Two-Tier Firewall genugate. Robust Security for Networks



Similar documents
Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Intelligent Solutions for the Highest IT Security Demands

Security perimeter. Internet. - Access control, monitoring and management. Differentiate between insiders and outsiders - Different types of outsiders

Intelligent Solutions for the Highest IT Security Requirements

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Astaro Gateway Software Applications

Security Technology: Firewalls and VPNs

Firewall Environments. Name

Internet Security Firewalls

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

HANDBOOK 8 NETWORK SECURITY Version 1.0

Figure 41-1 IP Filter Rules

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Firewall Configuration. Firewall Configuration. Solution Firewall Principles

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

Firewall and UTM Solutions Guide

Sophos Certified Architect Course overview

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Secure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity

Firewall Audit Techniques. K.S.Narayanan HCL Technologies Limited

Multi-Homing Dual WAN Firewall Router

White Paper Secure Reverse Proxy Server and Web Application Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

FIREWALLS & CBAC. philip.heimer@hh.se

SE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane

Customer Service Description Next Generation Network Firewall

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Tutorial 3. June 8, 2015

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Raptor Firewall Products

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Internet Security Firewalls

How To Protect Your Network From Attack

8. Firewall Design & Implementation

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

RAS Associates, Inc. Systems Development Proposal. Scott Klarman. March 15, 2009

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Boston Area Windows Server User Group April 2010

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

ZyWALL USG ZLD 3.0 Support Notes

Next Generation Network Firewall

Network Access Security. Lesson 10

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

Cisco Certified Security Professional (CCSP)

Configuration Example

DMZ Gateways: Secret Weapons for Data Security

KERIO TECHNOLOGIES KERIO WINROUTE FIREWALL 6.4 REVIEWER S GUIDE. (Updated April 14, 2008)

- Introduction to PIX/ASA Firewalls -

Owner of the content within this article is Written by Marc Grote

Cornerstones of Security

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

INTRODUCING KERIO WINROUTE FIREWALL

DMZ Network Visibility with Wireshark June 15, 2010

Firewalls (IPTABLES)

H.I.P.A.A. Compliance Made Easy Products and Services

Security threats and network. Software firewall. Hardware firewall. Firewalls

TRUFFLE Broadband Bonding Network Appliance. A Frequently Asked Question on. Link Bonding vs. Load Balancing

Recommended IP Telephony Architecture

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Polycom. RealPresence Ready Firewall Traversal Tips

Chapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.

IRENE. Intelligence between POS terminal and authorization system. Gateway. Increased security, availability and transparency.

TRUFFLE Broadband Bonding Network Appliance BBNA6401. A Frequently Asked Question on. Link Bonding vs. Load Balancing

Firewalls. Chapter 3

home networking series Advanced manual - HOME NETWORKING

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Networking for Caribbean Development

Solution Brief: Enterprise Security

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Securing the Small Business Network. Keeping up with the changing threat landscape

White Paper. Traversing Firewalls with Video over IP: Issues and Solutions

Firewalls. Ahmad Almulhem March 10, 2012

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

Internet infrastructure. Prof. dr. ir. André Mariën

Overview. Firewall Security. Perimeter Security Devices. Routers

Borderware MXtreme. Secure Gateway QuickStart Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

we secure YOUR network we secure network security English network security

Testing New Applications In The DMZ Using VMware ESX. Ivan Dell Era Software Engineer IBM

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ

Cisco PIX vs. Checkpoint Firewall

Proxies. Chapter 4. Network & Security Gildas Avoine

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work

Voice Over IP and Firewalls

OpenScape Business V2

Chapter 7. Firewalls

Transcription:

Two-Tier Firewall genugate Robust Security for Networks

genugate: Two-Tier Firewalls for Ultra Secure Interfaces The level of your IT security is largely defined by what happens at the interface between the Internet and your local network. Every outside access and all outbound data must pass through here. If you are able to thoroughly monitor data traffic here, you can set up direct blocks against unwanted connections and dangerous content, and provide effective protection for your network. With the genugate firewall, we offer a high-security solution for this purpose. The special feature of the product is that it contains two different firewall systems an application level gateway and a packet filter combined into one compact solution. This two-tier structure distinguishes genugate from other firewalls, and guarantees maximum security at the critical interface between your network and the Internet. Coordinated Complete Solution genugate is a complete solution: hardware, operating system, and firewall software. All components are perfectly coordinated and specifically designed for maximum security. The OpenBSD operating system ensures high security standards, and the two firewall systems the application level gateway and the packet filter run on physically separated computers. Application Level Gateway Checks Content At the heart of the genugate solution is the application level gateway. This advanced security system checks the content of your data flows. The first step in this process is stopping the incoming data packets the application level gateway never allows a direct connection between the Internet and your local network. It then assembles the packets like a puzzle, as content checks can be carried out only on complete data records. The application level gateway can now filter the data and block out unwanted material: active content, viruses, or spam, depending on how you have configured your system. Please note only an application level gateway is capable of real content checks. Data will be forwarded over a new connection only after all checks have been performed. On the other hand, packet filters on which the security of many other so-called firewalls is exclusively based only are capable of checking a few formal criteria! Teamwork with Packet Filter genugate also has an additional packet filter, operating on the inside (local network side). The packet filter checks the data packets according to the header data: IP address, protocol type, and port number. As a result, all the data has to negotiate two firewall systems, with protection systems operating on different levels and perfectly complementing one another. The two systems effectively work as a team, each supporting the other. So-called demilitarized zones (DMZ) are much easier to implement with this two-tier setup. Servers and gateways that need to be accessible from both the Internet and the LAN are located between the two firewalls. The LAN still is separated from the DMZ by the second firewall, and thus is protected from any direct access from the Internet. This two-tier structure, consisting of a powerful application level gateway with an additional packet filter, is the central feature of genugate that is your assurance of top-level security.

WLAN/ UMTS Mobile User Internet DSL Home Office IPv4 IPv6 VPN www Router (e.g. firewall genuscreen for P-A-P-Solution) SMTP FTP ALG PFL genugate VPN DMZ VPN Gateway Server DMZ LAN Customized Security Zones for all Requirements ALG = Application Level Gateway PFL = Stateful Packet Filter encrypted data Safe and Easy Migration to IPv6 genugate is fully IPv6 capable. It permits seamless running of both protocol versions at the same time, as the application level gateway handling traffic between local networks and the Internet can translate IPv4 to IPv6 and vice versa. This ensures reliable communication, even if older clients and and servers are not capable of both versions. At the same time, genugate defuses many risks of the extended standard: Above all, the IPv6 header entails many potential points of attack. These security issues, however, are removed by the application level gateway s procedure of always generating new packets and headers after content checking. Ideal Basis for a P-A-P Solution The German Federal Office for Information Security (BSI) recommends protecting the critical connection between the Internet and a local network with a firewall combination, consisting of two packet filters and an application level gateway, or P-A-P for short. The packet filters placed on either side of the powerful application level gateway provide optimum protection against both direct attacks and high data loads. With genugate, it becomes a simple matter to provide this high level of protection. For example, a P-A-P solution can be created with an Internet router configured with rules to act as an additional packet filter, operated in conjunction with the two-stage genugate system.

Seal of Approval: Certified by the BSI to CC EAL 4+ The genugate system has been certified at the strict EAL 4 security level by the German Federal Office for Information Security (BSI), in accordance with the international Common Criteria (CC) standard. This required the submission of detailed design documentation for all security mechanisms, including the complete source code, and involves extensive testing. This process allows independent experts to check that all security functions have been correctly implemented, down to every individual line of code. The result of this process was certification at the level EAL 4+ with the additional rating Highly Resistant. Highest Level for Complex Systems What exactly is the significance of EAL 4+ certification with the additional classification of Highly Resistant? EAL 4 is the first level to include a source code audit, and concurrently is the highest level that can reasonably be applied to an entire system as complex as a firewall. The addition + indicates however, that level EAL 4 has been surpassed for certain criteria. genugate has achieved this in its handling of patches. However, this is a criterion other manufacturers also could fulfil in order to improve their certification level with a +. Far more important for your IT security is the fact that genugate meets even higher standards when it comes to self-protection: the firewall provides systematic dual protection using two different security mechanisms for all potential points of attack, such as interfaces. As a result, the system is highly resistant to direct and intelligently carried out attacks its security capabilities correspond with the evaluation assurance level AVA_VAN.5, and comply with EAL level 7 requirements. Based on this exceptional security performance, the BSI classified genugate as Highly Resistant the only firewall in the world to achieve this rating. This rating gives our customers an independent guarantee that they have purchased a high-security solution. Therefore, this stringent quality assurance test is repeated for every new major release. Highly Available Clusters and Central Management To precisely meet a wide range of different performance requirements, we supply genugate in the hardware models genugate 200, 400, 600, and 800. We can handle any bandwidth and availability requirements in excess of these capacities by using clusters: all genugate models can be bundled to clusters with any capacity requirement the customer specifies. The firewall is administrated using a consistent Web GUI. If you have deployed several genugates, the firewall rules can be centrally administrated by the management station genucenter.

Service Directly from the Producer In the area of support, your wish is our command. Many customers ask us to handle the whole process of administering their firewall solution. That means they can focus on their core business, and leave their IT security in our professional hands. We also offer hotline support 24 hours a day, seven days a week, and a regular update service. When it comes to hardware support, however, there is no choice to be made. Every genugate comes with a Germany-wide next business day replacement service: if one of your appliances breaks down, you will receive an identical exchange unit on the next working day. We also ship exchange units to international locations, but due to shipping restraints cannot guarantee delivery until the next working day. This support service is provided free for the first three years after purchase of the product. Thereafter, a yearly fee will be charged. genugate Can Do even More A wide range of products can be added to the genugate firewall system to create a comprehensive security solution. For example, the genuscan interface package allows the integration of a virus scanner for WWW, FTP, SMTP, POP3, and NNTP, and for situations with especially high-performance requirements, the external genugate scanserver can perform this role. genua also offers standby systems, URL blockers, and reverse proxies for authentication and SSL encryption. High-Security Gateways: RSGate and Diodes For even more restrictive control of an interface, we provide our high security gateways solutions: the RSGate implements document content checks, and has already proved its worth in practice, for example in military applications at so-called red-black interfaces. In addition, the genugate data diode is the best solution for high performance transfer of data in one direction only. No matter what task you set us, it is safe to say that we will have the right solution for it. genua s Firewall Solutions Firewall & VPN Appliance genuscreen Saves sensitive internal and external interfaces Two-Tier Firewall genugate Saves high-sensitive external interfaces High-Security Gateways RSGate Saves high-sensitive Red-Black interfaces genugate data diode Saves high-performance unidirectional interfaces

Our Customers Include: Ansbach Regional Authority Berlin-Bonn Information Network (IVBB) Borgers-Group Deutscher Bundestag EUROGATE German Federal Agency for Technical Relief (THW) German Federal Ministry of Labour and Social Affairs German Federal Public Prosecutor, Federal Supreme Court German Federal Statistical Office German Parliament Bundestag Homeland Security Hubert Burda Media KASTO Maschinenbau Klüber Lubrication MAN Group Mülheim an der Ruhr Municipal Authority Press and Information Office of the German Federal Government RTL II television channel Schober Information Group State Criminal Investigation Department of Thuringia Stuttgarter Lebensversicherung Swarco Traffic Systems telegate AG WMF AG Würth Group How genugate Benefits You: The two-tier system ensures top security Control of data content by the application level gateway Convenient setup of a demilitarized zone (DMZ) on the basis of the two-tier system Save and easy migration to IPv6 Clusters for high availability and bandwidths Simple integration offered as a complete solution Central administration of firewall rules by management station Quality guaranteed by CC certification The only Highly Resistant firewall in the world Customer service directly from the manufacturer Further information: www.genua.eu/genugate About genua genua is a German IT security specialist. Since our company was founded in 1992, we have been involved in securing networks and developing sophisticated solutions. Our products comprise firewalls certified to the international Common Criteria (CC) standard, high-security gateways and diodes for sensitive network interfaces, intelligent VPN and remote maintenance systems, mobile security solutions, and a wide range of services. Many large and medium-sized companies and authorities rely on our know-how and solutions to protect their IT. www.genua.eu genua mbh, Domagkstrasse 7, 85551 Kirchheim, Germany phone +49 89 991950-0, info@genua.eu GG-SF-0912-4-E

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information