-v nv - ibmpublib.boulder.ibm.com/tividd/td/sw_fs/sbsup/ko_ko/pdf/ct6rzko.pdfl %g 8: l %:...

Windows NT ® W AIXk IBM SecureWay ®

Boundary Server

C[!- v`nv

v| 2.0

GA30-1012-00

IBM

V

L %z L %!- vxOB &0; gkOb |! 47 dLvG :NOB. VGgW;! VB O] $8& P8JC@.

L %: 3$G! /0Q p^L xB Q IBM SecureWay Boundary Server&0(GA30-1012-00)G v| 2, 1.: 0, v$

G 0 W pg DS 1.:M v$G! {kKOY.

gG(1999b 10y)

© Copyright International Business Machines Corporation 1999. All rights reserved.

qw

L %! kO) . . . . . . . . . . . . . . . . . . . . . . . . vii

L %G gkZ . . . . . . . . . . . . . . . . . . . . . . . . vii

2000b kq . . . . . . . . . . . . . . . . . . . . . . . . vii

-q: W vx . . . . . . . . . . . . . . . . . . . . . . . . vii

L %G 8: . . . . . . . . . . . . . . . . . . . . . . . .viii

kJ . . . . . . . . . . . . . . . . . . . . . . . . . . .viii

% $8 . . . . . . . . . . . . . . . . . . . . . . . . . . ix

uNn bI . . . . . . . . . . . . . . . . . . . . . . . . . ix

SecureWay Policy DirectorMG kU . . . . . . . . . . . . . . . ix

slC ?2:. . . . . . . . . . . . . . . . . . . . . . . . x

'T w\ . . . . . . . . . . . . . . . . . . . . . . . . . x

IBM SecureWay Firewall 4.1. . . . . . . . . . . . . . . . . . x

SecureWayk MIMEsweeper 2.0 . . . . . . . . . . . . . . . . xii

SurfinGate 4.05. . . . . . . . . . . . . . . . . . . . . . xiv

&1e SecureWay Boundary Server3d . . . . . . . . . . . . . . 1

O]{N SecureWay Boundary Server9& . . . . . . . . . . . . . . 2

&2e IBM SecureWay Boundary Server R3 . . . . . . . . . . . . 5

SecureWay Boundary Server$G . . . . . . . . . . . . . . . . . 5

SecureWay Boundary Server! JdQ L/ . . . . . . . . . . . . . . 6

FirstSecure! SecureWay Boundary Server& B_B f} . . . . . . . . . 6

SecureWay Boundary ServerG 8:dR . . . . . . . . . . . . . . . 6

IBM SecureWay Boundary Server3d . . . . . . . . . . . . . . 7

IBM SecureWay Policy Director3d . . . . . . . . . . . . . . . 7

IBM SecureWay Firewall3d . . . . . . . . . . . . . . . . . 8

MIMEsweeper3d . . . . . . . . . . . . . . . . . . . . . 8

SurfinGate3d . . . . . . . . . . . . . . . . . . . . . . 10

&3e SecureWay Boundary Server& 3!Ob |! . . . . . . . . . . 13

Xq f}. . . . . . . . . . . . . . . . . . . . . . . . . . 13

SecureWay Policy DirectorMG kU . . . . . . . . . . . . . . . 13

SecureWay Firewall. . . . . . . . . . . . . . . . . . . . . 14

SecureWay Boundary Server. . . . . . . . . . . . . . . . . . 16

SurfinGate . . . . . . . . . . . . . . . . . . . . . . . . 17

MIMEsweeper. . . . . . . . . . . . . . . . . . . . . . . 17

© Copyright IBM Corp. 1999 iii

&4e IBM SecureWay Boundary Server(SBS)d8gW . . . . . . . . 19

SecureWay Boundary ServerG Oe~n d8gW . . . . . . . . . . . 19

SecureWay Boundary Server! kQ RA.~n d8gW . . . . . . . . . 20

&5e SecureWay Boundary Server3! W 8: . . . . . . . . . . . 21

SecureWay Boundary Server8:dR 3! . . . . . . . . . . . . . . 21

SecureWay Firewall3! . . . . . . . . . . . . . . . . . . . 21

SecureWay Directory3! . . . . . . . . . . . . . . . . . . 21

SecureWay Policy Director3! . . . . . . . . . . . . . . . . 22

SecureWay Boundary Server3! . . . . . . . . . . . . . . . . 22

SurfinGate3! . . . . . . . . . . . . . . . . . . . . . . 23

MIMEsweeper3! . . . . . . . . . . . . . . . . . . . . . 23

SecureWay Boundary Server8:dR 8:. . . . . . . . . . . . . . 24

SecureWay Firewall8: . . . . . . . . . . . . . . . . . . . 24

Policy Director kU; 'Q SecureWay Firewall8: . . . . . . . . . 25

SurfinGateC/WN; gkOb 'Q SecureWay Firewall8:(Windows NT

|k) . . . . . . . . . . . . . . . . . . . . . . . . . 27

MAILsweeper& gkOb 'Q SecureWay Firewall8: . . . . . . . . 28

SecureWay Policy Director8: . . . . . . . . . . . . . . . . 28

SecureWay Directory8: . . . . . . . . . . . . . . . . . . 29

Policy Director kU; 'Q SecureWay Boundary Server8: . . . . . . 29

SurfinGateC/WN; gkR v V5O SecureWay Boundary Server8:

(Windows NT |k) . . . . . . . . . . . . . . . . . . . . 30

SurfinGate8: . . . . . . . . . . . . . . . . . . . . . . 30

MIMEsweeper8: . . . . . . . . . . . . . . . . . . . . . 32

'T w\ . . . . . . . . . . . . . . . . . . . . . . . . . 34

8: W:. . . . . . . . . . . . . . . . . . . . . . . . . . 37

&6e |C .- . . . . . . . . . . . . . . . . . . . . . . . 39

IBM SecureWay FirstSecure. . . . . . . . . . . . . . . . . . . 39

IBM SecureWay Firewall. . . . . . . . . . . . . . . . . . . . 39

MIMEsweeper. . . . . . . . . . . . . . . . . . . . . . . . 40

MAILsweeper . . . . . . . . . . . . . . . . . . . . . . . 40

WEBsweeper . . . . . . . . . . . . . . . . . . . . . . . 40

WEBsweeper HTTPSAOC . . . . . . . . . . . . . . . . . . 40

SurfinGate . . . . . . . . . . . . . . . . . . . . . . . . . 40

NOA. .& Xa . . . . . . . . . . . . . . . . . . . . . . . 41

IBM SecureWay FirewallG xk .& Xa. . . . . . . . . . . . . . 41

iv Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv

fN v$ .& . . . . . . . . . . . . . . . . . . . . . . . 41

DNS GP . . . . . . . . . . . . . . . . . . . . . . . . 43

xk .&–MIMEsweeperXa . . . . . . . . . . . . . . . . . . 44

WEBsweeperW MAILsweeperB 0: C:[!- [?Ov JB M 0@OY 44

WEBsweeperG zOH :I . . . . . . . . . . . . . . . . . . 44

WEBsweepersL>: .& . . . . . . . . . . . . . . . . . . 45

WEBsweeperB Tp! + DO; YnNeR ' .&! _}UOY . . . . . 45

xk .&—SurfinGateXa . . . . . . . . . . . . . . . . . . . 46

SurfinConsole: Microsoft Internet Explorer! -A VB ?H!B @dOv

J@OY . . . . . . . . . . . . . . . . . . . . . . . . 46

SurfinGateC/WNG zOH :I . . . . . . . . . . . . . . . . 46

NOB. VGgW . . . . . . . . . . . . . . . . . . . . . . . 47

nOs% . . . . . . . . . . . . . . . . . . . . . . . . . . 48

kn . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

qw v

vi Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv

L %! kO)

L %: Windows NT® W AIX k IBM SecureWay®Boundary Serverh9, 3

!, 8:, gk W.m .& Xa f}! kX 3mUOY.

L %G gkZB SecureWay Boundary Server& 3!Om 8:Ob |!

Firewall, VPN, Content SecurityW W.v) |.! kX sgQ vD; !v

m VB ML _dUOY. W.v) ;\!- LgnvB W<:& &nOB

Firewall; 3$Om 8:OGN Uz W.v) [? f}! kX LXX_ UO

Y. /w, IP VR, O|Q L' W.m -jW. 6:)G b;; LXX_ UO

Y.

L %G gkZ

L %: W.v)* IBM SecureWay Boundary Server& 3!, |. W.m g

kOB C:[ 8H |.Z& 'Q MTOY.

2000b kq

Li &0: 2000b! kQ Xq! Gn V@OY. |C .-! {s gkGB f

l LB 20 <bM 21 <b #! /% %LM& CYN 3., &x W.m vE

R v V@OY. \, L &0z T2 gkGB pg &0(9& in, Oe~n, R

A.~n W.m _~n)L $.Q /% %LM& &kN 3/R v Vn_ UO

Y.

-q: W vx

IBM SecureWay FirstSecure&0! wTH pg &0G -q:M vx! kX

-B IBM! .GOJC@. L1 &0 _ ONB IBM L\G vx; d8R v

5 V@OY. L1 &0; FirstSecure&0G ONN ^B fl IBM! .GO)

-q:M vx; ^8JC@.

© Copyright IBM Corp. 1999 vii

L %G 8:

L %: Y=z 0: e8N 8:KOY.

v 1 dLvG :&1e SecureWay Boundary Server3d;B SecureWay Boundary

ServerM W 8:dRG 3d& &xUOY.

v 5 dLvG :&2e IBM SecureWay Boundary ServerR3;B SecureWay

Boundary Server! JdQ L/! kQ $8& &xUOY.

v 21 dLvG :&5e SecureWay Boundary Server3! W 8:;: Windows

NT W AIX n5 <&!-G SecureWay Boundary ServerG 3!M 8:;

3mUOY.

v 13 dLvG :&3e SecureWay Boundary Server& 3!Ob |!;:

SecureWay Boundary ServerG h9 f}! kQ $8& &xUOY.

v 19 dLvG :&4e IBM SecureWay Boundary Server(SBS)d8gW;:

SecureWay Boundary ServerG VR d8gW! kQ $8& &xUOY.

v 39 dLvG :&6e |C .-;B SecureWay Boundary ServerG b8 .-

M |C &0G .-& #; v VB '!& KA]OY.

kJ

L %!-B Y=z 0: T"; gkUOY.

kJ GL

=:< 1Cu, \_ W.m mIz 0: gkZ NMdL:

dR

pk:dL: SecureWay Boundary Server! |CH 8.z p:

d. b;*

-> ^:!- OCG 1CWq; 8)]OY. 9& in,

DO-> G`; 1COi DO; )% D G`; )#

sB Mz 0@OY.

viii Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv

% $8

SecureWay Boundary Server! kQ VE ;E $8B Y= % VR!- r;

v V@OY.

http://www.ibm.com/software/security/boundary/library

b8 IBM SecureWay FirstSecure&0! kQ $8B Y= % VR!- r;

v V@OY.

http://www.ibm.com/software/security/firstsecure/library

uNn bI

SecureWay Boundary ServerG v| 2.0!B n !v uNn bIL in V@

OY. !e _dQ u bI: Y=z 0@OY.

SecureWay Policy Director MG kU

SecureWay Policy DirectorB FirewallL SecureWay Boundary Server& gk

R v VB fl Firewall AOC gkZ& |.R v V@OY. Firewall AOC

gkZB Y= Firewall -q:! kX $GKOY.

v Z]

v FTP

v HTTP

v Socks

gkZM W |CH $%: LDAP(Lightweight Directory Access Protocol)%

LM#L:! zeKOY.

SecureWay DirectoryB ze, ;E, Kv W 3/! kX _S '!!- p:d

. $8& /v8vR v V5O LDAP& &xUOY. SecureWay Policy

DirectorB LDAP %LM#L:!- Firewall AOC gkZ& |.UOY.

L %! kO) ix

slC ?2:

slC ?2:: ;k JM5!- W.v) .!HG 8N& \`Ob 'X Finjan

SurfinGateC/WN; gkUOY.

'T w\

mI `: Firewall!- ?{ DENY T"; [:Ob 'X ANW%UOY. 'T

w\: Z? :)3.! kUI v V@OY.

IBM SecureWay Firewall 4.1

Windows NTk IBM SecureWay Firewall: Y=; &xUOY.

x] W<: -q:

Windows NT x] W<: -q:(RAS)B YLs w, ISDN GB

PPP(Point-to-Point Protocol)& gkOB X.25 Lpn& kX W.v)

,a; &xUOY. NDISWAN: RASG ONN &xGm Lu] LAN

%LMM /gO5O bJ& LgB PPP %LM& //OB W.v7 e

sLvTOY.

AIX 4.1k IBM SecureWay Firewall bs

AIX k IBM SecureWay Firewall: Y=; &xUOY.

bsH IPSec vx

IBM SecureWay Firewall 4.1!B 3_-DES O#-, u luG vx;

wTOB bsH IPSec vxL V@OY. LB GQ )/ IBM -v W

slMMG s# 6[ !I:S8 FOs u lu& vxOB 9: q-IBM

VPN &0; vxUOY.

k* Y_AN<-(SMP)

Firewall gkZB .ez :I bs; 'X RS/6000G Y_AN<- b

I; gkR v V@OY.

JM bs

x Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv

JMB 8:!- u *: :I; &xR v V5O bsGz@OY. JM

T"G Y% /|; #; '!& 1CO) FirewallG :I; 6$R v

V@OY. L \!5, ,a; gkOB =v! bOKOY.

3$ 6}g

6}gB IBM SecureWay FirewallG Jb 8:; vxUOY. L 3$

6}gB u gkZ! IBM Firewall 3! LD! b; Firewall 8:;

C[Om ESOT G`R v VT UOY.

W.v) 8H (gb

W.v) 8H (gb(NSA)B W.v) -vM Firewall!- 8H 4L

* 8: @y& !KUOY. LB u |#m u _mOT bsGz@OY.

6On! kQ Z9n vx

6On! kQ Z9n vx: L& jszn, w#u%n, 5n, A{:n,

L;.Fn, O;n, Q9n, k8n, :dNn W.m _9n \! _!N

&xKOY.

W.v) VR //

W.v) VR //(NAT): Y-k-O VR JN; vxR v V5O b

sGz@OY. L1 JN: )/ LnO VR GB g3 VR!- w. x

#& gkO) m/Q JN; [:OB nOH {}Q VRN Lgn}O

Y.

AIX W Windows NT !- vxOB xk bI

Security Dynamics ACE/Server

Security Dynamics ACE/ServerB NuG N !v dN; &xUOY. L

bI: bsGm ag{N gm* mG! GQ 'T8NNM W.v)M

%LM Zx; 8#UOY.

8H ^O AOC bs

IBM Firewall 8H ^O AOCB Y=z 0: u bI; wTO) u

m bsGz@OY.

v KAx SPAMers(&\ qO)G ^Cv w\, ^Cv /?:z @d !

I:! kQ Ku .N(xOv JB ^Cv& w\OB KAx f}),

L %! kO) xi

^O ^Cv0 vEN v! kX 8: !IQ Qh, Vk ^Cv )b

! kQ 8: !IQ Qh n; wTOB ]-SPAM Km.r

v -BQ Nu ^?OrzG kU; wTOB anti-spoofingvx

v SNMP .& vx W MADMAN MIB ! kQ vx

v Firewallz Domino #! ^Cv& ,S8N _{R v VB bI; w

TQ ^Cv _{

Socks ANd] v| 5 bs

Socks ANd] v| 5B gkZ ID-O# Nu(UNPW), 5|/@d Nu

(CRAM) W.m Nu C/WN; wTOb 'X wW9LeGz@OY.

bO: gkZ!T NW ^Cv& PyOm bO 9'; v$R ' u 9

: &nG; &xOb 'X bsGz@OY.

HTTP AOC

IBM SecureWay Firewall: IBM WTE(Web Traffic Express)&0;

b]8N Q O|OT .a HTTP AOC 8v; &xUOY. HTTP A

OCB IBM Firewall; kX jslz d;; ?2{8N 3.OGN %

#F8b!- socks-v! JdxT KOY. gkZB ;N W.v)G 8

H; UsC0v Jm NM]!- /kQ $8& W<:R v V@OY.

jslzB HTTP AOC& gkR v V5O 8:Gn_ UOY.

SecureWay k MIMEsweeper 2.0

MIMEsweeper!B MAILsweeper 4.1_2, WEBsweeper 3.2_5W.m

WEBsweeper 1.0_2G 3 !v Vd 8:dR! V@OY. ON bs: Y=z 0

@OY.

MAILsweeper

SMTPk MAILsweeper 4.1_2B Content TechnologiesG VE MIMEsweeper

&08NG Vd wW9LeTOY. LB Y=z 0: u bI; &xUOY.

v gkOb ,n h~{ $% 86B {UQ 6w{ 9'!- 30 gkZnv p

N $%; {kR v VB 6k:; &xUOY.

v jw %X W!H gkZ NMdL:(GUI)B RA.~n 8:, $% [: W |

. [w; \x-UOY.

xii Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv

v u PR |^ bI: v| 4G h~{ $% 8vG bITOY. vENL )/

mN ^Cv! kX $%: " vEN!T {kKOY. GQ; N) ^: vE

N: ^Cv& ^B ]i GQ; N) ^v xQ vEN: ENKOY.

v Y_ :9e ^Cv 3.B 3..; bsC0m @y! O* LsG :9e!

- _}R ' *Sv :9e& kX ^Cv 3.& hS x`R v V5O O

) _mT; _!R v V@OY.

v b8 x^w<G YL/: fv &0z ,hO) MAILsweeperB YL/: _

_ W ^CvM 7N $. bI; &xUOY.

v NEAR, AND, NOT W.m OR %v; gkOB m^ X:. P.: ^Cv

8.L* 86& b]8N Q w}{Lm ?z{N C*.@ [:! Vn- v

;- 6k:; &xUOY.

v ODBC #/ !I %LM#L:! %LM& |[OB bsH (g x.

v RJdQ L^O; |[OB M8N KAx gL.& *-OB RBL(Real-Time

Black List) -v& vxUOY. MAILsweeperB L qO! VB #:.MG

,a; ENR v V@OY.

v Content SecurityB L^O .!HG EB{N 8m-/W!A/w.& kX |.

OB ML u 1@OY.

v LDAP p:d.MG kU

v DSN(Delivery Service Notification): L& SNMPM NT f8b& vxUO

Y.

WEBsweeper

v _! :I bs: %LM 3. S5& bsC5OY.

v HTTPM FTP .!H! kQ YL/: :3JM T2 [wUOY.

WEBsweeper HTTPS

v WEBsweeperB L& u HTTPS AOC VgG; kX % b]G |Z sE

! @k ANW%! kQ O|Q vx; &xUOY.

L %! kO) xiii

SurfinGate 4.05

SurfinGatebs!B Y=L wTKOY.

JavaScript ;k Kg

SurfinGate 4.05B ag{8N .&& O83 v VB JavaScript[w;

#F8m 8g 8H $%z f9OB JavaScript& _vUOY. SurfinGate

4.05& kX |.ZB VisualBasic :)3.M m0! kQ :6. JM

5z T2 JavaScript, JavaW.m ActiveX! kQ $%; _S!- 3

$Om -& {kUOY.

S+ _d :I pOM5

SurfinGate 4.05!B q$s{N ?[(9& in, 18S @y); __O

m eVG fl SurfinGate& YC C[OB Z? xL in V@OY. L

B S+ _d 5*!- _dQ 8H bITOY.

u!H $% |.

SurfinGateB Z? w\; 'X P.Gv J: VC4 ANDO; %LM

#L:! TBUOY. |.ZB VC4/&n qO; m}R v V@OY.

FTP W SSL ANd] vx

SurfinGate 4.05B pt Ze! kX FTP(File Transfer Protocol)$N

; pOMOi- p#B gL! NM]! "n in% v VB Ze& (

CUOY. FTP \! SurfinGateB pt Ze! kX HTTP .!H; p

OMOm HTTPS .!H; _! e!N |^UOY.

Firewall HTTP AOCMG C/WN kU

SurfinGateB AOC <N!- AOCN [?OE* Windows NTk

FirewallG WTE! VB C/WN; kX AOCN [?UOY.

xiv Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv

&1e SecureWay Boundary Server 3d

L 9&B MAILsweeper, WEBsweeper, Policy DirectorW.m SurfinGate8

:dR& gkO) Firewall; gkOB ,sLp.M -v #! % .!Hz ^

O; pOMOm fN v$OB 53G v):WLG; 8)]OY. L 9&!- G

&N P.H 53G v):WLG; gkUOY.

W2 1. IBM SecureWay Boundary Server8: 9&

© Copyright IBM Corp. 1999 1

O]{N SecureWay Boundary Server 9&

VR 3$; 'X Y=z 0: C:[; gkOB ML YwwUOY.

% 1. Boundary Server8:dR &0; 'Q Oe~n d8gW

&0 C:[

IBM Firewall Windows NT GB AIX

MAILsweeper Windows NT

WEBsweeper Windows NT

SurfinGate Windows NT

SecureWay Boundary Server& fPw 0kOAi W.v)! SecureWay Policy

Director! Vn_ UOY. L& kX Firewall AOC gkZ& SecureWay

Directory(LDAP)! zeR v V@OY.

HTTP 9&(Windows NT Firewall): O]{N C*.@!- NM] ;k! k

Q HTTP d;: ,sLp. C:[!- C[UOY. d;: Uz WEBsweeperN

L?UOY. FtYne fN!- d;: WEBsweeper! GX Firewall HTTP A

OCN AOCKOY.

Firewall HTTP AOC!- gkZB NuKOY. LML ,sLp. <GG 9 d

;Li gkZ ID/O#& TBX_ UOY. gkZ IDB Policy Director!- |

.OB LDAP %LM#L:! VB ,sLp.G 8H $%; #B% gkKOY.

,sLp.! kQ HTTP Nu $%z TBH O# .N az! {s d;; E

NOE* hS x`O5O ckR v V@OY. Nu [w!-B LDAP %LM#

L:* Security Dynamics ACE-v& u W<:X_ GB fl5 V@OY. 0

: <GG DS d;! kX jslzB gkZ ID/O#& Z?8N &xUOY.

,sLp.!- gkZ ID/O#& d8Ov Jv8 9 d;z 0: AN<:& k

X " d;: hS NuKOY.

&kN NuH fl d;: NM]!- d;H -vN AOCKOY.

Firewall HTTP AOC!- NM] -vG ;k; YC vEOi SurfinGateC

/WN!- L& 6gUOY. LDAP %LM#L:!- r: gkZG Wl $8

B $% a$G bX8N o; v V5O C/WN!- gkR v VT KOY. ;

k! SurfinGate!T _dQ ;kL x8i LB VRQG 3. @vleM T2

C/WN; |#T kzUOY. JavaScript! in VB ;k: C/WN!- J

2 Windows NT® W AIX k IBM SecureWay® Boundary Server:C[!- v`nv

MKOY. Java* ActiveX! in VB ;k: SurfinGate-vN |^Gn JM

Gm JMH ;k: Firewall HTTP AOCN .OKOY. SurfinGate C/WN

3. azN ;k: YC WEBsweeper-vN |[KOY.

;kL YC WEBsweeper-vN 9F@i WEBsweeper$%! {s JMGm

,sLp.N YC .OKOY.

HTTP 9&(AIX Firewall): AIX !- .!HG e': AIX Firewall!- gk

R v VB SurfinGateC/WNL xB fl& &\OmB ;z{8N ?OUO

Y. W/GN, SurfinGate-vB ,sLp.!- Firewallnv Lgnx AOC <

N!- AOCN 3$Gn_ UOY. WEBsweeperB d;; w" Firewall HTTP

AOCN |ÔB kE SurfinGate -vN |Ô5O 3$Gn_ UOY. W/

i SurfinGate-vB d;; Firewall HTTP AOCN |Ô5O 8:X_ U

OY. SurfinGate-v!- Wl $8& gkR v x8GN $% a$: IP VR

8; bX8N o@OY.

Ô 9&: MAILsweeperB Ô TL.~LN 3$KOY. MAILsweeper -v

! 5xOB Ô: Y= Ô -vN |^Gb |! W ;kL JMKOY.

8H Ô -v6Y ,sLp. Ô d;; MAILsweeper -vN |Ô5O 8

:X_ UOY. Firewall Ô 3/b& 8:O) vE Ô; MAILsweeper -

vN |^X_ UOY.

MAILsweeperB VR! \N 5^N8N Gn VB Ô; Firewall Ô 3/

bN |[R v V5O 8:Gn_ UOY. MAILsweeperB VR! ;N 5^N

8N Gn VB Ô; CY% 8H Ô -vN |[R v V5O 8:Gn_ U

OY.

&1e SecureWay Boundary Server3d 3

&2e IBM SecureWay Boundary Server R3

; e!-B SecureWay Boundary Server3d& &xOg Y=z 0: =G8

N Lgn. V@OY.

v :SecureWay Boundary Server$G;

v 6 dLvG :SecureWay Boundary Server! JdQ L/;

v 6 dLvG :FirstSecure! SecureWay Boundary Server& B_B f};

v 6 dLvG :SecureWay Boundary ServerG 8:dR;

SecureWay Boundary Server $G

IBM SecureWay Boundary ServerB 3=8N O.Q fh 8H VgG; QZ

.! pF uR@OY. SecureWay Boundary ServerB Firewall 8#, VPN(virtual

private network)W.m Content Security& &xUOY. SecureWay Boundary

ServerB 8H jwG bz; IBMG vxz -q:N ^^'GB kUH VgG

V pF uR@OY. L VgG!B Y=L in V@OY.

v IBM SecureWay Firewall 4.1(Security Dynamic ACE/ServerwT)

v Content TechnologiesG MIMEsweeper

– MAILsweeper 4.1_2

– WEBsweeper 3.2_5

– WEBsweeper HTTPSAOC 1.0_2

v FinjanG SurfinGate 4.05

– SurfinGate-v

– SurfinConsole

– SurfinGate%LM#L:

– Windows NT 1.0k WTE kU! kQ SurfinGateC/WN


SecureWay Boundary Server ! JdQ L/

8H fhB #vOn5 W N{ Zxz 0: N- #, ;g W.v)M vg #,

g; W.v)M NM] #, 8gG % @k ANW%z m4 #, g; W.v)

* @k ANW%z 5w D.J # n pg w! JdUOY. fh 8H: W.

v), @k ANW% W $8& 8#R S8 FOs W |'& .eOb5 UO

Y. {}Q fh 8H!-B W.v)& W<:R v VB ZM W.v)!- T

BGE* bBGB $8& &nR v V@OY.

FirstSecure ! SecureWay Boundary Server & B_B f}

IBM SecureWay FirstSecureB kUH &0G P0vTOY. LB NM]z b

8 W.v)!- LgnvB W.v7G pg xi; 8HR v V5O w}{N

A9Sv)& &xUOY. LB vg uZQ M '! s# [k !IQ pbG f

D8N 8`Om 8H e-businessR/GG Q qk; VR-OB% 5r; ]O

Y. LB YL/:NNM 8#X Vm W<: &n, .!H ;k &n, O#-, p

vP Nu, Firewall, x6 W.m 8v -q:& &xUOY.

Boundary ServerB FirstSecure! BB &0 P0vTOY. LB ag{8N /

XQ YL/:(86 YL/: :5 &0 gk), JavaScript, JavaVC4, ActiveX

&n W.m JdxB L^O(SPAM); w\R ' gkR v VB NM]! k

Q fh& 8lOY. Boundary Server& !vm NM]!- W.v)N TBR ;

k; $.OT &nR v V@OY. SecureWay Policy Director& gkOi

Firewall AOC gkZM W Nu $%; |.R v V@OY.

SecureWay Boundary Server G 8:dR

SecureWay Boundary ServerG 3!v 8:dRB IBM Firewall, MIMEsweeper

W SurfinGateTOY. SecureWay Boundary ServerB IBM SecureWay Policy

DirectorM kUKOY.


IBM SecureWay Boundary Server 3d

IBM SecureWay Boundary ServerB + TpG 6wL W #MAsLn& m4,

x^wZ W.m D.J!T H|OT 3fO) |Z sE!! Vn- JdQ 8

#, W<: &n W.m Content Security& &xUOY. bI!B Y=L wTK

OY.

v W.v)! kQ Firewall 8#

v W.v)G |'& .eOb 'Q VPN(Virtual Private Network)

v 8gG %LM, LLv W.m EZ5M }j:; 8#Ob 'Q L^O W %

.!H! kQ ;k :3J

SecureWay Boundary ServerB W P_!- VmG bz; IBMG vxz -q

:N ^^'GB kUH VgG! pF uR@OY. LB AIX M Windows NT

n5 <&!- gk !IUOY.

SecureWay Boundary Server bI

SecureWay Boundary ServerB P6 JM5, AOC W Socks -v bzz

Content Security& {kO) W.v)M C:[; {bm 8#UOY. L1 bz

; kX |.ZB W.v)M Vm ^; v VB %LM& mC{8N $GR v

V@OY. LB ″-q: x]G EN″M X?! W.v)! 'TO) {}Q G+

& &QOv xO5O fvOB% 5r; ]OY. SecureWay Boundary ServerB

VPN VgG; &xO) x] -vM p) p)& NM] b] VgG8N k<

R v VT UOY.

Policy Director, SecureWay Boundary ServerB _S $% b] h9; gkO

) gkZ Nu; &xUOY. SecureWay Boundary Server!- YL/: fv

RA.~n& gkO) gkZ gL.& YL/:NNM 8#R v V@OY.

IBM SecureWay Policy Director 3d

Policy DirectorB v.{8N PjGn VB N.s]z ":.s]!- Zx;

O.OT 8HOB 63| GQ N) W 8H |. VgGTOY. ":.s]: W

<: &nM 8H bI; gkO) 1CH !TZ! NM]! "SH O* LsG

N.s]; gkOB fl W |'& &QOB VPN(virtual private network)T

OY. Policy DirectorB Nu, GQ N), %LM 8H W.m Zx |. -q:

&2e IBM SecureWay Boundary ServerR3 7

& &xUOY. Policy Director& %X NM] b] @k ANW%z ,hO) H

|Om _ |.H N.s]z ":.s]; 8`R v V@OY.

IBM SecureWay Policy Director bI

SecureWay Boundary ServerM T2 gkOB fl IBM SecureWay Policy

DirectorB AOC gkZ $%z Nu $8G ze5*; &xUOY.

IBM SecureWay Firewall 3d

IBM SecureWay Firewall: W.v) 8H ANW%TOY. Firewall: O* L

sG g3 ;N 8H W.v)M b8 W.v)* NM] #G w\7TOY.

Firewall: xOv JE* GQL N)Gv J: kEL 8H W.v)! in!

E* *@v J5O 7F]OY.

IBM SecureWay Firewall bI

IBM SecureWay Firewall: 8#H W.v), NM] W.m b8 W.v) <

. #! LgnvB W<:& &QUOY. LB GQ Y=; vÙOY.

v E_w &nH wN.! gwiL in!v xO5O &QUOY.

v x]Z! b8 fn7! "YOv xO5O 7@OY.

v gwiL E_w &nH wN.!- *@v xO5O &QUOY.

v ;N Firewall: GQL N)Gv J: wxL _dQ ;N $8! "YOv x

O5O P.UOY.

v W.v)! in!E* *C v VB .!H; &QUOY.

MIMEsweeper 3d

MIMEsweeperB |Z lmL* ye MLe %; kX Firewall; kzOB %

LM& P.O) Content Security& &xUOY. Content Security& kX 6w

: LÔz ye MLe % gk! |CH w+ .&& ?z{8N |.R v V

@OY. L1 .&B W.v) kU:z w+ kU:8N *- v V@OY.

W.v) kU: JM58N Y=; v`R v V@OY.

v vE GB [E LÔ! VB YL/:& D0Om &EUOY.

v xOv JB DO /|; JMUOY.


v J+ + DO; |.UOY.

v $<* Ô QU x]8N NQ -q: /GNNM W.v)& 8#UOY.

w+ kU: JM58N Y=; v`R v V@OY.

v bP )3z E! bPG /G; 7@OY.

v {}Q G+G kb; &QUOY.

v wxL LÔz ye MLe % -q:& _x gkO) /GGB g; YT

OY.

v _x gkOE* {k{N x]8N NQ W.v) -q: /GNNM 8#UO

Y.

W.v) kU:; 'yOi %LMB QUGE* vvvm LÔ e': _\G

g C:[ Oe~n! QUI v VGN, L pg M! GX W.v)! _\Gm

}j:L zOGg qQ $. W 98 qkL iT KOY.

W/* w+ kU:; 'yOi N@ u D+{Ln- v;- }{ qkL iT G

m v{ nO$8! /GGg 8gG m:z EZ5! 8]; TT KOY. w+

kU: .&B w+& $vC3 v V@OY.

MIMEsweeperB 6w!- LÔz NM]; gkO) _}OB W.v) W w

+ kU: .&NNM 6w; 8#OB wh& 15OB &0TOY.

MIMEsweeper bI

MIMEsweeperB Y=; v`R v V@OY.

v {}Q ENZ& FtYne Ô! _!UOY.

v bP .-M %LM& 8#UOY.

v LÔz % b] gkZ!T GQ; N)Om &nUOY.

v {k{N Za& ].OE* w\UOY.

v RJdQ LÔ; w\UOY.

v 7N& :5Om {UQ ;k; YnNeUOY.

v YL/:M /XQ Ze& _vUOY.

v N{}Q % dLvM gL.& w\UOY.


v 8m, NW W 88UOY.

SurfinGate 3d

SurfinGate 4.05B w+ .#hG! NM], ":.s] GB N.s]; gkO

B pg w+G pt Ze 8H xTOY. JavaScript& wTQ pt ZeG ;k

Kg& kX SurfinGateB {k{LE* jw 88 0?, %LM v$ W.m $

8 h&& wTQ Nv RD#G QU8NNM D;M W.v)& 8#R v V5

O vxUOY. SurfinGateG ;k Kg AN<:B _dQ Zx!- 3n. VB

TL.~L 9'!- Java, JavaScriptW.m ActiveX pt Ze ;k; KgO

m !IQ 8H )v& K.B Ze! m/Q IDM VC4 8H ANDO(ASP)

; RgUOY. SurfinGateB ag{8N .&& O83 v VB Ze! W.v)

! in !b |! L& D0UOY.

SurfinGate 4.05!B 4!v 8:dR! V@OY.

v SurfinGate-v

v SurfinConsole

v SurfinGate%LM#L:

v Windows NTk WTE kU! kQ SurfinGateC/WN

SurfinGate-vB HTTP AOC -vN [?UOY. SurfinGateB Firewall HTTP

AOCM WEBsweeperAOCM T2 AOC <NG ONN h!R v V@OY.

Windows NT! kX L& Firewall HTTP C/WN! kQ C/WN8N gk

I v5 V@OY. C/WN8N gkGB fl SurfinGateB d;OB AOC g

kZ! kX Wl $8& !.IOY. SurfinGateJM5 $%: L Wl $8&

bX8N UOY. L 86!-B C:[ x]L _}Ob |! pt Ze .!H

; $vOm KdR v V@OY. L 8:dRB 8g 8H $%0N 8#& &x

UOY.

SurfinConsole: pt Ze! kX _S 8g 8H $%; |.Om 3$OB g

kZ!T #wQ NMdL:TOY. SurfinConsole: W.v)!- )/ SurfinGate

-v& &nR v Vm gkZ* Wl0 8g |]! ID GB gkZ 3! qO

L* ck RI W ck !I Ze& kX pt Ze T"; -& G`R v V@

OY.


SurfinGate %LM#L:B gkZM Wl W.m W Xg 8H $%! |Q $

8& wTO) VC4 8H ANDO(ASP)G <NgW; zeUOY. %LM#L

:B ;eH W<: %LM#L: #xL* b8G Oracle %LM#L:& gkR

v V@OY. SurfinGateB pg pt ZeG ;k; ?{8N 6gOGN %LM

#L:B 8H! Jd xv8 kTpG 6[!- :I bs! 5r; ]OY.

SurfinGate G bI

SurfinGateB Y=; &xUOY.

v JavaVC4, ActiveX &n, JavaScript! kQ TL.~L 9' ;k 6g -

v

v GC# pOM5, ?{ 6g

v % b] pt Ze! kQ 8H $% -& G`

v ″pt Ze″(9& in, JavaVC4, ActiveX &n, JavaScript, Visual Basic

:)3., C/WN, m0)G 6g

SurfinGateB AOC <N!- GB Windows NTk FirewallG WTE C/WN

; kX AOCM T2 [?R v V@OY.


&3e SecureWay Boundary Server & 3!Ob |!

; e!-B 6}g& gkO) SecureWay Boundary Server3!& XqOB

f}; 8)]OY. LB Y=z 0: =G8N Lgn. V@OY.

v :Xq f};

v 16 dLvG :SecureWay Boundary Server;

Xq f}

; =G!-B SecureWay Boundary ServerG 8:dR& XqOB f}; 8)

]OY.

SecureWay Policy Director MG kU

Windows NT* AIX !- b; IBM SecureWay Policy Director& 3$OAi

Y=; v`OJC@.

1. n5 <&! Policy Director& vxR v V5O &kN 8:Gn VBv .

NUOY.

2. |3 d8gW! !e _ BB -v 8:dRM L1 8:dR& 3!R C:

[; a$UOY.

3. DCE ON86! xB fl!B L& 3!Om 8:UOY.

4. SecureWay Directory(LDAP)& 3!Om 8:UOY.

5. ,sLp. Nu-& NuOB fl!B CAS(Certificate Authorization Service)

& 8:UOY.

6. NetSEAT ,sLp.& 3!UOY.

7. Policy Director -v 8:dR& 3!UOY.

8. |. \V; 3!UOY.

Policy Director! kQ Z<Q ;k: Policy Director Up and Running 3.0;

|6OJC@.


SecureWay Firewall

Windows NT* AIX !- b; IBM Firewall; 3$OAi Y=; v`OJC

@.

1. 19 dLvG :SecureWay Boundary ServerG Oe~n d8gW;! *-H

d8gW; ._m VBv .NUOY.

2. IBM Firewall 3$; h9UOY. L. gkR Firewall bIz W k5& a

$UOY.

3. Firewall!T W.v) 8H; 'X W NMdL: _ n2 ML ,aGn V

Bv KA]OY. FirewallL &kN [?OAi 8H NMdL:M q8H N

MdL:! Vn_ UOY. 8: ,sLp. =v ..!- C:[ |. zu

& -m NMdL:& -/ Firewall! VB W.v) NMdL: qO; >

OY. NMdL:G 8H sB& /fOAi NMdL:& 1COm /f; )

(OY.

V: NM]! "SOAi ISP(Internet Service Provider)! ,aO) Firewall

q8H NMdL:G nOH IP VR& .8UOY.

4. C:[ |. zu!- 8H $% k- sZ& W<:O) O] 8H $%; 3

$UOY. O]{N, Firewall 8:! kX

v DNS 68& ckUOY

v q8H NMdL:! kQ jNe3:. ^Cv& ENUOY

v q8H npM! kQ Socks& ENUOY

5. 5^N L' -q:M ^O -q:& 3$UOY. DNS Xs5& &xOv J

8i ?2{N kEL Lgnvv J@OY. 8: ,sLp. =v ..G C

:[ |. zu!- L1 bI; W<:UOY.

6. 8: ,sLp. =v ..G W.v) @j'. bI; gkO) Firewall!

-G W.v)(i) Vd dR& $GUOY. W.v) @j'.B Firewall; k

X .!H; 6}UOY. Y= Vd dR& W.v) @j'.N $GOJC@.

v FirewallG 8H NMdL:

v FirewallG q8H NMdL:

v 8H W.v)

v 8H W.v)!-G " -jW.


v XgOB fl Security Dynamics-vM Windows NT 5^N -v!

kQ #:. W.v) @j'.

7. Firewall!- -q:& gkR v VT UOY. LB 8H W.v)! VB g

kZ! q8H W.v)& W<:R ' gkOB ^Re(9& in, socks G

B AOC)TOY. 8vGB -q:B h9 \T!- LgnvB a$! GX

^s}OY. -q:& 8vR ' /$ /|G .!H; ckOAi ON ,a

8:; 3$X_ UOY. 9& in, 8H gkZ! HTTP AOC& gkO)

NM]G %; =vR v VT OAi FirewallG HTTP AOC pU; 8:

R S8 FOs ,a; 3$O) HTTP .!H; ckX_ UOY. Policy

Director& 3$OB fl 13 dLvG :SecureWay Policy DirectorMG k

U;& |6OJC@.

8. Windows NT |k: um nAvvB AN<:! GX NETBIOS& gkR

v xT GGN Nu!- Windows NT 5^N O#& gkOAi NuOb

'X EZR v VB Windows NT 5^N; =vR v VB bI; 8vO

B Windows ,sLp. Ze& 8:X_ UOY. EZR v VB Windows

NT -v!B TCP/IP #:. L'z VR! Vn_ Og LM Firewall gL

!B TCP/IP ,a:L Vn_ UOY. Firewall |.ZB Firewallz EZR

v VB Windows NT -v& ,aO) -N #! .!HL e#5O X_ U

OY.

9. W.v) VR //; gkOB fl Uz ISP! "SO) Y-k-O VR /

/! gkR nOH NM] VR& .8OJC@. L VRB 14 dLvG 3 \

h!- d;Q VR! _!Q MTOY. W1 D NAT 8: _! PNN L?

O) nOH NM] VR& Y-k-O IP VR Je! _!OJC@.

L1 \h& v`Oi b; Firewall 8:L G`KOY. IBM Firewall: W.v

) 8H; .NR v V5O C:[ NWM 0: b8 bI; &xUOY.

FirewallL $s{8N* q$s{8N >aOB fl 8: %LMB Oe esL

j! zeGm YC NCR ' Z?8N YC 0:-GGN 5b; ^v J@O

Y. W/*, 0:-H FTP <Gz 0: ON 0:-H ,aL NM4.Gz=; K

AVB /$ Firewall NW ^Cv! _}UOY.

&3e SecureWay Boundary Server& 3!Ob |! 15

SecureWay Boundary Server

SecureWay Boundary Server6}g& gkO) Policy DirectorM kUOb '

X gkZ |.!- IBM SecureWay Policy Director& gkR v V5O Firewall

; 3$UOY. 1C{8N, L 6}gB Firewall HTTP AOC& 8:O) Nu

$8& SurfinGateC/WN(Windows NT |k)! |^UOY.

Firewall! kX IBM SecureWay Boundary Server& 8:R ' JdQ $8B

Y=z 0@OY.

v FirewallL gkR IBM SecureWay Directory-vG #:. L'z 5^N.

v IBM SecureWay Directory-v! ;kOB w.G v. b; w.B 389TO

Y.

v IBM SecureWay Directory-vG SecurityMasterO#.

v L Firewall!- AOC gkZ& 8POb 'X gkOB 5^N L'. L L

'; gkOB pg Firewall: 0: gkZ <.& |.UOY. O]{8N,

Firewall C:[G O|Q #:. L'; gkOT KOY.

v SecureWay Directory! zeH AOC gkZ& W<:R ' gkOB Firewall

|.Z L'. L L': SecureWay Policy Director!- [:H pg AOC

gkZ& v$R v V5O W<:! ckKOY. Firewall C:[G O|Q #

:. L'; gkX_ UOY.

v IBM SecureWay Directory! %LM#L:!- Firewall gkZ =v; C[

OB g.N gkOB DN(Distinguished Name).LB Policy Director gk

Z& zeOb 'X SecureWay Directory!- [:Q "LgLn_ UOY.

v IBM SecureWay Directory-v! ,aR ' gkR FirewallG |.Z ID

G O#.

Firewallz SecureWay Directory-v gL! .!HL e#5O ,a; [:X

_ UOY.

19 dLvG :SecureWay Boundary ServerG Oe~n d8gW;! *-H d

8gW; ._m VBv .NUOY.


SurfinGate

SurfinGate& gkOAi Windows NT Service Pack 5! 3!Gn Vn_ U

OY. 19 dLvG :SecureWay Boundary ServerG Oe~n d8gW;! *-

H d8gW; ._m VBv .NUOY.

Y=; vÒ) SurfinGate& gkOJC@.

v Oracle %LM#L:& gkOB fl L& 8:X_ UOY.

v Windows NT Firewall; gkOB fl C/WN; gkR MNv FOi A

OC pe& gkR MNv a$X_ UOY.

v WTE!- SurfinGateC/WN; gkOAi Firewall C:[! SurfinGateC

/WN; 3!Om SecureWay Boundary Server6}g& 3!UOY.

v SurfinGateC/WN!- SurfinGate-vN .!HL e#5O OAi ,a;

[:X_ UOY.

MIMEsweeper

MIMEsweeper& gkOAi W.v)G [? f}; LXX_ UOY. 19 dL

vG :SecureWay Boundary ServerG Oe~n d8gW;! *-H d8gW;

._m VBv .NUOY.

MAILsweeper

MIMEsweeper& 8:OB fl MAILsweeperM WEBsweeper& -N Y% C

:[! 3!X_ UOY.

MAILsweeper& 8:Ob |! Y= [w; vÒJC@.

v ;N{8N gkOB Ô 5^N; a$UOY. MAILsweeperM Firewall ^

O 3/bB ""G Ô 5^N! kX Ô; ^; v V5O 8:Gn_ U

OY.

v 5^N; vxOB 8H Ô -v& a$UOY. MAILsweeperB VR! ^

O 5^N8N Gn VB Ô; CY% 8H Ô -vN |[R v V5O

8:Gn_ UOY.

&3e SecureWay Boundary Server& 3!Ob |! 17

:

:

v MAILsweeper -vG VR& a$UOY. ""G 8H Ô -vB ;N ,s

Lp.!- vEQ Ô; MAILsweeper -vN |^R v V5O 8:Gn_

UOY.

v FirewallG VR& a$UOY. MAILsweeperB VR! \N 5^N8N Gn

VB Ô; Firewall Ô 3/bN |Ô5O 8:Gn_ UOY.

WEBsweeper

WEBsweeper& 8:Ob |! Y= [w; vÒJC@.

v WEBsweeper-vG VR& a$UOY. LB W.v)G " ,sLp. % j

slz!- JdUOY. jslzB WEBsweeper-v& HTTP, FTP W.m

HTTPSG AOCN gkR v V5O 8:Gn_ UOY.

v FirewallG 8H NMdL: VR& a$UOY. WEBsweeperB AOC d;

; Firewall! sVOB HTTP AOCN |^R v V5O 8:Gn_ UOY.

v ,sLp.! % ;k JM5; }+Ov J5O OAi Firewall!- ,a; 3

$O) WEBsweeperW/GB SurfinGate -v! kQ AOC W<:& &Q

X_ UOY.


&4e IBM SecureWay Boundary Server(SBS) d8gW

; e!-B SecureWay Boundary ServerG VRQG d8gW; &xUOY.

SecureWay Boundary Server G Oe~n d8gW

Boundary Server8:dR &0! kQ Oe~n d8gW: Y= %! V@O

Y.

% 2. Boundary Server8:dR &0; 'Q Oe~n d8gW

Boundary Server

8:dR

bh /| p:) x# ^p. b8

Policy Director N/A 64 MB 16 MB N/A

IBM Firewall v Windows NT:

266 MHz Ls

v AIX: 4.3.2& vx

OB RS/6000 C

:[

Windows NT: 200

MB

AIX: 200 MB

Windows NT: 64

MB

AIX: 128 MB

W.v) NMdL:

+e(NIC) 23

ACE/Server v Windows NT:

166 MHz Ls(\

O AN<-8)

v AIX: AIX 4.2 &

vxOB bh

v b; -v RA.

~n: 50 MB

v iw -v: 22MB

v Jb gkZ %L

M#L:: 4MB

v 3!: 240MB

VR: 32MB G& boe! Jd

.: gkZ v!

{s Y(OY.

MAILsweeper Windows NT: 400

MHz LsG AN<

-

1 GB 128 MB N/A

WEBsweeper Windows NT: 450

MHz LsG AN<

-

1 GB 128 MB N/A

m<} /f! kQ

WEBsweeper C:

[ d8gW

Windows NT: 450

MHz LsG AN<

-

3 GB 512 MB N/A

SurfinGate 4.05

Server

Windows NT: 233

MHz LsG AN<

-

20 MB 256 MB N/A


% 2. Boundary Server8:dR &0; 'Q Oe~n d8gW (hS)

SurfinGate 4.05

Console

Windows NT: 233

MHz LsG AN<

-

15 MB 64 MB N/A

V: Z<Q ;k! kX-B AIX k IBM SecureWay FirewallL* )/ pn!

kQ Windows NT v| 3$ W 3!& |6OJC@. GQ, Netscape

Browser! kX-B p:) x#L 138 MB JdUOY.

SecureWay Boundary Server ! kQ RA.~n d8gW

Boundary Server8:dR &0! kQ RA.~n d8gW: Y= %! V@

OY.

% 3. Boundary Server8:dR &0! kQ VRQG RA.~n d8gW

&0 Windows AIX b8

Policy Director -v Service Pack 5! 3!H

Windows NT v| 4.0

4.3.1 N/A

IBM Firewall Service Pack 5! 3!H

Windows NT v| 4.0

4.3.2 N/A

SecureWay Boundary

Server

IBM SecureWay

Firewall 4.1

IBM SecureWay

Firewall 4.1

N/A

MAILsweeper Service Pack 5! 3!H

Windows NT v| 4.0,

Internet Explorer 4.01

Ls, Microsoft

Management Console

1.1, NTFS esLj,

Windows Messaging

N/A gkR YL/: fv x

WEBsweeper Service Pack 5! 3!H

Windows NT v| 4.0

N/A gkR YL/: fv x

SurfinGate Server Service Pack 5! 3!H

Windows NT 4.0 v|

N/A N/A

SurfinGate 4.05

Console

Service Pack 5! 3!H

Windows NT v| 4.0

GB Windows 95

N/A N/A


&5e SecureWay Boundary Server 3! W 8:

; e!-B Windows NTM AIX !- SecureWay Boundary Server& 8:O

m 3!OB f}; KA]OY.

v :SecureWay Boundary Server8:dR 3!;

v 24 dLvG :SecureWay Boundary Server8:dR 8:;

v 34 dLvG :'T w\;

SecureWay Boundary Server 8:dR 3!

; =G!-B Windows NTM AIX k IBM SecureWay Firewall, SurfinGate

W.m MIMEsweeper& 3!R v V5O 5M]OY.

SecureWay Firewall 3!

Windows NT W AIX k IBM SecureWay FirewallV kQ Z<Q ;k: 13

dLvG :Xq f};; |6OJC@. LB 8H NMdL:& $GOB f}, 8

H $%; a$OB f} W.m W.v) @j'.& $GOB f}; 3mUO

Y. SecureWay Firewall3!! kQ Z<Q ;k: IBM SecureWay Firewall

Installation Guide for AIXW IBM SecureWay Firewall Installation Guide for

Windows NT& |6OJC@.

SecureWay Directory 3!

SecureWay Boundary ServerG LDAP bI; gkOB fl SecureWay

Directory& 3!X_ OB% IBM SecureWay Policy Director Up and Running

3.0; |6OJC@.

SecureWay Directory-vB gkZG Firewall 8H ;N! '!X VE*

Firewall 8H DMZ! V@OY.


SecureWay Policy Director 3!

SecureWay Boundary ServerG LDAP bI; gkOB fl SecureWay Policy

Director& 3!X_ UOY(IBM SecureWay Policy Director Up and Running

3.0 |6).

SecureWay Boundary Server 3!

Windows NT!- SecureWay Boundary Server& 3!OAi Y=; vÒJ

C@.

v Windows NTk SecureWay Firewall; 3!UOY.

v SecureWay Boundary Server CD!- setup.exe& GÙOY.

v pn& 1COm .N; )(OY.

v InstallShieldB SecureWay Boundary Server& np! 3!Om M:v /@

OY. Windows NT b; p:d.B C:\Program Files\IBM\SBSTOY.

v YC N.UOY.

AIX !- SecureWay Boundary Server& 3!OAi Y=; vÒJC@.

v AIX k SecureWay Firewall; 3!UOY.

v CD& pTOm SMITTY& gkO) 3!UOY.

v RA.~n 3! W /v8v& 1CUOY.

v RA.~n 3! W ;E; 1CUOY.

v gk !IQ VE RA.~n!- 3! W ;E; 1CUOY.

v TB e!& d8OB fl 1CWq; *-Om CD-ROM esLj& 1CU

OY.

v 3!R RA.~n 1CWq; *-Om sbs& 1CUOY.

v Enter& -/ RA.~n& 3!UOY.

v YC N.UOY.


SurfinGate 3!

SurfinGate!B SurfinGate ServerM SurfinGate ConsoleG N 8:dR! V@

OY. SurfinGateG N 8:dR_ O*& 3!OAi SurfinGate CDG

\docs\install.pdf! VB 3! H;-& |6OJC@.

SurfinGate C/WN

Windows NTk IBM SecureWay Firewall! SurfinGate C/WN; 3!OA

i SurfinGate CDG \docs p:d.! '!Q 3! H;-& |6OJC@.

MIMEsweeper 3!

MIMEsweeper!B MAILsweeper, WEBsweeperW.m WEBsweeper HTTPS

n 3!v 8:dR! V@OY.

MAILsweeper 4.1: NTFS D<G! 3!Gn_ UOY.

MAILsweeper 3!

MAILsweeper& 3!OAi MIMEsweeper CDG \install\MSW4_0_2

\docs\qsg.pdf! VB Getting Started Guide& |6OJC@.

MAILsweeper& WEBsweeper HTTPAOCM 0: C:[! 3!Ov 6JC

@.

MAILsweeper& WEBsweeper HTTPSAOCM 0: C:[! 3!Ov 6J

C@.

WIndows NT CD!- MAPI32.dll; 3!Q D MIMEsweeper CD!-

Microsoft |. \V 1.1; 3!Oi MAPI32.dllG CY% v|L Microsoft |

. \Vz T2 3!H * 9' v|8N cD2)}OY. Microsoft |. \V;

3!Q D ]eC MAPI32.dll v| 4.0 Ls; 3!OJC@. dll: 8k

Windows Messaging8:dR! V@OY.

WEBsweeper 3!

WEBsweeper& 3!OAi MIMEsweeper CDG \install\WSW3_2_5\d

ocs\manual.pdf! '!Q |.Z H;-& |6OJC@.

WEBsweeper& MAILsweeperM 0: C:[! 3!Ov 6JC@.

&5e SecureWay Boundary Server3! W 8: 23

:

:

WEBsweeper HTTPS 3!

WEBsweeper HTTPS& 3!OAi MIMEsweeper CDG \install

\WSWHTTPS1_0_2\readme.txt! '!Q Readme& |6OJC@.

WEBsweeper HTTPSAOC& MAILsweeperM 0: C:[! 3!Ov 6J

C@.

SecureWay Boundary Server 8:dR 8:

SecureWay Firewall 8:

b; IBM Forewall 3$! kX:

1. IBM Firewall 3$; h9UOY. L. gkR Firewall bIz W k5& a

$UOY.

2. Firewall!T W.v) 8H; 'X W NMdL: _ n2 ML ,aGn V

Bv KA]OY. FirewallL &kN [?OAi 8H NMdL:M q8H N

MdL:! Vn_ UOY. 8: ,sLp. =v ..!- C:[ |. zu

& -m NMdL:& -/ Firewall! VB W.v) NMdL: qO; >

OY. NMdL:G 8H sB& /fOAi NMdL:& 1COm /f; )

(OY.

3. C:[ |. zu!- 8H $% k- sZ& W<:O) O] 8H $%; 3

$UOY. O]{N, Firewall 8:! kX

v DNS 68& ckUOY.

v q8H NMdL:! kQ jNe3:. ^Cv& ENUOY.

v q8H npM! kQ Socks& ENUOY.

4. 5^N L' -q:M ^O -q:& 3$UOY. DNS Xs5& &xOv J

8i ?2{N kEL Lgnvv J@OY. 8: ,sLp. =v ..G C

:[ |. zu!- L1 bI; W<:UOY.

5. 8: ,sLp. =v ..G W.v) @j'. bI; gkO) Firewall!

-G W.v) Vd dR& $GUOY. W.v) @j'.B Firewall; kX

.!H; 6}UOY. Y= Vd dR& W.v) @j'.N $GOJC@.

v FirewallG 8H NMdL:


v FirewallG q8H NMdL:

v 8H W.v)

v 8H W.v)!-G " -jW.

v XgOB fl Security Dynamics-vM Windows NT 5^N -v! k

Q #:. W.v) @j'.

6. Firewall!- -q:& gkR v VT UOY. LB 8H W.v)! VB g

kZ! q8H W.v)& W<:R ' gkOB ^Re(9& in, socks G

B AOC)TOY. 8vGB -q:B h9 \h!- LgnvB a$! GX

^s}OY. -q:& 8vR 'B /$ /|G .!H; ckOb 'X ON

,a 8:; 3$X_ UOY. 9& in, 8H gkZ! HTTP AOC& g

kO) NM]G %; =vR v VT OAi FirewallG HTTP AOC pU

; 8:R S8 FOs ,a; 3$O) HTTP .!H; ckX_ UOY.

7. Firewall gkZ& 3$UOY. FtYne % W<:M 0: bIL* Firewall

|.Z! kQ NuL JdOi L1 gkZ& Firewall!- $GX_ UOY.

SecureWay Policy Director& gkO) AOC gkZ& LDAP! zeOB

fl AOC gkZ& [:Ov 6JC@. Policy Director \V; gkO)

Policy Director 8: _! Firewall AOC gkZ& [:UOY.

L1 \h& v`Oi b; Firewall 8:L C[Gm G`KOY. IBM Firewall

: W.v) 8H; .NR v V5O C:[ NWM 0: b8 bI; &xUO

Y.

FirewallL $s{8N* q$s{8N >aOB fl 8: %LMB Oe esL

j! zeGm YC NCR ' Z?8N g0:-GGN 5b; ^v J@OY. W

/*, 0:-H FTP <Gz 0: ON 0:-H ,aL NM4.Gz=; KAV

B /$ Firewall NW ^Cv! _}UOY.

Policy Director kU; 'Q SecureWay Firewall 8:

Firewall: Policy DirectorMG kU; 0kOb 'X IBM SecureWay Policy

Director& SecureWay Boundary Server6}gM T2 gkR v V5O 8:

Gn_ UOY. IBM SecureWay Policy Director! gkGv J8i AOC g

kZB Firewall W!H gkZ NMdL:(GUI)88N $GKOY. L1 gkZ

B SecureWay Policy Director!- |.R v x@OY.


SecureWay Firewall: SecureWay DirectoryM kER v V5O ,aL Lg

n}OY. SecureWay DirectoryB FirewallG 8HJN 8H DMZ* 8H W.

v)! Vn_ UOY.

,a 3$! kQ Z<Q ;k: IBM SecureWay Firewall User’s Guide for

Windows NTW IBM SecureWay Firewall User’s Guide for AIX& |6OJ

C@. ,a 3$ $8B Y=z 0@OY.

d;! kX Y=: FtYne T"; 3$OB% JdQ WqTOY.

v R:B FirewallG 8H npM VR! KOY.

v ks: SecureWay DirectoryVR! KOY.

v R: w.B 10238Y .OY.

v ks w.B 389M 0@OY.

v NMdL:B 8HL KOY.

v slC: NCTOY.

v fb: FtYneTOY.

@d! kX Y=: NYne T"; 3$OB% JdQ WqTOY.

v R:B SecureWay DirectoryVR! KOY.

v ks: FirewallG 8H npM VR! KOY.

v R: w.B 389M 0@OY.

v ks w.B 10238Y .OY.

v NMdL:B 8HL KOY.

v slC: NCTOY.

v fb: NYneTOY.

,a 9&B Y=z 0@OY.

# Service : ldap# Description :

permit 9.67.130.153 255.255.255.255 9.67.141.85255.255.255.255 tcp gt 1023 eq 389 secure bothoutbound l=y f=y t=0 e=none a=none


permit 9.67.141.85 255.255.255.255 9.67.130.153255.255.255.255 tcp/ack eq 389 gt 1023 secure localinbound l=y f=y t=0 e=none a=none

SecureWay Boundary Server3$ 6}g& G`UOY. FirewallL Policy

DirectorM T2 [wR v V5O IG; 1CUOY. u Z<Q ;k: 29 dL

vG :Policy Director kU; 'Q SecureWay Boundary Server8:;; |6

OJC@.

SurfinGate C/WN; gkOb 'Q SecureWay Firewall 8:

(Windows NT |k)

SecureWay FirewallL SurfinGate -vM kER v V5O ,aL Lgn}O

Y. SurfinGate-vB FirewallG 8HJ! Vn_ UOY.

,a 3$ f}! kQ Z<Q ;k: IBM SecureWay Firewall User’s Guide

for Windows NT& |6OJC@. ,a 3$ $8B Y=z 0@OY.

d;! kX Y=: FtYne T"; 3$OB% JdQ WqTOY.

v R:B FirewallG 8H npM VR! KOY.

v ks: SurfinGate-vG VR! KOY.

v R: w.B 10238Y .OY.

v ks w.B 3141z 0@OY.

v NMdL:B 8HL KOY.

v slC: NCTOY.

v fb: FtYneTOY.

d;! kX Y=: NYne T"; 3$OB% JdQ WqTOY.

v R:B SurfinGate-vG VRTOY.

v ks: FirewallG 8H npM VR! KOY.

v R: w.B 3141z 0@OY.

v ks w.B 10238Y .OY.

v NMdL:B 8HL KOY.


v slC: NCTOY.

v fb: NYneTOY.

L1 ,a 9&B Y=z 0@OY.

# Service : SurfinGate Plugin Communication# Description :

permit 9.67.143.113 255.255.255.255 9.67.143.115 255.255.255.255 tcp gt 1023 eq 3141secure local outbound l=y f=ypermit 9.67.143.115 255.255.255.255 9.67.143.113 255.255.255.255 tcp eq 3141 gt 1023secure local inbound l=y f=y

V: ,a: 0: 81! Vn_ UOY.

GQ, :5GB %LM& ckO5O SurfinGate -v& 8:X_ UOY.

SurfinConsole(SurfinGateG |. NMdL:)!- O] G X! VB C/WN p

e IG; .NX_ UOY. GQ, FirewallG HTTP AOCG VRM w. x#

& AOC GG Y= AOC Je! TBX_ UOY.

MAILsweeper & gkOb 'Q SecureWay Firewall 8:

SecureWay Fireewall!- $GH Ô 3/bB G& 8H Ô -v kE

MAILsweeper C:[; !.Q_ UOY. MAILsweeper Z<B Ô; 8H ^

O -vN |ÛOY.

SecureWay Policy Director 8:

SecureWay Directory! 3!Gn VBv .NUOY. SecureWay Directory! 3

!H C:[G VR, ;k _N w., SecureWay Directory-v!-G |.Z ID

W |.Z O#& Km Vn_ UOY.

SecureWay Directory LDAP,sLp.& SecureWay Policy DirectorM 0:

C:[! 3!OJC@. (SecureWay DirectoryG C:[z 0: M; gkOm

SecureWay Policy Director& gkOB fl ,sLp.B LL 3!Gn V;

v5 V@OY.)

SecureWay DirectoryG LDAP h9; v$O) Policy Director eProxyUsers&

vxX_ UOY. h9 _!B Policy Director!- &xOB N DO! zeKO

Y. Policy Director CDG /schema p:d.! '!Q secschema.defM

puschema.def DOL JdUOY.


SecureWay Directory-v!- LDAP h9; v$OAi Y= mI; Policy

Director C:[!- G`OJC@.

ldapmodify -h <LDAPHOST> -p <LDAPPORT> -D <LDAPADMINUSER> -w <LDAPADMINPWD> -f secschema.def

ldapmodify -h <LDAPHOST> -p <LDAPPORT> -D <LDAPADMINUSER> -w <LDAPADMINPWD> -f puschema.def

)b-:

v <LDAPHOST>B SecureWay Directory -v L'TOY

v <LDAPPORT>B -v! ;k _N w.TOY

v <LDAPADMINUSER>B |.Z IDTOY

v <LDAPADMINPWD>B |.Z O#TOY

O\ LDAP h9; v$O) AOC gkZ& vxOi Policy Director Console

! k X A O C g k Z & 3 . X _ U O Y . L 8 T O A i \Program

Files\IBM\IVConsole p:d.! '!Q console.properties DO!-

Proxyusers TaskViewY; V. X&X_ UOY.

SecureWay Directory 8:

Policy Director gkZ! zeGB g.N gkGB SecureWay Director!- "

Lg& $GX_ UOY. LDAP! "Lg& _!OAi IBM SecureWay Directory

Administrator’s Guide& |6OJC@. 9& in, O]{N "LgB Y=z 0

@OY.

o=yourcompany,c=yourcountry

O\ Policy Director gkZ& zeOb 'Q "Lg& _!Oi W W<: &n

qO(ACL); CYN 3$X_ UOY. Policy Director 8H Wl! kQ u "

Lg! pg W<: GQ; &xX_ UOY. Policy Director 8H Wl! kQ

DN: Y=z 0@OY.

cn=securitygroup,secauthority=default

Policy Director kU; 'Q SecureWay Boundary Server 8:

6}g& gkO) SecureWay Boundary-v& 8:R v V@OY. L 6}g

B FirewallL Boundary Server! VB b8 &0 W Policy DirectorM T2 [

wR v V5O 3$OB% JdQ \h& H;X ]OY. Y=! *@B PN:


LDAP -v! kX z.UOY. JdQ pg $8& $n fl 6}gB Firewall

; 3$O) Policy Director! gkZ W Wl $%! gkOB Mz 0: LDAP

%LM#L:& gkO5O UOY. L 6}gB GQ Nu $8& SurfinGateC

/WN(Windows NT Firewall |k)! |^R v V5O Firewall HTTP AO

C& 8:OE* 8: X&UOY.

IBM SecureWay Boundary Server& 8:OAi SecureWay Boundary Server

6}g& 8:OJC@. AIX !- sbswizard mI; G`O) Windows NT!-

C[->ANW%->SecureWay Boundary Server& 1CUOY. LB SBS 6}

g& R/IOY.

1. IG; 1CO) FirewallL Policy DirectorM LDAP %LM#L:& x/

O5O 3$UOY.

2. 16 dLvG :SecureWay Boundary Server;! VB $8& gkO) z.

! @dUOY.

SurfinGate C/WN; gkR v V5O SecureWay Boundary Server8:(Windows NT |k)

C[->ANW%->SecureWay Boundary Server& 1CUOY. LB SBS 6}

g& R/IOY.

1. IG; 1CO) Nu $8& SurfinGate C/WN8N |^R v V5O

Firewall HTTP AOC& 8:UOY.

2. k-& OaUOY.

SurfinGate 8:

Windows NT!- N !v f}8N SurfinGate& 8:R v V@OY.

v <N AOCN

v Firewall HTTP AOCG C/WN8N

AIX !- Q !v f}8N SurfinGate& 8:R v V@OY.

v <N AOCN


<N AOCN SurfinGate 8:

,sLp. % jslzB SurfinGate& HTTP, FTP W.m HTTPSG AOCN

gkR v V5O 8:Gn_ UOY. SurfinGate! ;k _N w. x#(b;*

: 8080)& ]eC v$OJC@.

SurfinConsole(SurfinGateG |. NMdL:)!- O] G X! VB AOC p


& AOC GG Y= AOC Je! TBX_ UOY. GB _! AOC! LL

$GH fl L& Y= AOCN v$R v V@OY.

Firewall HTTP AOC! kX C/WN8N SurfinGate 8:

W2 2. SurfinGate8:


,sLp. % jslzB Firewall HTTP AOC& HTTP, FTPW.m HTTPSG

AOCN gkR v V5O 8:Gn_ UOY. Firewall HTTP AOC! ;k _

N w. x#(b;*: 8080)& v$OJC@.

SurfinConsole(SurfinGateG |. NMdL:)!- O] G X! VB C/WN p


& AOC GG Y= AOC Je! TBX_ UOY.

V: L bI: Windows NTk SecureWay Firewall!-8 gkR v V@OY.

MIMEsweeper 8:

MAILsweeper 8:

W2 3. SurfinGate8:


\xQ /f!- MAILsweeperB 3! _! LgnvB z.! GX 8:Gn_

UOY. _!N 8:OAi C[->ANW%->SMTPk MAILsweeper->SMTP \

Vk MAILsweeper; G`UOY. u Z<Q ;k: MAILsweeper Getting

Started Guide& |6OJC@.

WEBsweeper 8:

8:OAi &nG8N !- WEBsweeperVC4; 1CUOY. u Z<Q ;k

: MIMEsweeper CD! VB WEBsweeper Administrator’s Guide& |6OJ

C@.

WEBsweeper HTTPS 8:

8:OAi &nG8N !- WEBsweeper HTTPSVC4; 1CUOY. u Z

<Q ;k: WEBsweeper Administrator’s Guide& |6OJC@.

W2 4. MAILsweeper8:

W2 5. WEBsweeper8:


'T w\

mI ` /?.<& gkO) /$ IP VR& w\R v VB JM& [:UOY.

w\GB VRB ;k 6g az! GX ?{8N a$I v V@OY. mI: Y

=z 0@OY.

v fwadd_deny

v fwdelete_dynamic

fwadd_deny

ANW%L E3/v xL #bGi JdQ E3/vG |D! kQ AR

A.& -i %CUOY.

E3/vB Y=z 0@OY.

JM ID

Windows NT Firewall! kX Y=L {kKOY. IDB /v

8v& 8:Ob 'X JM! RgI v V@OY. IDB 1!- C

[O) @'wx8N RgKOY. W.m Y=8N gkR v V

B ID x#8Y t: ID! &xGi RgH IDB ANW%! &

xH ID x#! FQ Y=8N gk !IQ ID x#! KOY.

9& in, ID 1! n !v T"L VB% ID 3N JM T" <

.& [:OAm Oi ID 2! kE RgKOY. )/ T"! 0

: ID x#! RgI v V@OY. delete_dynamicANW%; g

kO) T"L h&Gi LB IDN |6GGN IDN T"; [:

R 'B L T"iL 0: ID& x/OB fl L& Wl8N h

&OJC@.

T"L _!Gi gkH ID x#! %CKOY.

JM ID

AIX Firewall ! kX Y=L {kKOY. IDB x#N RgI v

V@OY. 9& in, JM id! ID 12O fl LB ID=12N R

gKOY. AIX !B 0: ID x#N RgH JM! x@OY. "

JMB "" m/Q ID! V@OY.


R: IP VR

P6 R:! gkR IP VRB 255.255.255.255M 0: !P. J

x %b}8N TBGn_ UOY.

R: IP 6:)

L JeB R: IP VRM T2 gkGn_ Om !P. Jx %

b}8N TBKOY. 9& in, R: IP VR! 10.5.8.08N T

BGm R: IP 6:)! 255.255.255.0Li 10.5.8.1!-

10.5.8.255nvG pg P6L O!KOY.

ks IP VR

P6 ks! gkR IP VRB 255.255.255.255M 0: !P.

Jx %b}8N TBGn_ UOY.

ks IP 6:)

L JeB ks IP VRM T2 gkGg !P. Jx %b}8

N TBKOY. 9& in, ks IP VR! 10.5.8.08N TBG

m ks IP 6:)! 255.255.255.0Li 10.5.8.1!- 10.5.8.255

nvG pg P6L O!KOY.

npM npM :e: Y=z 0@OY.

S 8H8N v$H npM! kX

N q8H8N v$H npM! kX

B pg npM! kX(8H W q8H)

v$H /|! BB npM(i)!- C[Q P6: T"z O!U

OY.

/? |'

Firewall; kQ P6 .!v3G /? |'B Y= * _ O*

! I v VB L E3/vN v$KOY.

L NC P6! kX

R fN v$H P6! kX

B NCz fN v$H P6! kX


fb NYne, FtYne GB gJ fb8N x`OB .!H; v

$UOY.

I NYne .!H! kX

O FtYne .!H! kX

B NYneM FtYne .!H! kX

bO ?{ JM 0?! kX bOOAi Y& v$Om bOOv J8

Ai N; v$UOY.

fwdelete_dynamic

L ANW%L E3/v xL #bGi vg $GH pg ?{ JM! %

CKOY.

>>>> Dynamic Rule Id = 1>>>>>>>> Jump = 0>>>>>>>> Filter Action = Deny>>>>>>>> Source Address = 9.192.8.7>>>>>>>> Source Mask = 255.255.255.0>>>>>>>> Destination Address = 9.192.240.1>>>>>>>> Destination Mask = 255.255.255.0>>>>>>>> Protocol = Any>>>>>>>> Source Port = Any 0>>>>>>>> Destination Port = Any 0>>>>>>>> Adapter = Both (Secure and NonSecure)>>>>>>>> Scope = Both (Routed and Local)>>>>>>>> Direction = Both (Inbound and Outbound)>>>>>>>> Tunnel Id = 0>>>>>>>> Logging Enabled = Unavailable>>>>>>>> Fragments Allowed = No

V: fwdelete_dynamic mI; gkO) h&Gn_ OB T"! 9s ID! V

Bv& Uz .NUOY.

ANW%L /?Q JM IDM T2 #bGi ?{ T": h&Gm h&H T"G

vB id! VB x T" __: xG |D8N %CKOY.

fm: _9 JM& _!OAm Oi JM! LL VYB M; KA]OY. JM ID

xL JM& _!OAm Oi fm @y& ^T KOY.


AIX 'T w\: s' 9' T" <.! T"L V8i cD2)z v V@OY.

'T w\L gkGi kNPG T": O' 9' T" <.! Vn_ UOY. ?

{ T": L1 N T" <. _#! _!KOY. .!H; ckOB T"L s'

9'! V8i ?{ T"8N .!H; [? _vC3 v x@OY.

8: W:.

L| "!- pg 3$; OaQ D W 3$; W:.X_ UOY. SecureWay

Boundary ServerG 8:; W:.OAi Y=; v`OJC@.

1. Policy Director& gkO) Firewall AOC gkZ& 3$UOY. gkZ!

8H Z]! kX Firewall O#& gkO5O 3$Om W gkZ! kX O

#& 3$UOY.

2. SecureWay Boundary Server6}g& G`O) Firewallz Directory(LDAP)

#! 5)& 3$UOY.

3. 8H ,sLp.!- AOC Z] <G; C[UOY.

4. gkZ 3$; Policy Director! TBUOY.

5. O#& TBUOY.

6. L& gkZB NuKOY.


:

:

:

:

&6e |C .-

; e! VB .-& gkO) IBM SecureWay Boundary Serverv| 2.0z

W |C &0! kX u 9: $8& r; v V@OY.

IBM SecureWay FirstSecureY= IBM SecureWay FirstSecureh9 W kU, v| 2.0!B FirstSecure! k

Q $8! in V@OY. L %: FirstSecure& 8:Om pg IBM SecureWay

&0 gk; h9R v V5O 5MVB &0; 3mUOY.

IBM SecureWay FirewallY= .-!B Windows NTk IBM SecureWay Firewall! kQ $8! in

V8g IBM SecureWay Firewall CDG x:\books\en_US p:d.!- PDFM

HTM |D8N gkR v V@OY.

v IBM SecureWay Firewall for Windows NT Setup and Installation

v IBM SecureWay Firewall for Windows NT User’s Guide

v IBM SecureWay Firewall for Windows NT Reference

v Guarding the Gates Using the IBM eNetwork Firewall for Windows NT

3.3 (redbook)

Y= .-!B AIX k IBM SecureWay Firewall! kQ $8! in V8g IBM

SecureWay Firewall CDG books/en_US p:d.!- PDFM HTM |D8N

gkR v V@OY.

v IBM SecureWay Firewall for AIX Setup and Installation

v IBM SecureWay Firewall for AIX User’s Guide

v IBM SecureWay Firewall for AIX Reference

v A Comprehensive Guide to Virtual Private Networks, Volume 1: IBM

Firewall, Servers and Client Solutions(redbook)


MIMEsweeper

MAILsweeper

Y= .-!B MAILsweeper! kQ $8! in V8g MIMEsweeper CDG

\install!- PDFM HTM |D8N gkR v V@OY.

v Getting Started GuideB \install\MSW4_0_2\Doc\qsg.pdf! V@OY

v ReadmeB \install\MSW4_0_2\README.htm! V@OY

WEBsweeper

Y= .-!B WEBsweeper! kQ $8! in V8g MIMEsweeper CDG

\install!- PDFM HTM |D8N gkR v V@OY.

v WEBsweeper Administrator’s GuideB \install\WSW3_2_5\Doc\manual.pdf

! V@OY

v 1.: $8B \install\WSW3_2_5\Doc\RELNOTES.htm! V@OY

WEBsweeper HTTPS AOC

Y= .-!B WEBsweeper HTTPAOC! kQ $8! in V8g

MIMEsweeper CDG \install!- TXT |D8N gkR v V@OY.

v ReadmeB \install\WSWHTTPS1_0_2\readme.txt! V@OY

SurfinGateY= .-!B SurfinGate! kQ $8! in V8g SurfinGate CDG \docs

!- PDF |D8N gkR v V@OY.

v SurfinGate Installation GuideB \Docs\install.pdf! V@OY

v SurfinGate User’s Manual: \Docs\manual.pdf! V@OY

v 1.: $8B \Docs\SFG 405 RelNotes.pdf! V@OY

v SurfinGateC/WN! kQ $8B \docs p:d.! V@OY.


NOA. .& Xa

; e!-B SecureWay Boundary Server! |CH .&& __Om XaOB

% 5r; ]OY.

IBM SecureWay Firewall G xk .& Xa

fN v$ .&

IBM Firewall: fN v$ .&& pvWOB% 5rL I v VB IP fN v

$ W:.sm Gn VB Security Policy k- sZ! bI; &xUOY. L 1

Cu; gkR v VT Om ,a 8:; 0:-Og ,a T" bO; gkUO

Y. W1 D Firewall NW& 6gO) Firewall; kzOB pg P6! kQ

s<Q $8& >OY.

IP VR& gkQ D #:. L'; gkO) Uz L1 W:.& v`OJC@.

Firewall !- #:.& Ping R v x@OY

.& 3m

W.v) NMdL:! &kN 8:Gn Vv J@OY.

Ge 6!

n5 <& .-& |6OJC@.

.& 3m

q8H W.v)! kQ ,aL &kN 8:Gv JR@OY.

Ge 6!

NM] -q: &xZ!T vx; d;OJC@.

.& 3m

8H W.v)! slM Z! ].Gn V8i Firewall!B W slM!

kQ ${ fN! Vn_ UOY. netstat -rn; gkO) ${ fN v

$; .NOJC@.

netstat -rn


bB: ANd] PP. 2! kX Y=z 0F_ UOY.

nrr.nrr.nrr.nrr

NM]! kQ slM& *8;m LB b; fNTOY. b; f

NB ${ fN(C!W=UG)TOY.

nnn.nnn.nnn

q8H 5^N; *8@OY. LB NMdL: fN(C!W=U)T

OY.

nnn.nnn.nnn.nnn

q8H NMdL:& *8@OY.

sss.sss.sss

8H 5^N; *8@OY. LB NMdL: fN(C!W=U)TO

Y.

sss.sss.sss.sss

8H NMdL:& *8@OY.

ss1.ss1.ss1

W.v)G 8HJG -j 5^N; *8;m srr.srr.srr.srr: W

-j 5^N! kQ slM& *8@OY. LB ${ fN(C!W

=UG)TOY.

127.0.0.1

gAiLE* NC #:.TOY. LB NMdL: fN(C!W=U)

TOY.

" NMdL:! kX NMdL: fN! Vn_ Om b; fNB Firewall

G q8HJ! VB slM& !.Q_ UOY.

Destination Gateway Flags ....default nrr.nrr.nrr.nrr UGnnn.nnn.nnn nnn.nnn.nnn.nnn Usss.sss.sss sss.sss.sss.sss Uss1.ss1.ss1 srr.srr.srr.srr UG127 127.0.0.1 U

W2 6. netstat -rnG 9& bB.


Ge 6!

${ fN& slM! _!OJC@. slM |.Z!T .GOJC@.

route add mI; gkUOY.

.& 3m

8H NMdL:! VB -jW. 6:)* "SOAB #:.! 21 v

V@OY.

Ge 6!

,sLp. 8: /?.<& gkO) 6:) 3$; $$OJC@.

8H #:.!- q8H #:.& Ping R v x@OY(GB W ]k)

.& 3m

Firewall! N"X VB " slM!B Firewall Z! VB ks W.v

)G TL.~LN Firewall; v$OB ${ fN! Vn_ UOY.

Ge 6!

slMG |.Z!T .GOJC@.

.& 3m

8H W.v)!- RFC 1597! v$H 3N VR& wTO), LnOL

m q8H W.v)!- fN v$R v VB VR& gkOB fl P6

: |[Z!T YC fN v$Gv J@OY.

Ge 6!

Windows NT |k: ,sLp.& nOH VRM T2 gkOJC@.

FirewallG NAT bI: TCP W UDP .!H! gkI v Vv8 NATB

ICMP P6!- VR& ping33 //Ov J@OY.

Ge 6!

AIX |k: ,sLp.& nOH VRM T2 gkOJC@.

DNS GP

V: DNSB Windows NT |kL FUOY.

NOA. .& Xa 43

.& 3m

Microsoft DNS -q:& Microsoft DNS -q: |.ZN 8:_8G

N DNS @y ^Cv& vE_@OY.

Ge 6!

3! v'; YC |6Om

1. |< p:d.N \winnt\system32\DNS& h&O) Microsoft DNS

& &EUOY.

2. Microsoft DNS& YC 3!UOY.

3. YC N.UOY.

4. DNS hotfix& YC 3!UOY.

5. YC N.UOY.

xk .&–MIMEsweeper Xa

WEBsweeper W MAILsweeper B 0: C:[!- [?Ov JB M 0@

OY

.& 3m

MAILsweeperM WEBsweeper& 0: C:[!- G`OAm R ' .

&! _}UOY.

Ge 6!

MAILsweeperM WEBsweeper& -N Y% C:[! 3!OJC@.

WEBsweeper G zOH :I

.& 3m

WEBsweeper& gkO) % ;k; YnNeR ' 87:4v xOT v

,KOY.

Ge 6!

1. WEBsweeper&nG VC4; gkO) bOOv xOT UOY.


2. WEBsweeper& gkR v VB Oe~n _ !e |% M! 3!U

OY.

WEBsweeper sL>: .&

.& 3m

WEBsweeper 3.2_5& WEBsweeperG L| v|L 3!H C:[! 3

!Q fl sL>: 0 f9L _}R v V@OY. WEBsweeper! C

[I ' ;N Windows @y ^Cv: 2140L _}Oi L%. %Cb!

- @k ANW% NW& .NUOY. WEBsweeperG ^CvB Y=z 0

@OY. ″PAKMSG @y: gkZ L': L|! $GH sL>: =Gz

f9UOY.″

Ge 6!

Windows 9v:..!- L| sL>: 0& &EOJC@. Regedit& #

F 8 m \ \HKEY_LOCAL_MACHINE\SOFTWARE\Content

Technologies\MIMEsweeper\LicensefN!- #F8JC@. )b- 0

& O* Ls #8i, ″IBM MIMEsweeper System″8N 9LmL Yv

J: M; h&OJC@. YC N.UOY.

WEBsweeper B Tp! + DO; YnNeR ' .&! _}UOY

.& 3m

WEBsweeperB JM5OB _! DO; zeOb 'Q !s ^p.! N

7R v V@OY.

Ge 6!

WEBsweeper-v!- G& ^p..; C.JC@.

NOA. .& Xa 45

xk .&—SurfinGate Xa

SurfinConsole : Microsoft Internet Explorer ! -A VB ?H!B @

dOv J@OY

.& 3m

SurfinConsole@k ANW%: Internet Explorer! -A VB ?H L

sQ ?[; 8LE* @dOv J@OY. L1 N @k ANW%: f9

OGN ?C! G`R v x@OY.

Ge 6!

Internet ExplorerM SurfinConsole; ?C! NeOv 6JC@.

SurfinGate C/WNG zOH :I

.& 3m

%; kQ pt Ze YnNeB SurfinGateC/WN; gkR ' El

@3OY.

Ge 6!

Y= AOC JeB SurfinConsoleG AOC =G!- SecureWay Firewall

HTTP AOCN 3$Gn_ UOY.


NOB. VGgW

L %!- IBM &0, ANW% GB -q:& |6_Ym X- IBML 5w _

N pg *s!- L& gkR v VYB M; GLOvB J@OY. L %!-

IBM gkG ANW% GB IBM &0; p^_YmX- ]eC IBM ANW%

L* &08L gkGn_ T; GLOvB J@OY. IBMG v{ gjG; 'X

Ov JB Q bI{8N ?nQ &0,ANW% GB -q:& IBM &0, ANW

% GB -q: kE gkR v V@OY. IBML /0w mCOv JB Y% &

0z |CH 6[G r! W Ku: gkZG %STOY.

IBM: L %! *@B /$ Wq! kQ /c& 8/Om VE* vg bx _

O v V@OY. L %; &xQYm X- W /c! kQ gkGnv N)OB

M: FUOY. /c gkG! kX-B Y= VRN -i .GOJC@.

150-010

-o/0C 5nw8 )G5? 25-11, QxXnty

Q9 FL.q.% VD8g

v{ gjGN

(i)05N [:H ANW%z b8 ANW%(L ANW%; wTQ) #G $8 3

/ W (ii)3/H $8G s# Lk; q{8N L! kQ $8& xOB gkGZ

B Y= VRN .GOJC@.

150-010

-o/0C 5nw8 )G5? 25-11, QxXnty

Q9 FL.q.% VD8g

RA.~n gw;N

IBM m4 h`(ICA) O! ANW%G gkGL N)Gv J@OY. LB IBM

9& ANW% gkG h`(IPLA) O! gkGL N)KOY.

L %: }jkL FOg sw: GB /$ q{! kQ 8g:! kQ 8u; w

TO) n0Q >yG 8u5 &xOv Jm vskN L %; &xUOY.


L &0!B CERN!- [:Om gkR v VT 8inx D;M RA.~n!

in V@OY. L BN: CERN D;M RA.~n! wTH pg &0!- Z

<w p^Gn_ UOY.

nOs%

Y= knB L9L* b8 9!!- gkGB IBM gG nOs%TOY.

AIX

IBM

MicrosoftM Windows NTB MicrosoftG s% GB nOs%TOY.

**SurfinGateB Finjan SoftwareG s%TOY.

**MIMEsweeper, **MAILsweeper W.m **WEBsweeperB Content

TechnologiesG s%TOY.

0%! N 3(**) %CH b8 8g, &0 W -q:m: Y% 8gG nOs%*

-q: s%TOY.


kn

!

TL.~L(gateway). -N Y% 86G N D;M W.v)& s# ,aOB bI{ e!.

b;*(default). mC{8N v$H ML xB fl #VGB *, S: GB IG.

s

gAi NMdL:(loopback interface). $8G VR! ?OQ C:[G #<<N v$H fl RJdQ kE bI;

}+OB NMdL:TOY.

6

6}g(wizard). gkZ! /$ [w; x`X *% v V5O \h0 v'; gkOB @k ANW%G k-TOY.

g

-v VR(server address). W.v)& kX DO -v, Nb -v GB Ô -vM 0: b8 D;M! x/ -q:

& &xOB " D;M! RgH m/Q Ze. %X IP VRB 32 q. VR JeTOY. -v VRB !P. Jx IP

VRLE* #:. L'O v V@OY.

-v(server). W.v)& kX Y% D;M! x/ -q:& &xOB D;M. 9& in, DO -v, Nb -v GB

Ô -v nL V@OY.

-q:(service). 9& in, HTTP, FTP GB Z]z 0: O* LsG ke!- &xOB bITOY.

)(shell). gkZ v):WLG!- mI `; ^FiLm 3.OB RA.~n. Korn ): gk !IQ )/ UNIX

) _ O*TOY.

C#Jz(timeout). 6[L GÌ v V5O RgH C# #]TOY.

F

%(Web). kNP: HTTP -vG b8 .-! kQ 5)! in VB OL[X:. .-N ANW%z DOL VB

HTTP -vG W.v)TOY. ye MLe %(World Wide Web)Lsm5 UOY.


NM](Internet). NM] ANd] Wl; gkOm xk W<:& ckOB | <h{8N -N ,aH W.v)G

C:G.

N.s](intranet). NM] %Xz @k ANW%(9& in, % jslz); 6wG b8 D;M W.v7 ON86M

kUOB g3 8H W.v).

+

,sLp.(client). O]{8N -vsm OB G Y% D;M C:[L* AN<:G -q:& d;OB D;M C:

[ GB AN<:. )/ ,sLp.B xk -v! kQ W<:& x/R v V@OY.

8

Z](Telnet). MLN !D9LG ANd]N- x] ,a -q:! kQ TCP/IP @k ANW% ANd]TOY. Z]

; kX Q gL.! VB gkZB 6! gkZG v):WLGL x] #:.! w" ,aH M33 W #:.& W<

:R v V@OY.

D

w.(port). _s{N kE e!& D0OB x#. % -vB b;{8N w. 80; gkUOY.

ANd](protocol). kEL LgnvB fl kE C:[G bI{ \'G 6[; |.OB T" <.. ANd]: Y

L.G q.! |[GB x-M 0: C:[ # NMdL:G O^ <NgW; a$R v V@OY. LB GQ DO |

[z 0: @k ANW% # s^ 3/; a$R v V@OY.

D

DMZ. Demilitarized Zone.\N gkZ! 8g %LM! in VB -v& w" W<:Ov xOT OB e!.

F

Firewall. O*G W.v)M Y% W.v) #! ,a; 8#Om &nOB bI{ e!. Firewall: xOv JE*

GQL N)Gv J: kE .!HL 8#H W.v)! in@v xO5O 7m 1CH kE .!H8 8#H W.v)

!- *C v V5O UOY.

FTP(File Transfer Protocol). DO; W.v) D;MM Vm ^; ' gkOB @k ANW% ANd]. FTPB

gkZ ID! JdOm ''N x] #:. C:[! VB DO! kQ W<:& ckOb 'X O#! JdUOY.


I

ICMP. (Internet Control Message Protocol).NM] ANd](IP) h~!- @yM &n ^Cv& 3.R ' gkO

B ANd]. .& 8mM _xH %LMW% ks: x! %LMW% R:N .OKOY.

IP. (Internet Protocol).W.v)* s# ,aH W.v)!- %LM& ,a xL fN v$OB ANd]. IPB u

t: ANd] h~z G& h~ #! _# *R; UOY.

IP VR(IP address). NM] ANd] VR. W.v)!- " e!* v):WLGG G& '!& v$OB m/Q

32 q. VR. LB GQ NM] VRsm5 UOY.

IPSEC. (Internet Protocol Security).W.v)* W.v) kEG P6 3. h~!- 3_ _N 8H %XTOY.

N

NAT. (Network Address Translation). Firewall!- 8H IP VR& nOH \N VRN //OB M. L& kX \

N W.v)M kER v Vv8 Firewall ;N!- gkGB IP VR& 6:)UOY.

P

PICS. (Platform for Internet Content Selection). PICS& gkR v VB ,sLp.B gkZ! gkR n^ -q

:& a$Om " n^ -q:!- ckR v VB n^z ckR v xB n^; a$R v VT UOY.

Ping. @d; ^; M8N bkOi- ICMP !Z d; P6; #:., TL.~n GB slMN |[OB mI.

S

SMTP. (Simple Mail Transfer Protocol).NM] ANd] Wl!- NM] /f! VB gkZ #! ^O; |[R

' gkOB @k ANW% ANd]TOY. SMTPB ^O 3/ x-M ^Cv |D; v$UOY. LB TCP(Transmission

Control Protocol)& bJ ANd]N #VUOY.

T

TCP. (Transmission Control Protocol).NM]!- gkGB kE ANd]TOY. TCPB EZR v VB #:.

# $8 3/; &xUOY. LB IP& bJ ANd]N gkUOY.

TCP/IP. (Transmission Control Protocol/Internet Protocol)." W.v)!- gkOB kE bz! |hxL W.

v) #! kER v VT 3hH ANd] WlTOY.

kn 51

U

UDP. (User Datagram Protocol).NM] ANd] Wl!- EZR v xB \}H %LMW% -q:& &xOB

ANd]TOY. L& kX Q C:[! VB ANW%L* AN<:B %LMW%; Y% C:[! VB @k ANW%

L* AN<:N |[UOY. UDPB IP& gkO) %LMW%; |^UOY.

V

VPN. (Virtual Private Network).N 3 LsG W.v)& ,aOB O* LsG 8H IP MNN 8:H W.v)T

OY.

W

WTE. (Web Traffic Express).El ?2{N 3C T9; kX O] gkZG @d C#; !S-OB% 5r; Y

v VB 3C AOC -vTOY. /,Q PICS JM5: W.v) |.Z! O*G _S '!!- % b] $8! kQ

W<:& &nR v V5O 5M ]OY.


IBM

N0 x#: CT6RZKO

Printed in Singapore

GA30-1012-00

CT6RZKO

Spine information:

IBM

Windows NT ® W AIXkIBM SecureWay ®

Boundary Server C[!- v`nv v| 2.0

-v nv - ibmpublib.boulder.ibm.com/tividd/td/sw_fs/sbsup/ko_ko/pdf/ct6rzko.pdfl %g 8: l %:...

Documents