ZoneRanger: Management Through Firewalls

How do you manage what you cannot see?  Corporate information on the Internet is mandatory, and it exposes the network to threats.. The battle lines are drawn between security and network management.  The invention of the firewall stopped many intruders.  Firewalls also stopped network management. To solve this problem, extensive firewall rules are established  Security experts agree network management protocols are a significant security risk.  In many cases, SNMP and other protocols are not allowed to pass through the firewalls. Without these protocols, network managers cannot ensure availability of data or applications. DMZs (extranets, untrusted zones, etc.) were the initial areas of concern. 

Read more...
 
Key news stories in Security and Network Management

Latest Press Release: SevOne and Tavve Integration
Network World: Experts: Weak economy to grow managed network services
Net-Security: Critical infrastructure is not prepared for cyber attacks
Network Computing: Time to Halt Runaway VM Sprawl
SC Magazine:Can you be PCI compliant & secure?
 
TechNote: ZoneRanger Allows NMS to Reach into DMZ over Single TCP Port

The Challenge

Extending an NMS (UniCenter®, Spectrum®, Tivoli/TEC®, Open/NMS® , etc.) into a firewall partitioned network is possible but not trivial. Opening ports in the firewall to pass the needed network management protocols (ICMP/ping, SNMP, SNMPTRAP, telnet, syslog) is not acceptable for many companies. Deploying an application specific remote poller is a common approach but can incur additional software cost, a server to run it on and configuration expertise. Performance data collected via SNMP may not roll up transparently to the main NMS server or in real-time. Duplicate IP addresses can be managed with NAT on gateway devices but this requires additional expertise and access to the device or bumping up against maintenance windows to configure and maintain.
Read more...
 
TechNote: Using ZoneRanger to Manage Devices in a CiscoWorks Environment

The Challenge

The network operations team uses CiscoWorks to manage the device inventory and equipment configuration files.  Although this is straightforward within the enterprise, unsecured networks such as DMZs can be problematic due to restrictive security policies and procedures.  Without extensive firewall configuration and management, devices outside a firewall are unmanageable by CiscoWorks.  In particular,
Read more...
 

How does ZoneRanger fit into your network?

What others are saying...

"Tavve has developed the ZoneRanger product, in order to enable companies to leverage their centralized management infrastructure across firewall-partitioned networks, while mitigating risks associated with management protocols."
Tavve: ZoneRanger 
Subraya Mallya
PrudentCloud.com


"Without a more secure approach to managing the protocols and tools that manage the network - including the 'trusted' internal network - enterprises may be exposing themselves to more risk than they realize."

Scott Crawford, CISSP, ISSAP, ISSMP
Senior Analyst, Enterprise Management Associates

"ZoneRanger effectively extends the reach of management applications to devices located beyond firewalls, eliminating the need for complicated firewall configurations, extensive agent deployments, or expensive application replication. ZoneRanger also provides security, acting as an application layer proxy firewall, inspecting and validating the traffic relayed between applications and devices.
Jim Doble, CISSP
CTO, Tavve