Next: Introduction
Up: Features and Compatibility
Previous: Features and Compatibility
The Eagle Network Security Management System is a suite of
software products that reside between your local-area-network (LAN) and
another network. The other network can be the outside world (i.e., the
Internet) or another of your own LAN's, local or remote.
The Eagle is designed to isolate one network from another,
allowing only those connections and services that you permitted. The
Eagle can detect suspicious activity (as you define it) and alert
you through a fax, pager, electronic mail or audible alarm. The Eaglet Subnet Partitioner is designed to work with the Eagle to compartmentalize important intranet workgroups or sub-LANS,
offering them the same protection that Eagle provides.
Just having one (or several) Eagles on your network does not
obviate the need for having a coherent, well thought out site security plan.
We cannot stress too strongly the importance of doing this planning
before there is a catastrophe. Several documents that can assist in
this planning are listed in the preface to this manual.
Figure
illustrates the functional components of the
Eagle, and their relationships.


The Eagle features include:
- dual communication interface.
IP packets are reencapsulated to hide local network topology.
isolation reduces risk from viruses, trojan horses, and worms.
maintains the confidentiality of your network.
- host authorization both into and out of your network, as well as
within it
you choose which hosts are allowed.
you choose when access is permitted.
you choose what types of communication are allowed.
- monitoring and tracing of suspicious activity
dynamic activity monitor.
you establish what constitutes suspicious activity.
notification of network manager when connection attempts exceed limits.
traceroute capability to identify offender.
- immediate notification of suspicious activity via:
display
audio alarm
electronic mail
pager
fax
client program of your choice
- service processing
remote terminal access (telnet) modified for enhanced security.
file transfer (ftp) put and get service selectivity.
generic packet passer for miscellaneous services you choose to provide.
- user authentication
identifies who is initiating network traffic.
restrict telnet and ftp to particular users or groups.
optionally authenticates using smart-card technology.
- audit log
daily report of all activity.
automatic archiving of previous day's activities.
easy conversion of log file to fixed-width database formats.
- hardware host authentication via EtherGuard
workstation and PC Ethernet-to-IP address verification.
detection and shutdown of remote dialup connection through a PC.
- transparency and ease of integration
uses standard communication port numbers.
compatible with X.25, Token-Ring, Ethernet, and FDDI.
no new user commands must be learned.
- system self protection
no remote login to the Eagle; login from console only.
no user accounts on the Eagle.
single authorization file maintained only by the Eagle.
file changes restricted to authorization machine console only.
file cannot be remotely accessed.
file is rule-based and can be customized by the user.
automatic shutdown of gateway if the program code is altered.
non-root processes are not allowed to run on gateway.
- subnet isolation with Eaglet partitioner
connection authorization, monitoring, and tracing across subnets.
one source (Eagle) for authorization file and rules.
Next: Introduction
Up: Features and Compatibility
Previous: Features and Compatibility