NetManager: Security and Control
Get the basics right
A network needs to be built on a firm foundation. Security should be fundamental to your network design, not an afterthought. You need to know that you are not open to viruses or malicious attacks (both internal and external). On the other hand, like a good bodyguard, security should not be intrusive.
Firewalling not only allows you to keep a tight control over what can be accessed from the Internet but also allows fine control over what is shared between curriculum and administration networks.
The NetManager offers full kernel-level firewalling. This means you can clearly define which computers (both internally and externally) can or cannot have access to certain resources. Also, you may not have enough IP addresses to connect up all your computers. When fitted with extra Ethernet cards, the NetManager can be used to both protect your internal network and provide transparent yet secure Internet access. In addition, even if the NetManager is the only computer directly connected to the Internet, port redirection allows other computers to be accessed from the outside (e.g. a Citrix XenApp server farm).
The NetManager supports VLANs (i.e. it can be attached to multiple networks even with just one network lead) and can firewall between any networks it is attached to. It can also transparently intercept web traffic to pass onto its web-filtering.
NetManager includes anti-virus scanning of files and emails. Its virus signatures are updated frequently. The results of anti-virus scans can be automatically emailed to the relevant users.
Usage case - wireless guest access: Modern wireless access points can have multiple SSIDs which can each have their own VLAN. It is therefore possible to have open guest access (unencrypted) separated out from secure WPA access for known users. In conjunction with Firewalling, this allows you to give very restricted access to guest machines (such as no web access unless you log on through a web-browser and use a local proxy combined with no access to the rest of the network at all).