They will intercept no message before its time - Robert Mondavi Winery - Internetworking: Special Focus - Company Operations

This month we offer a concentrated view of internetworking. It seems an internetwork, while hard to define, is something we recognize when we see it.

Each of us has a shorthand definition we can pull out when confronted with the term: the connection of several networks, like workgroup LANs. Internetworking typically has special loop engineering characteristics, is supported by additional network access devices, and has enhanced directory and security features.

But the effects of an internetwork are always to bring more users "into the loop" and to distribute enterprise resources to authorized personnel.

In this Special Focus, we list suppliers of internetworking products and services, we describe leading-edge products and we offer several articles of particular interest.

Firewall protection opens up new Internet and intranet options for a California winery.

When Robert Mondavi Winery began providing Internet access to 400 networked end users in northern California last year, our security was a free-standing mail server that separated the internal network from the Internet.

The server functioned as a gateway, translating communications based on the IPX protocol of our internal network to the IP protocols required for direct Internet access. It worked well. But as our Internet involvement increased, we realized that this approach to security did not meet all of our operational needs.

The system was launched along with an internal Web site for our distributors and sales force because we recognized that security is a critical concern to a winery. We didn't want the outside world to gain access, through the Web site, to our confidential corporate information.

While our IP/IPX gateway effectively eliminated the possibility of unauthorized access to sensitive information, there were disadvantages.

Because the gateway could not support secure access based upon the File Transfer Protocol (FTP)--a protocol commonly used for communicating with suppliers, vendors, and remote users--we had to block this type of access to preserve the integrity of our information resources. But as Internet usage became more important to staff members, they increasingly wanted FTP capabilities.

The gateway also would not be compatible with our plans to create a corporate intranet. To optimize overall network performance, we would have to replace IPX with IP as our desktop protocol so that both Internet and intranet communications could be achieved with a single protocol--and without the need for the IP/IPX gateway.

We had to identify a way to preserve a high-level of Internet access security as well as our existing proprietary addressing scheme.

We decided that FireWall-1 from CheckPoint Software Technologies, (Redwood City, Calif.) could resolve both of these issues.

In addition to meeting our functional requirements, the product can be used to control the access lists on our Cisco routers. Maintenance is streamlined by consolidating activities with a single graphical user interface that is much easier to use than the command line interface of the routers. It allows us to define a single enterprise security policy.

Another benefit is that the firewall runs on a Windows NT platform, our standard server operating system. While we certainly could have used a Unix-based firewall, having one based on a Windows NT platform was far more convenient and cost-effective because we did not have to face the overhead of Unix training.

The robustness of the logging facilities is another important feature. Products that identify all access attempts can determine when the firewall repeatedly blocks the same individual, an act that clearly implies illicit access attempts.

Firewall-1 has technology that provides the higher level of security needed to protect FTP sessions by inspecting communications before they get to the operating system while maintaining full awareness of the application state. The result: we can now allow all users to conduct FTP sessions.

Once the firewall was implemented, we launched our intranet. It not only streamlines communications among our 400 internal workstations, but also allows remote Mondavi users, such as our globally distributed sales staff, to gain access via the Internet to corporate network facilities without the high costs of dial-up.

COPYRIGHT 1997 Nelson Publishing
COPYRIGHT 2004 Gale Group