|
The Security Module gives you various security options for your Merlin applications. These include:
|
VPN: Virtual Private Network
|
Merlin VPN provides all the tools to configure and maintain a Virtual
Private Network (VPN). Install Merlin VPN units at all your remote offices. Turn the VPN on between all units and you will have a secure network between workstations and servers at all locations.
Features include:
| IPSec |
IPSec (Internet Protocol SECurity) technology is supported
through the implementation
of FreeS/wan Version 2.04 (Linux). See http://www.freeswan.org.
This application creates secure VPN tunnels between Merlin server
nodes.
Features:
- Creates a secure and encrypted "tunnel" between two Merlin
VPN nodes (or third-party comptible VPN node).
- With a tunnel in place, workstations on one local network can
access workstations/servers on the remote network thru TCP/IP.
- Supports at least 50 tunnels on a mid-range machine.
(No theoretical limit. Limited by server speed/capability)
- Data transfer rates are approximately 20 megabits per second
or more for a mid-range machine.
- Uses X.509 Certificates for authentication between tunnel nodes.
- Hash algorithms: MD5-HMAC 128-bit, SHA1-HMAC 160-bit.
- Encryption: 3DES-CBC 168-bit
- Key management: IKE (ISAKMP/Oakley)
- Supports tunnel mode
- Supports multiple gateway to gateway tunnels
- Supports multiple "roadwarrier" to gateway IPSec tunnels
|
| PPTP |
Supports Point-to-Point Tunneling Protocol for VPN tunnels between
"roadwarriors" and gateways.
- Primarily used to easily configure a VPN between a Windows PC
and a Merlin VPN node. PPTP is Windows standard VPN protocol.
- Allows a Windows PC/notebook to access servers on the local lan
behind the Merlin VPN node.
- Authentication: MSCHAPv2
- Encryption: MPPE 40-128 bit RC4
- Multiple GRE V2 allows multiple PPTP PCs to connect on a local
lan to a Merlin node.
|
| SAMBA (WINS) |
SAMBA for Linux (http://www.samba.org) emulates a WINS server on
a Merlin VPN node. This is the preferred method of centralizing
the participating nodes of the VPN networks.
- Allows PCs on one local network to browse and access servers
on the remote local network.
- Allows file transfer between networks.
- Allows printing to remote printers.
- Shows participating PCs/servers in Windows Network Neighborhood.
|
| Firewall and Router |
Merlin VPN supports firewall and router configurations through the
use of Linux iptables.
- Allow/disallow local workstations to have Internet access outside
of the VPN tunnel.
- Block abusive client IP addresses.
- General tool for setting up any rule.
|
| Backoffice VPN Management |
Merlin VPN supports a browser-based (HTTP) backoffice for setting
up and maintaining all VPN functions.
- Certificate manager to create and maintain X509 certificates
for each Merlin node.
- Access to all participating VPN nodes through ONE backoffice.
- Tool to configure/view IPSec tunnels between Merlin nodes.
- Tool to configure/view PPTP tunnels.
- Tool to configure/view SAMBA activity.
- Access from within the tunnel OR from outside. Protected through
ID/password and optional SSL encryption.
|
Merlin SSL support allows you to install SSL certificates to make your web pages secure. This is a must if you activate the e-commerce module or plan on using Digital IDs in your email.
Features include:
| SSL Technology |
Merlin SSL uses the technology developed by the OpenSSL Project for
Linux. See http://www.openssl.org.
This OpenSSL code provides the underlying technology
for all Merlin secure connections.
Features:
- Supports Secure Sockets Layer (SSL v2/v3).
- Supports Transport Layer Security (TLS v1).
- Hash algorithms: MD5-HMAC 128-bit, SHA1-HMAC 160-bit.
- Encryption: 3DES-CBC 168-bit
- Key management: IKE (ISAKMP/Oakley)
|
| Certificate Management |
In order to have a secure connection, you must install a trusted
certificate. Each certificate will have a public key (distributed
publically) and private key (kept securely in your Merlin server).
Merin supports a certificate management backoffice function:
- Manage/view certificates in an expandable tree structure.
- Install certificates for one or more domain names.
- For domains that share IP addresses, alternate ports can be
set up to map unique certificates.
- Create Certificate Signed Requests for use in purchasing a
trusted certificate.
- Import certificates from trusted authorities such as Verisign.
- Create self-signed certificates for testing and private use.
|
| Secure Protocols |
Merlin Security supports the following secure connect protocols:
- HTTPS - Secure HTTP connections encrypt all data that is
transmitted between server and client.
Web browser access to a domain through HTTPS will
display the "lock" indicating a secure connection.
- SMTPS - Secure SMTP connections allow email clients to
send email securely direct to the Merlin email server.
- POP3S - Secure POP3 connections allow email clients to
download their mail securely from the Merlin email server.
|
|
Digital ID Support in Webmail
|
Merlin Digital ID support allows you to install Digital IDs in for signing and encrypting your email.
Features include:
| Management |
Digital IDs can be managed in two ways:
- In a Webmail Plugin -
When the Digital ID module is activated, a plugin will be install
in each user's email account. Under 'Options', in the webmail, the
user can import/create Digital IDs and use them for signing and/or
encrypting their email.
- In the Backoffice - The administrator has access to ALL
email user accounts and their digital IDs. From here, the administrator
can install (or remove) digital IDs for any user.
- Both methods allow the user to create, install, view, and delete Digital IDs in an easy-to-use expandable tree structure.
|
| Installation |
There are several ways to install a digital ID:
- Install from a Trusted Authority - Purchase a Digital ID from a Trusted Authority such as Verisign or Thawte. Follow simple step-by-step instructions to move the Digital ID (public and private keys) into Merlin in a secure fashion.
- Direct Import - If you know the location of the certificate and have the associated private key, you can directly import them into Merlin.
- Create self-signed Digital ID - Self-signed IDs are not commonly recognized as "trusted". However, they can be used in a test or private environment where the recipients know the sender.
|
|
