BorderManager - firewall for Novell Netware servers


BorderManager firewall runs on uniquely developed Novell Netware servers to provide maximum security to network. Read the article to know its features.

Some firewalls are based on unusual operating systems so that typical or repeated known attacks can be prevented. These operating systems are uniquely developed by their vendors to give high security through obscurity. The drawback of this is that such firewalls require unique adapter drivers for specific adapter models and even patches for them are rare. However, keeping hackers at bay is more important and this is the reason why such firewalls are popular among network administrators. This article is about one such firewall, BorderManager.

This firewall is an ICSA certified service running on NetWare servers that provide a wide range of security services. These servers are highly optimized for speed. BorderManager firewall is marketed by Novell.

Minimum platform requirements


  • Novell NetWare 4.x or 5

  • Intel i486 or stronger microprocessor

  • Two network interfaces

  • Atleast 32MB RAM

  • Hard Disk Drive of 500MB

  • Security features


    Stateless packet filter

    Unlike most firewalls, BorderManager has a stateless packet filter but since all the protocols run through security proxies, stateful packet filter wasn't even necessary. The packet filter needed only a filter for denial of service attacks and that is present.

    Security proxies

    BorderManager has almost all security proxies including those meant for real time multimedia services. Most of these proxies require SOCKS-enabled clients and indicate a lack of integration with NAT. They rely upon SOCKS proxy. Security proxies are available for FTP, NNTP, SOCKS 4&5, SMTP, POP3, HTTP, SSL, DNS, Gopher, Real Audio, Real Video, Real Time Streaming, Generic TCP/UDP and Telnet protocols. The transparent proxies inspect the routed traffic passing from internal to external network. They detect HTTP traffic in the process and transfers HTTP requests to the proxy service. This leads to additional security as it becomes impossible for internal clients to bypass the proxy. The effort in configuring the proxy is also reduced.

    Network Address Translator (NAT)

    The feature present is something in between a true NAT and a SOCKS proxy or generic TCP. It works at the Application Layer and can be made transparent. The IPs are directed to their legal addresses.

    Secure authentication

    Border Management Authentication Services (BMAS) component comes in the enterprise edition of the firewall. It is an NDS plug-in for an authentication protocol called RADIUS. Only authorized users can gain access to the network.

    Reverse proxies for HTTP and FTP

    Reverse proxy is the provision of having multiple web servers behind an IP address. External connections to internal web servers are supported by the firewall. However, Novell has made this function even broader by including caching outbound web pages on the proxy server. This eliminates multiple accesses to the Web server from public clients and in a way, makes the proxy server the Web server itself. If you are already using a good Web server which is as speedy at serving web pages as the proxy server is, this feature wouldn't make much difference to you in terms of performance.

    SOCKS support for IPX clients

    The firewall is capable of proxying all TCP/IP Application Layer protocols including email and HTTP to the internal clients running on IPX protocol, thus eliminating direct route to clients. This makes network configurations faster and more secure as converting TCP/IP to TCP/IPX at the gateway is practically impossible.

    Dial-up service software

    Like the firewalls based on common operating systems, Novell Internet Access Server (NIAS) also provides dial-up services. NIAS is included in the enterprise edition of BorderManager. These services resemble Windows NT's RAS services.

    Interface


    The firewall runs on NetWare 4.x and 5. The text based console interface of the server is clunky. Infact, the interfaces of almost all firewalls are less programmed and appear clunky. Most of the administration can be done remotely from Windows based workstations. A Windows based monitoring tool, ClearView is included for this. The firewall integrates well into the server's NDS directory, allowing the users to manage multiple firewalls through a hierarchical browser. The firewall is a very large package with numerous components, each of which is to be configured separately. NDS environments are compelling but non-NDS environments are discouraging when it comes to selecting and managing firewall options. The administrator must be very familiar with NetWare environment to work on it.

    Pricing


    To purchase BorderManager, visit the official website of Novell. The company has also posted a firewall comparison matrix on the website. The price of the firewall is $1,000, plus $30 per user. The base price is $995 but one has to pay licensing fee too. There are no discounts for volumes. License packs come for 10, 20, 50, 100, 250 and 500 users. A two-user NetWare version is included in the package. The documentation you get at the time of purchase is very detailed, task oriented and includes theoretical concepts as well. Administrators will find it easy to understand. Technical support is given on the website, in case you need. Hundreds of certified NetWare engineers are always there to help.

    Review


    BorderManager runs on its own uniquely developed operating system and is high on security and remote management. However, its components are not integrated, the interface is very clunky and content filtering is proprietary. But these factors can be ignored. The biggest drawback is that there is no provision of unlimited use license and this adds to the cost considerably. BorderManager is typically a high speed firewall for large networks and is a good option if one can afford.

    Read IBM Firewall for AS/400 minicomputers


    Comments

    No responses found. Be the first to comment...


  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name:
    Email: