ÝDíú
ÜDwþ⌠⌠ºsu¼¿T[cC
سÊ@
Ðs¸zº⌠Ú⌠⌠AȽqúo≤UC
ÝDíú
pGzºwþ⌠⌠j≈b⌠ѹºßAzº¾⌡≡²·π³ÜÓ⌠ѹº
RA⌠|CÐÏÎ netstat -rn τÒRA⌠|G
netstat -rn
Protocol Family 2ºΘX³pU G
© Copyright IBM Corp. 1999 35
nrr.nrr.nrr.nrrNϕÜ⌠Ú⌠⌠º⌠ѹÃBOw]⌠|Cw]⌠|ORA⌠|
]X¹=UG^C
nnn.nnn.nnnNϕzºDwþΓìC¹°¶±⌠|]X¹=U^C
nnn.nnn.nnn.nnnNϕzºDwþ¶±C
sss.sss.sssNϕzºwþΓìC¹°¶±⌠|]X¹=U^C
sss.sss.sss.sssNϕzºwþ¶±C
ss1.ss1.ss1Nϕbzº⌠⌠ºwþÝWº¸ΓìAÃB srr.srr.srr.srrNϕÜÓ
¸Γìº⌠ѹC¹°RA⌠|]X¹=UG^C
127.0.0.1Oj⌠ÎÏìDqúC¹°¶±⌠|]X¹=U^C
C@Ó¶±ú³Ó³@Ó¶±⌠|AÃBzºw]⌠|³ⁿV¾⌡≡ºD
wþÝWº⌠ѹC
سÊ@
sW@°q¹⌠ѹºRA⌠|CÐs¸zº⌠ѹÞzÌCÏÎ route
add ⁿOC
ÝDíú
bwþ¶±ÎzÁÕnsµºDqúWºl⌠⌠Bniαú¿TC
سÊ@
ÏÎzºqݸtm½Îí≤¿Bn]wC
LkqwþDqúsqúÕDwþDqú]ϺτM^
ÝDíú
P¾⌡≡ÛFºC@Ó⌠ѹú²·]t@ÓRA⌠|Aⁿw¾⌡≡µ°
غa⌠⌠b¾⌡≡º~ɺhDC
غa hD X¹ ....default nrr.nrr.nrr.nrr UGnnn.nnn.nnn nnn.nnn.nnn.nnn Usss.sss.sss sss.sss.sss.sss Uss1.ss1.ss1 srr.srr.srr.srr UG127 127.0.0.1 U
Ï 6. netstat -rnΘXdÒ.
36 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
سÊ@
s¸⌠ѹÞzÌC
ÝDíú
pGzºwþ⌠⌠Ïκì¼gLn²AÃBLkbDwþ⌠⌠W¼
eA]A RFC 1597ñⁿwºMÎìAhNLkNÊ]¼e^ÇeÌC
سÊ@
È¡ Windows NTGÏÎπ³wn²ìºqݸC¾⌡≡º NAT SÊ
iÏÎ≤ TCP Î UDP yqA² NAT ú|³ ping @Ëα½ ICMP Ê
]ñºìC
سÊ@
È¡ AIXGÏÎπ³wn²ìºqݸC
DNS óÄ
ù: DNS È∩ Windows NT³ÄC
ÝDíú
zµ¼ì DNS ù~TºA]°zÏÎ Microsoft DNS Service Manager[
c Microsoft DNS ServiceC
سÊ@
ÑÓwËⁿÜAÃB
1. ÇÑRúπÓزºΦíAÓ¾ú Microsoft DNSG
\winnt\system32\DNS
2. ½swË Microsoft DNS
3. ½s≈
4. ½swË DNS Öt×_
5. ½s≈
ÑM@δÝD-MIMEsweeper
WEBsweeper Î MAILsweeper n³LkbÛPº≈¹WÏÎ
ÝDíú
ÁÕbÛPº≈¹W⌡µ MAILsweeperÎ WEBsweeperÉoÍÝDC
سÊ@
N MAILsweeperÎ WEBsweeperwËbúPº≈¹WC
þ²A. ðÆÑ 37
WEBsweeper t×ÜC
ÝDíú
ÏÎ WEBsweeperÉAUⁿ Web ºet×ÓCC
سÊ@
1. ÏÎ WEBsweeper Control Panel applet±ÎΘxOⁿC
2. N WEBsweeperwËbzÖ³ºÌÖt≈¹WC
WEBsweeper ÂvÝD
ÝDíú
N WEBsweeper 3.2_5wËb¿gwËe@© WEBsweeperº≈¹WÉA
iα|³Âv≈_ÝDCϕ WEBsweeperÒÊÉApGoÍ Internal
Windows ù~TºG2140AÐËdÆ≤Ë°¹ñº³ÎíΘxCÓÛ
WEBsweeperºTºOG ″PAKMSG ù~GÏÎÌWÙP²ewqºÂv
ÏqÄ≡C″
سÊ@
¾ú Windowsn²ñºÂÂv≈_CⁿJ regeditÃb⌠|
\\HKEY_LOCAL_MACHINE\SOFTWARE\Content
Technologies\MIMEsweeper\LicenseUMΣCpG¹B³@ÓHWº≈_A
ÐRúS³ ″IBM MIMEsweeper System″ ÐÒºº@ÓC½s≈C
WEBsweeper Uⁿj¼É×ÉoÍÝD
ÝDíú
WEBsweeperbiµLoÉAiαS³¼≈ºΩÀOÐΘixsÉ×C
سÊ@
W[ WEBsweeper°A¹WºΩÚOÐΘÆØC
ÑM@δÝD--SurfinGate
SurfinConsole bÒ Microsoft Internet Explorer ß±ε^³
ÝDíú
ϕ Internet ExplorerÒÉASurfinConsole³ÎíπÜǺµ°Î±ε
^³CoΓÓ³Îí¼ÛÄ≡A]¹úαPÉ⌡µC
سÊ@
únPÉⁿJ Internet ExplorerÎ SurfinConsoleC
38 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
SurfinGate Plugin t×wC
ÝDíú
ÏÎ SurfinGate PluginÉAzL Web Uⁿ≈ÊíXt×ÜCC
سÊ@
Tw SurfinConsoleWº Proxy ÏqñAuU@Ó Proxyvµì]w°
SecureWay Firewall HTTP proxyC
þ²A. ðÆÑ 39
40 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
þ²B. `NƵ
bΣLΩañAIBM úúo³úÑ»ÑñÒúѺUµú~BíÎAÈC»Ñb
úÎ IBM ú~BíÎAÈÉAúϕÜÎtÜuαÏÎ IBM ú~BíÎAÈC
unúIÇ IBM º¼z]úvA⌠≤\αBú~ÎAÈúiHúN IBM ºú~C
úLAΣLD IBM ú~BíÎAÈbB@WºûùPτÒAΣd⌠Ý≤ÏÎ
ÌC
bo»ÑÎσ≤ñiα]tÛ IBM ÒÖ³ºMQÎMQÓÐ×C»ÑÏÎÌÃú
ɳezMQº⌠≤ÂvC ziHÎѱΦíÓdßÂvAÓτÐHì IBM
Director of Licensing, IBM Corporation, North Castle Drive, Armonk, NY 10504-1785,
U.S.A.
»íº≥ÂvÌY²úoÛ÷ΩÆAHKÏÎUCΩTÌióß IBMCΣUCΩ
TⁿºOG ]1^ WßØߺíPΣLí]]A¹í^ºíµ½ΩTºΦ
í ]2^ Û¼ÏÎHµ½ΩTºΦkCY³⌠≤ÝDÐs¸G
Site Counsel, IBM SWG
IBM Corporation
P.O. Box 12195
3039 Cornwallis
Research Triangle Park, NC 27709-2195
USA
»uívÃDÑuIBM ÈßXù (ICA)vº°ÚÒÂvÏÎCÓOÑuIBM Ω
ÚíÂvXù (IPLA)vº°ÚÒÂvÏÎC
»σ≤¼²NILXÑABÈHu¼vúÑ»σ≤AÓúúÑ⌠≤OÒ (]Ai
ΓÊÎÅXSwÄκOÒ)C
»ú~]t CERNØßÎúѺqúnΘC¹íú³Ób⌠≤]A¹Bº CERN
qúnΘÎΣÕ≤ºú~ñ¹π»zC
© Copyright IBM Corp. 1999 41
ÓÐ
UCM³WⁿO IBM ½qbⁿΩÎ]Î^ΣLΩaºÓÐC
AIX
IBM
Microsoft Î Windows NT O Microsoft CorporationbⁿΩÎΣªΩaºÓÐÎ
ùUÓÐC
**SurfinGate O Finjan Software, LtdºÓÐC
**MIMEsweeperB **MAILsweeper Î **WEBsweeperO Content Technologies, Ltd
ºùUÓÐC
ÑùP¹(**)ÒÐùºΣL½qBú~MAÈWÙiαOÄT̺ÓÐÎAÈÐ
OC
42 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
WⁿÑÀ
ȼ
°~º⌠⌠]intranet ^. @MwþMκ⌠⌠AN⌠Ú⌠⌠ÐÇγÎí]p Webs²¹^PÕ´º
³qú⌠⌠≥ª[cπXC
Cº
°A¹ì]server address ^. Àú¹zL⌠⌠úÑ@ÎAÈ¹ΣªqúºC@xqúºß@ºNXApÉ×°A¹BCL°A¹Îl≤°A¹CÐǺ IP ìO@Ó 32 ì¸ìµìC°A¹ìiHOHIj
ºQiì IP ìÎDqúWÙC
°A¹]server^. zL⌠⌠úÑ@ÎAÈ¹ΣªqúºqúApÉ×°A¹BCL°A¹Îl≤°A¹C
¾⌡≡]Firewall^. @Ó\αµ¸AÎÓO@αε⌠⌠ºíºsµC¾⌡≡i¾εúⁿw∩μ≥ÂvºqHyqiJⁿO@º⌠⌠AÃBȲSwºqHyq≈ⁿO@º⌠⌠C
Kº
AÈ]service^. Ñ@ÎhÓ`IúѺ\αFÒpAHTTPBFTPBTelnetC
Qº
jΘ¶±]loopback interface ^. @ض±AϕΩTnÇeÜÛPtÎñºΩΘÉAiÎÓñLú²nºqH\αC
Q@º
»ú]ping^. @ÓⁿOA|Çe⌠Ú⌠⌠±εTºqH≤w ]ICMP^^³nDÊ]ÜDqúBhDÎ⌠Ñ
¹AÃwÁ|¼ì^¬C
≡]port^. @Ó¹XAÎÓⁿXÀXºqHËmCbw]ºípUAWeb °A¹ÏÎsµ≡ 80C
qݸ]client^. VΣªqútÎÎBz]q`Ù°°A¹^nDAȺqútÎÎBzChÓqݸiα@Îsú@Pº°A¹C
qH≤w]protocol ^. ϕoÍqHÉAΣtqHtκ\αµ¸@~º@MWhCqH≤wiMw≈¹∩≈¹¶±ºCÑúÓApì¸Õñºì¸Çe¸ÇF]iHMw³Îíºíº¬Ñµ½ApÉ×αeC
© Copyright IBM Corp. 1999 43
QTº
OÉ]timeout ^. ¹\@~oͺÉííjC
hD]gateway^. @Ó\αµ¸Aiµ¼sµΓÓúP[cºqú⌠⌠C
w]È]default^. ¼úTⁿwÉÒ²]ºÈBÝÊÎ∩µC
Q|º
δF]wizard^. ³Îíñº@Ó∩ÜAÏÎvBíⁿÜAⁿÞÏÎÌgúSwº@~C
⌠Ú⌠⌠]Internet^. þyʺµ¼sµ⌠⌠°XAÏÎ⌠Ú⌠⌠qH≤wΰ¹\½@súC
D
DMZ. D¾mÏC@ØËmAÎÓ¾ε~ÓÏÎ̽µsúπ³½qΩƺ°A¹C
F
FTP]É×αeqH≤w^. @سÎíqH≤wAÎÓb⌠⌠ºíùVαeÉ×C FTP Ýn³ÏÎÌ
IDA³É]|nDÏÎKXÓ¹\súìb·ÝDqútÎWºÉ×C
I
ICMP. ⌠Ú⌠⌠±εTºqH≤wCb⌠Ú⌠⌠qH≤w ]IP^h¸ÎÓBzù~αεTººCÝDÎú
¿TºΩÆÊغa°iA|Ç^ΣìlºΩÆÊÓ½C
IP. ⌠Ú⌠⌠qH≤wC@ØLsuºqH≤wAgÑ⌠⌠ε¼sµº⌠⌠¼eΩÆC IP º\αO@°¬
ÑqH≤whÎΩΘhºíºC¶C
IP ì]IP address^. ⌠Ú⌠⌠qH≤waCß@º 32 ì¸aAⁿw⌠⌠WC@ÓËmÎu@¸º
ΩÚìmCτÙ°⌠Ú⌠⌠ìC
IPSEC. ⌠Ú⌠⌠qH≤wwþC´boñºÐÇAØÐOTw⌠⌠qHñ⌠⌠ÎÊ]BzhºwþC
N
NAT. ⌠α½Cb¾⌡≡ñANwþ IP ìα½°~ín²ºìC¹\αiP¿M~í⌠⌠qHA²|
B¬b¾⌡≡ºÏκ IP ìC
44 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
P
PICS. ⌠Ú⌠⌠ºe∩ܺ¡xCi PICSºqݸi²ÏÎÌMwnÏÎþ@źAÈAÎC@ÅAÈi
µⁿPúiµⁿºÑÅC
S
shell. µⁿÎBzÓÛÏÎÌu@¸ºⁿOµºnΘC Korn shellOhÓ UNIX shell ñº@ØC
SMTP. þσ°uSimple Mail Transfer ProtocolvANⁿu²µl≤αeqH≤wvCb⌠Ú⌠⌠qH≤w°
ñº@Ó³ÎíqH≤wAÑαeb⌠Ú⌠⌠⌠ÒñºÏÎÌl≤C SMTPⁿwl≤µ½¶ÇÎTºµíC
ª²]ÇΘ±εqH≤w°≥ªqH≤wC
T
TCP. ÇΘ±εqH≤wCb⌠Ú⌠⌠WÏκqH≤wC TCPúÑiaºDqú∩DqúºΩTµ½CÏ
Î IP @°≥ªqH≤wC
TCP/IP. þσ°uTransmission Control Protocol/Internet ProtocolvANⁿuÇΘ±εqT≤w/InternetqT
≤wvC@ÕqH≤w°AΣ]pØаPi⌠⌠ºíºqHAú×C@Ó⌠⌠ÏÎþ@ØqHÞNC
Telnet. ×Ý≈ÒÀqH≤wAO·ÝsµAȺ TCP/IP³ÎíqH≤wC Telnet²ìbYÓ⌠¸Wº
ÏÎÌsú·ÝDqúApPÓÏÎ̺u@¸O½µsµÜÓ·ÝDqúC
U
UDP. ÏÎÌΩÆÊqH≤wCb⌠Ú⌠⌠qH≤w°ñAúÑiaBLsuíΩÆÊAȺ@ØqH≤wCª²ìbYx≈¹WÎBzº³ÎíiÇeΩÆÊÜìbΣª≈¹ÎBzWº³ÎíC UDP ÏÎ⌠Ú⌠
⌠qH≤w]IP^¼eΩÆÊC
V
VPN. ΩÀMÎ⌠⌠]VPN^C@ÓÑ@ÎhÓwþ IP qDsµ@ÎhÓ⌠⌠Õ¿º⌠⌠C
W
Web. ]tíÎÉ׺ HTTP °A¹⌠⌠AΣñ\hOW»σσ≤A]ts²ìb HTTP °A¹WºΣ
ªσ≤ºì²CτÙ°þyΩT⌠C
WTE. Web yq¬t½⌠]WTE^C@Ó Proxy Öú°A¹AizL¬ÄvºÖú≈εA[t@δÏÎÌ
^³ÉíCuÊ PICSLoi≤U⌠⌠ÞzÌq@ñßìm±ε∩ Web ¼ΩTºsúC
WⁿÑÀ 45
46 IBM SecureWay® Boundary Server for Windows NT® and AIX: ÒÊP⌡µ
IBM
Part Number: CT6RZTC
Printed in Singapore
CT6RZTC