1 FIREWALL Features SECURITY OF INFORMATION TECHNOLOGIES
2 To ensure that they stay competitive and in order to expand their activity, businesses today know it is in their best interests to open up more channels for direct communication and exchange with their clients and partners, sometimes even to the extent of opening up a section of their information system. In the meantime, corporate networks grow more complex, e.g. the development of Wi-Fi connectivity within local networks or increasingly thorough segmentation of privileges and usage often as a result of compliance measures (ISO270X, PCI-DSS, etc). In this context, it is a fundamental security requirement to restrict traffic on the network and to use solutions that can seamlessly apply filtering based on user identity. NEXT-GENERATION FIREWALL Such segmentation, in addition to enabling the control of user access to each of the resources on the network, can offer some protection against external attacks. It also prevents the spread of viruses internally between departments. Furthermore, if your business is subject to standards such as PCI-DSS, you are required to screen certain areas of your network. In many cases the installation of a firewall is a requirement to ensure compliance. Many studies indicate that most threats emanate from within the network. Once your network is segmented, you can configure your Stormshield Network Security appliance to control which traffic and users are authorized to move between protected zones. Stormshield Network Security s integrated intrusion prevention engine uses protocol scans, application filtering and antivirus scans to inspect authorized traffic and strengthen application security. Stormshield enables you to establish and configure user-based security policies, giving you greater control over the network resources each user is authorized to access. WINDOWS SERVICE FILTER Thanks to the feature that filters Windows services, you can closely manage how these services are used (Active Directory backup and restoration, IIS services, Microsoft Messenger, etc) on your network. An inspection of the Windows DCE-RPC protocol enables the identification of accessible services and the application of an adapted filter policy, thereby protecting your infrastructure from malware or security evasion techniques that exploit the slew of vulnerabilities on these services. IPv6 The IPv6 protocol has been implemented in the filter features on Stormshield Network Security appliances. The security of your network is therefore ready for a smooth transition to new-generation networks.
3 APPLICATION FIREWALL As threats to corporate networks grow and evolve, simple firewalls no longer form an effective barrier. The only adequate response is to upgrade networks with the latest security technologies. Network layer protection is no longer enough. A modern approach addresses both the threats to applications and services, as well as to the network itself. Monitoring and restrictions must be applied to applications, users and traffic content. A traditional firewall can no longer deal with threats such as the use of non-standard Benefits: ports and encrypted attacks. Stormshield multifunction firewalls include a range of modules for proactive security. A policy of continuous development ensures they are able to meet the needs of even the most demanding corporation. The Intrusion Prevention System (IPS) from Stormshield Network Security Full protection against application vulnerabilities Complete network overview High-level filtering without reliance on ports synthesizes an array of technologies and over 10 years of research from 2 companies that specialize in security (Arkoon and Netasq) to deliver exceptional levels of protection. The Application Firewall feature from Stormshield Network Security contains a real-time analysis module. The Stormshield Network Vulnerability Manager module enables control of applications, services and all network vulnerabilities. It offers a complete overview of the network to facilitate fast, effective risk management, giving you end-to-end control of the entire infrastructure. The built-in antivirus feature conducts antivirus, antispyware and antiphishing scans for exceptional protection against malware applications. Analytical processes are updated automatically to provide incremental protection. Stormshield Network Security solutions deliver the highest levels of security at all times. USER-BASED SECURITY As user mobility intensifies, so does network complexity. It is becoming increasingly difficult to manage network security and access to applications purely on the basis of an established and known network architecture. Today, users access applications in a variety of ways, including remote access, laptops, tablets and smartphones. Therefore, effective security management needs to be based on the concept of the user. So rather than being set up to block PCs and servers, a modern security system must be enabled to block users. To achieve this, you need to implement highly modular security rules. Stormshield s unique multifunction firewalls enable security rule management based on user identity. When a computer is used as a gateway, access to resources depends on the user s identity. You will no longer need to devote time and effort to managing the resources on the network as each new device which is connected is automatically linked to the policy associated with its user.
4 All Stormshield Network Security products feature modular security policies. This allows you to ensure the appropriate and effective use of network resources. You can also implement connection schedules, content filtering and VPN, SSL and IPSec access to remote resources based on the identity of the user. This limits the number of rules to apply to all of the user s resources, regardless of the installation or device they are using. User access control can be based on your internal directories (LDAP, Windows Active Directory) and be a fully seamless operation, thanks to the SSO (Single-Sign-On) agent installed directly on the controller or on a machine on the domain. As soon as users open a Windows session, they will be automatically authenticated on the Stormshield Network Security appliance, even when they log on through a multi-user system such as Citrix or TSE. Stormshield Network Security appliances offer various simultaneous authentication methods, thereby providing multiple possibilities for identifying users (certificates, captive authentication portal, Windows transparent authentication, internal LDAP, guest mode, etc). CONTROL OF MOBILE DEVICES, AN ANSWER TO BYOD ISSUES The boom in the use of mobile devices such as smartphones, touch screen tablets or ordinary personal laptops in the workplace or elsewhere presents a real headache for security managers. How is it possible to keep pace with the spreading practice of BYOD (Bring Your Own Device) while maintaining an efficient level of protection and monitoring these devices? With Stormshield Network Security, you can easily identify the mobile terminals connected to the information system and control their use. It is therefore possible to allow or deny the use of these devices during certain time slots, or for certain users or user groups or for access to certain resources. A stronger protection profile can even be applied. Benefits: User-based security Enables a modular security policy Network modifications do not affect established rules No impact for users thanks to seamless authentication Stormshield Network Security offers incomparable flexibility for the authentication of users, whether they are using professional or personal devices. The many authentication methods offered can be used jointly to validate access from all types of devices.
5 ABOUT Arkoon and Netasq, fully owned subsidiaries of Airbus Defence and Space CyberSecurity, run the Stormshield brand and offer innovative end-to-end security solutions both in France and worldwide to protect networks (Stormshield Network Security), workstations (Stormshield Endpoint Security) and data (Stormshield Data Security). All trademarks are the property of their respective companies. Phone The cost of a call may vary according to the country you are calling from and your telecoms operator. Netasq Parc Scientifique Haute Borne - Parc Horizon, Bat 6, Avenue de l Horizon Villeneuve d Ascq - FRANCE Arkoon & Netasq Copyright 2014
White Paper Secure Network Access for Personal Mobile Devices What You Will Learn People around the globe are enamored with their smartphones and tablet computers, and they feel strongly that they should
Securing FlexPod Deployments with Next-Generation Firewalls CHALLENGE The VMware on FlexPod platform is being widely deployed to accelerate the process of delivering virtualized application workloads in
Empower employees with device freedom without compromising IT Network A Bring-Your-Own-Device (BYOD) Solution Brief Introduction Bring Your Own Device (BYOD) has become one of the most influential trends
Is Your Network Ready for VoIP? Evaluating firewalls for VoIP access, control and security. CONTENTS The Network Will Never be the Same 2 A VoIP-Ready Firewall Criteria Checklist 2 Control Considerations
Operational Guidelines for Industrial Security Proposals and recommendations for technical and organizational measures for secure operation of plant and machinery Version 2.0 Operational Guidelines for
expanding web single sign-on to cloud and mobile environments agility made possible the world of online business is rapidly evolving In years past, customers once tiptoed cautiously into the realm of online
10 Things Your Next Firewall Must Do Introduction Without question, your network is more complex than ever before. Your employees are accessing any application they want, using work or personal devices.
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
Cyber Security Intel Corporation U.S. Executive Order 13636 and Critical Security Capabilities to Consider White Paper Authors Amit Agrawal (Security Strategist, Intel) Jack Lawson (Director - Security,
Securing Traditional and Cloud-Based Datacenters With Next-generation Firewalls February 2015 Table of Contents Executive Summary 3 Changing datacenter characteristics 4 Cloud computing depends on virtualization
Next Generation Security with VMware NSX and Palo Alto Networks VM-Series TECHNICAL WHITE PAPER Summary of Contents Introduction... 3 Intended Audience and purpose of document.... 3 Solution Overview....
WHITE PAPER Security Best Practices for Mobility in Education Securing Networks as Mobile Devices Proliferate in Education Copyright 2011, Juniper Networks, Inc. 1 Table of Contents Executive Summary........................................................................................................
Standard: Version: 2.0 Date: June 2011 Author: PCI Data Security Standard (PCI DSS) Virtualization Special Interest Group PCI Security Standards Council Information Supplement: PCI DSS Virtualization Guidelines
Enterprise Mobility Management: A Data Security Checklist Executive Summary Secure file sharing, syncing and productivity solutions enable mobile workers to access the files they need from any source at
WHITE PAPER Enabling BYOD in K-12 with Seamless Mobile Device Accountability and Control How to ideally support mobile devices and maintain Web security and policy compliance in your schools About This
1 MOBILITY IN FINANCIAL SERVICES A Checklist Towards Regulatory Compliance Whitepaper Whitepaper Brochure 2 A Checklist Towards Regulatory Compliance Like business leaders in every industry, decision makers
Best Practices for Securing an Intelligent Building Management System System integrators, network administrators, and facilities personnel need to apply best practices for securing an ibms throughout its
G DATA TechPaper #0273 Mobile Device Management G DATA Application Development TechPaper_#0273_2015_04_21 Contents 1. 2. 3. 4. Introduction... 3 Mobile devices in the enterprise... 3 2.1. Benefits... 4
Building the Fortified Wireless LAN Consolidated, integrated security for wired and wireless networks FORTINET Building the Fortified Wireless LAN PAGE 2 Contents Introduction to Wireless Security... 3
A COALFIRE WHITE PAPER Using s Cloud & Data Center Security Solution to meet PCI DSS 3.0 Compliance Implementing s Deep Security Platform in a Payment Card Environment April 2015 Page 1 Executive Summary...
Tenzing Security Services and Best Practices OVERVIEW Security is about managing risks and threats to your environment. The most basic security protection is achieved by pro-actively monitoring and intercepting
Nine Essential Requirements for Web Security Enabling safe, productive access to social media and other web applications Table of Contents Executive Summary...3 Introduction...4 Web Security Concerns....4
Secure Credential Federation for Hybrid Cloud Environment with SAML Enabled Multifactor Authentication using Biometrics B.Prasanalakshmi Assistant Professor Department of CSE Thirumalai Engineering College
McAfee NGFW Reference Guide for Firewall/VPN Role 5.7 NGFW Engine in the Firewall/VPN Role Legal Information The use of the products described in these materials is subject to the then current end-user