$ 1,499.95
		BUY NOW
		Evaluate
		Compare

 

Internal Firewall - Defending the local network from internal threats

A perimeter firewall protects a local private network from threats originating on the Internet or other external networks. But what protects from threats that arise from within the local network, such as unauthorized user access and the spread of malware such as viruses, worms and trojans. It is an unfortunate fact that most security problems arise from within the so called "protected" local network.

For large enterprise networks the perimeter firewall is no longer enough, key servers and business critical systems need to be protected from other computers and users on the same local network. SmoothWall Advanced Firewall, operating as an internal firewall, is the solution.

SmoothWall Advanced Firewall allows the local network to be segregated into many physically isolated network zones, with the firewall strictly controlling what traffic can pass between zones. By default no traffic can pass between zones. Inter-zone bridges are created only when needed. When a user authenticates with either a Microsoft Active Directory or LDAP server, the firewall will open inter-zone bridges for the user's computer as specified by the security policy for that user. Each inter-zone bridge permits the user computer to communicate with a specific computer in another zone using a specified port or service, for example POP3 email to a Microsoft Exchange server. Attempts access to other services on the same server would be blocked by Advanced Firewall.

Inter-zone bridges restrict user access to the minimum necessary to perform their job function. Only the security policies for administrators and system managers would allow for the creation of inter-zone bridges to services that could be used to re-configure or attack systems. Not only does this mechanism block unauthorized user access but also restricts the spread of viruses, worms, and trojans between zones. For example, by segregating laptop users into a dedicated zone, should a laptop user bring a virus or worm into work with them, it would not be able to traverse the zone boundary and infect other systems.
Using high performance server hardware, Advanced Firewall can support a maximum of 20 physical network interfaces, which for high density applications can be dual or quad port Gigabit Ethernet cards. For interoperability with existing Virtual LAN (VLAN) networks, Advanced Firewall can operate as a VLAN router using 802.1Q VLAN trunk ports.

External Defense and User Access Control

Every network needs a perimeter firewall at its boundaries with the Internet and other external networks that are not under local control. The perimeter firewall must control all traffic that flows between internal and external networks, to both block malicious traffic from entering the local networks and to control users' access to the Internet and external services. SmoothWall Advanced Firewall employs stateful and deep packet inspection technologies along with advanced networking techniques to meet the perimeter firewall needs of today's enterprise networks.  

Technology advances and business requirements have resulted in most large networks requiring multiple external network connections, both Internet and private inter-network links to third party customer or supplier networks. Multiple Internet connections allow incremental capacity expansion and resilience against failure of a single connection. Advanced Firewall will share Internet traffic between connections, with automatic connection failure detection and re-routing of traffic to the next available Internet connection.

Peer to Peer (P2P) networks pose multiple threats to computer users. Apart from the obvious likelihood of copyright violation from the illegal download of music and video, there is a very real risk of the inadvertently sharing of confidential information on user PCs. Most P2P networks are funded by advertising and so it perhaps no surprise that they are notoriously riddled with viruses, Trojan horse remote control programs, spyware and other malicious code. The only safe option is to block access to all P2P networks. However, most P2P networks use port agile software that can communicate with the P2P server over any open IP port, defeating static IP port blocking. Advanced Firewall incorporates Deep Packet Inspection technology to identify and block P2P traffic regardless of the communications port it attempts to use.

Access to Internet and other external services is determined by user identity, not by simplistic rules based on the IP address of the computer being used. Outbound (egress) rules are dynamically created and destroyed based on who is using the computer, potentially allowing network managers and administrators unrestricted access to the Internet services, whereas ordinary users could be restricted to web browsing. Integration with Microsoft Active Directory and other LDAP user authentication systems enables Advanced Firewall to enforce access control policies based on user identity, without the need to store or replicate any user information.

Advanced Firewall's Intrusion Detection System is based on the well respected Snort IDS software. All common Internet based attacks are detected, including those against specific targets like Microsoft IIS web servers. Everyday scanning of Internet connections is reported but assessed as being of a low threat level; whereas sustained scanning or attacks against specific targets are treated as high priority, with the facility to notify system administrators by email or SMS text message. Categorization of the Snort rules allows the IDS system to be tuned for greater reliability by disabling rules that are not applicable to the application systems and servers used.