Utilizing UPM across a firewall

UPM can be utilized across a firewall to control hosts located within your DMZ without compromising your internal security policies. The DMZ represents an area of controlled exposure to the Internet. Administration of Web and Mail servers within this region presents a security challenge.

Using UPM it becomes possible to restrict access to privileged commands or indeed all commands in such a way as to ensure that access is granted in accordance with a strict UPM policy.

Such policies could include the originating IP address, time, date and day of week restrictions to ensure that commands are executed by the intended people.

Policies can be multi-levelled, allowing daily administration tasks to be carried out by one group while more privileged, restricted administration, such as web server configuration, can be carried out by a separate individual or group.

Through the use of Pluggable Authentication Modules and Defender, it is even possible to require strong authentication of certain classes of activity, or individual commands.

When configuring UPM to provide delegation services across a firewall within a DMZ, a maximum of 3 ports need to be open for UPM to traverse the firewall, and thus defined in the firewall rule sets.

In today’s security sensitive environment, security administrators are constantly seeking to reduce port usage through their firewalls, making UPM the only sensible choice of product in the privilege delegation field.