What's New in MultiNet v5.2
Features |
Description |
| BIND 9.3.2 Server |
BIND 9 supports Multiple Views (also referred
to as Split DNS). A common practice for organizations
is to run servers for internal use separately from those for
external use. But in many instances, both internal and external
clients use both servers. And if the organization uses network
address translation (NAT), the servers must be accessible from
two different IP addresses.
In the split DNS infrastructure administrators can create
two zones for the same domain. One of the zones is used by
internal network clients and the other zone is used by external
network clients. The benefit of using split DNS is that it
provides easier access management. Administrators need to manage
the database in one location and not in multiple locations.
Other enhancements made in the BIND 9 server include support
for IPv6, improved security in DNSSEC (signed zones) and TSIG
(signed DNS requests), improved standard conformance for over
25 RFCs, and more. |
| IP Security (IPSEC) Upgrade |
A gateway interface has been added for layer 3 tunneling
support. When used together with IPSEC, administrators can
create a VPN. It provides standard secure communication with
other devices that support layer 3 tunneling and VPNs such
as various routers.
IKE (or ISAKMP) functionality is also supported. IKE negotiates
the IPSEC security associations and generates the required key
material for IPSEC automatically. |
| IPv6 |
IPv6 has been implemented in the kernel; the Telnet, FTP,
BIND server, NTP, and SSH applications can use IPv6. It includes
support for a six to four interface (RFC 3056), which is a tunneling
mechanism where IPv6 packets are encapsulated into IPv4 packets.
This allows isolated IPv6 domains or hosts attached to an IPv4
network, which has no native IPv6 support, to communicate with
other IPv6 domains or hosts with minimal manual configuration. |
| NTP v4.2 |
NTP is a protocol designed to synchronize the clocks of computers
over a network. This release replaces DES with MD5 and includes
various bug fixes. It has been upgraded to the latest standard
which supports IPv6. |
| SSH Upgrade |
SSH has been upgraded and includes the following new features:
- The CERTTOOL utility is used to manipulate X.509 certificates.
It can create PKCS#10 requests and allow users to create
a PKCS#12 package containing any number of private keys and
certificates.
- SSH provides single sign-on access to LDAP and RSA SecurID
authentication when used with Process Software’s VMS
Authentication Module (VAM) software.
- The client and server support IPv4 and IPv6
- The system administrator can specify which IP addresses
are used or restrict directory access for certain users.
- File operations that a user performs can be restricted.
- Messages about the operations that a user performs can
be logged to a variety of OPCOM classes.
|
| FTP support for VAM |
Users can be authenticated using Process Software’s
VMS Authentication Module (VAM). |
| Performance improvements |
Various kernel performance improvements have been made. The
input/output transactions for the BG interface have been re-designed
for quicker processing. |
|
