Security terms
The security section of the documentation uses several terms that must be clarified for a good understanding.
- Firewall Router
- This is a device that isolates the corporate network from the Internet. It typically allows connections to the Internet, but also prevents connections from entering. They can usually be configured to allow/prevent several conditions. They can be configured to allow a port connection from the Internet to go through to a machine. This can be done either by allowing the connection straight through or translating it to a different port.
- NAT
- Network Address Translation is a method of allowing computers to access the Internet without having them be assigned real Internet addresses. The connections must originate from the internal machines to reach Internet addresses. TheNAT router will then put these on the Internet using the router's IP address. When data is returned it forwards the data to the requesting internal machine. Part of this process includes mapping what internal IP/Port combinations correspond to external port usage. Doing so allows the router to know where data needs to be sent when it returns. Special port mappings can be made to specific internal IP addresses to support connections originating from the Internet. Other configurable values might be session timers that will be explored in the section.
- Private Network
- This is the network used in the corporation that is private and trusted. Most companies tightly control what is plugged in so they can ensure the data is safe.
- VPN
- Virtual Private Network is a method of tunnelling through an existing connection back to the corporate LAN. It provides end-to-end encrypted connections. These types of connections are usually equivalent to being plugged into the office LAN.
- Encryption of all Data
- Genero requires a TCP connection for the GUI data transmission. If the GDC short cuts are being used there is also a connection needed to start the application that may require a log in. Both connections in this case are encrypted.
- Password/login Encrypted
- Genero logs in and executes an application when the short cuts are used. This connection is encrypted. The connection carrying the GUI data is not encrypted.
- Keep Alive
- Typical TCP connections don't cause any network traffic when idle unless the KeepAlive flag is set. This flag will prevent the session from timing out and thus prevent the session from closing. This also assumes that the firewalls don't expire the session during the keep alive interval.
- Port Forwarding
- The method referred to is implemented in the Secure Shell (ssh). The ssh can be told to listen to a port and tunnel it through an existing ssh session and present it to a port on the other machine. This method is used to listen to a port on the server side and direct the data to the GDC on the client side.
Note: This document covers system configuration using the following environment:
-
Genero Desktop Client Release 1.20.1a (under Windows™, Linux® and Mac Os 10)
-
Genero DVM Release 1.20.1a (Under Linux and Windows)
-
Different Openssh Server 3.x.yy under Linux