• United States

Infoblox appliances add role-based security to firewalls

Jun 08, 20042 mins
Network SecurityNetworkingSecurity

* Adding role-based filtering to your existing firewalls

Last month, we discussed consolidating multiple security functions and management into a single overlay intrusion-prevention firewall architecture from a company called iPolicy.

If that idea intrigued you, you might want to check out another potentially powerful development: the ability to connect your existing network firewall (from Netscreen/Juniper, CheckPoint or someone else) to an authentication and authorization appliance from Infoblox to gain consistent role-based firewall security across all your networked sites.

And just what is role-based firewalling, you might ask?

In a nutshell, it entails using your firewall to control access to the corporate network based on each user’s profile, or role, within the organization.

For the most part, today’s firewalls are configured to permit or deny access based on IP source address. However, you might also wish your firewall to account for user roles within your organization when granting network permissions.

While many of today’s existing firewalls do support the role-based filtering capability, most lack a centralized, automated way to configure it. Instead, you must program policies (correlating IP addresses to users based on profile) on a site-by-site basis. In large, highly distributed organizations, this becomes a time-consuming process that’s difficult to scale.

As a result, many enterprises have not leveraged the role-based firewall-filtering feature.

Infoblox, however, allows you to simply connect your existing firewalls to its RADIUS One appliance for automated role-based policy setting, explains Infoblox CTO Stu Bailey.

Depending on your architecture, a single RADIUS One can serve as the authentication and authorization engine for multiple distributed firewalls. Infoblox plans to deliver the ability to globally manage multiple distributed RADIUS One appliances later this year, Bailey says.

Note that role-based firewalling is just one tactical application for Infoblox appliances. The company’s raison d’etre is to help large, distributed enterprises get their arms around managing core network services that relate to user and device identity, such as DNS, DHCP, LDAP, and Active Directory.

This entails moving key data stores and protocols off numerous servers and network devices that are scattered about the enterprise and managed by different departments and into highly secure appliances that become part of the distributed – yet centrally managed – network infrastructure.