There is no need to specify a specific rule/policy for outgoing calls. NetDefendOS
monitors the communication between "external" phones and the gatekeeper to make
sure that it is possible for internal phones to call the external phones that are registered
with the gatekeeper.
6.2.11. The TLS ALG
Overview
Transport Layer Security (TLS) is a protocol that provides secure communications over the public
Internet between two endpoints through the use of cryptography as well as providing endpoint
authentication.
Typically in a TLS client/server scenario, only the identity of the server is authenticated before
encrypted communication begins. TLS is very often encountered when a web browser connects
with a server that uses TLS such as when a customer accesses online banking facilities. This is
sometimes referred to as an HTTPS connection and is often indicated by a padlock icon
appearing in the browser's navigation bar.
TLS can provide a convenient and simple solution for secure access by clients to servers and
avoids many of the complexities of other types of VPN solutions such as using IPsec. Most web
browsers support TLS and users can therefore easily have secure server access without requiring
additional software.
NetDefendOS Supports TLS, Not SSL
TLS is a successor to the Secure Sockets Layer (SSL) but the differences are slight. For most
purposes, TLS and SSL can be regarded as equivalent. However, NetDefendOS only supports TLS
and any reference to SSL in NetDefendOS documentation should be assumed to be referring to
TLS. The TLS ALG can be said to provide SSL termination since it is acting as an SSL end-point.
Cryptographic Suites and TLS Version Supported by NetDefendOS
NetDefendOS supports a number of cryptographic algorithms for SSL VPN. Only some are
enabled by default and all can be either enabled or disabled. All the supported algorithms are
listed in Section 13.9, “SSL/TLS Settings”. Note that TLS version 1.0 and 1.2 is supported by
NetDefendOS but not version 1.1. Refer to Section 13.9, “SSL/TLS Settings” for how to disable
version 1.2 so only 1.0 can be used.
Both NetDefendOS TLS ALG and SSL VPN also support renegotiation as defined by RFC 5746.
TLS is Certificate Based
TLS security is based on the use of digital certificates which are present on the server side and
sent to a client at the beginning of a TLS session in order to establish the server's identity and
then be the basis for encryption. Certificates which are Certificate Authority (CA) signed can be
used on the server in which case a client's web browser will automatically recognize the validity
of the certificate.
Self-signed certificates can be used instead of CA signed certificates on the server. With
self-signed certificates, the client's web browser will alert the user that the certificate's
authenticity is not recognized and the user will have to explicitly tell the browser to accept the
Chapter 6: Security Mechanisms
500
To Next Page
Loading...
