The Eagle is designed to isolate one network from another, permitting only those connections and services you specify. Typical applications for this gateway would be to limit access to a secure network from the outside, or to screen connections between an exceptionally busy network and the Internet. As installed, the Eagle blocks the passage of all network services into and out of your network, with the exception of SMTP (electronic mail). Since e-mail is a universal service customers want, it passes transparently and you need do nothing to the Eagle to configure it. You can enable other network services to pass under the control of a powerful rules-based authorization file. Since most customers want to be able to use the common ftp and telnet services, the ability to permit the passage of these services and to control who can use them, both inside of and outside of your Eagle-secured network is a standard part of the software. Furthermore, you can choose to permit the passage of other network services on a service-by-service basis, and limit the use of them on a user-by-user basis, with our flexible Generic Service Passer.
The Eagle can also be used to act as a gatekeeper in a network
with multiple levels of security, to ensure that data is not
accidentally transferred from a highly secure machine to a less secure
machine. As we have seen in the preceding chapter, the Eagle can
watch the types of connections being completed or refused, then
alert systems management if there is any unusual activity.
This feature is called Dynamic Activity Monitoring.
(The details of specifying suitable criteria is described in
Section ).
Additional gateway servers called Eaglets may be installed if you wish to partition a network. Eaglets share the authorization function of the Eagle, but control traffic among sub-networks. Since an EagletEagle, only one copy of the authorization file is necessary, thereby significantly easing system administration requirements and eliminating authorization skew.
In virtually all cases hereafter, the capabilities and functions ascribed to the Eagle also apply to Eaglets.
Raptor's software products protect networks that pass IP packets only. They completely block all other network protocols.