Next: Gateway Control Up: Components of the Previous: Fax/Pager Modem

Software Components

The Eagle Network Security Management System consists of several software components. The gateway control program (gwcontrol) is the heart of the system. It handles network connection requests from remote systems and from systems on your local network. After consulting its configuration (or authorization) file, gwcontrol either completes the connection or denies access. Gwcontrol maintains a list of active connections. For added security, we have provided modified versions of the standard service daemons ftpd and telnetd which interact with gwcontrol to process service requests. The display program shows the state of the gateway and current connections based on gwcontrol's information. An auxiliary program, the Vulture, kills programs which aren't allowed to run on the G box. The following sections describe these programs in detail.

While the Eagle routes packets entering your network, it is more capable than a standard router: it disassembles incoming packets and constructs new ones before sending them out to the destination host. This guarantees that there are no cracks for undefined packet types to exploit.

The Eagle maintains a complete transaction log. It alerts system administration whenever suspicious activity (e.g., four failed connect attempts from the same site within five minutes) is detected. As soon as the Eagle determines that something potentially harmful is happening, it logs the source of the offending packets and the route they travel. Recall that you, the system administrator, define what constitutes suspicious activity.

If you have a modem attached to your system, the Eagle can notify appointed individuals via pager or fax whenever intrusions are detected. The Eagle can also send alerts to a pager or to the system's loudspeaker; via electronic mail; or to a client program of your choice for processing. Refer to Chapter for more details.

The Eagle software is auto-encrypted to discourage attempts to reverse-engineer it. It comes with a secure hash function checksum so that system administrators can routinely confirm that no one has tampered with the code. If the Eagle has been altered, it shuts itself down, preventing all remote network access until a verifiably correct version is reloaded. To provide assurance that there is no back door which might be exploited, the source code can be certified by an external agency using a secure checksum.




Next: Gateway Control Up: Components of the Previous: Fax/Pager Modem


tkevans@delmarva.com