Magazine article Security Management

A Way Out

Magazine article Security Management

A Way Out

Article excerpt

Last year, San Jose, California-based Pacific IBM Credit Union decided to give its employees access to e-mail and other Internet services like the World Wide Web. At the same time, the company wanted to offer its customers the option of online home banking down the road. The full-service credit union offers savings and checking accounts and loan programs for its members.

Like many organizations - and especially financial institutions - now venturing onto the Internet, Pacific IBM was wary of the security risks associated with a connection, such as hackers eyeing client information. To address the concern, Ernesto Segovia, the company's network administrator, sought a firewall that would support Internet services for employees and also protect the organization's proprietary information from external as well as internal threats. At the same time, he wanted a solution that would not require numerous man-hours and months to set up, configure, and maintain.

For the features and services he wanted, Segovia looked at firewalls priced from $60,000 to $70,000 - well above his budget. On a recommendation from a trusted colleague, however, Segovia tried a more moderately priced option, the Telaxian Shield from Network Engineering Technologies (NET), also of San Jose, California.

The product, only six months on the market at the time, offered an alternative in firewall design that suited Segovia's needs. The Telaxian Shield is an application-based system that has the transparency of a packet filter. The firewall operates on a dedicated machine running only an operating system. It supports many Internet services such as TCP, HTTP, and e-mail. The firewall is connected to a router, which connects to the Internet. But its "envoy" technology allows users to transparently connect to another network through multiple shields that can be put in place by the firewall.

The software envoys greet each access request at the port. If the request meets all of the programmed security requirements, the envoy facilitates an anonymous connection between the networks. After establishing the connection, the envoy monitors the connection and the closure of the job.

Pacific IBM's connection currently gives only outbound e-mail access to the Internet. The handful of employees granted Web access must first pass through the shield to connect to the Web server, which is located outside the firewall but before the router. Outside users are granted transparent access to the Web server through the router but never need to access the internal network through the shield. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.