Packet-filtering rules allow the inside network to talk only to the internal name server and the outside network to talk only to the external name server. This involves running two name servers on the CyberGuard firewall: one name server for the external interfaces and one name server for the internal interfaces. Proxies are particularly generously provided for with a wide range of what CyberGuard calls SmartProxies for FTP, Gopher, HTTP, NNTP, Rlogin, SSL, SMTP, Telnet, X-Windows, SOCKS, LDAP and many more.ĬyberGuard implements a split domain name system to guard against the fact that DNS can be used to probe a network and gain useful information about it. Extra-cost options include hardware acceleration of cryptographic VPN processing, dual redundant power supplies, RAID to protect against internal hard disk failure, high-availability software (which means that it can operate in redundant failover mode with another CyberGuard firewall), URL filtering, and reporting tools. The KS1500 supports third-party virus scanning via the content vectoring protocol, and there is GUI-based PKI support for Baltimore's Unicert CA. As it has been designed for an enterprise environment, central management, centralized log storage, and centralized authentication are provided, plus configuration tracking. Obviously, it has all the usual features you would expect from a modern sophisticated firewall: static and stateful packet filtering, network address translation, IPsec VPN, routing and proxies. This involves configuring the multiple Ethernet interfaces (which may also be configured for link aggregation and fail-over) and selecting firewall policies, which sensibly defaults to 'deny everything.' Installation and set-up are therefore particularly easy and all that remains to be done is to configure the firewall functions. And, of course, the configuration and management interface can subsequently be accessed remotely also, using a web-browser. Then CyberGuard's own GUI appears on the console and you can continue configuration from there. Externally, it has all the usual ports you would associate with a PC, so you must connect your own keyboard, mouse and monitor for initial configuration, which is done using a floppy disk that you must create on a standard Windows PC using software supplied on a CD-ROM.ĭuring first boot-up, the CyberGuard firewall console requests that you insert this floppy disk, which you will have already created and which contains the initial configuration parameters, such as IP address, administrator's password, etc. Internally, it is based on the Intel x86 PC architecture running a secure Unix operating system, which is hardened to the kernel level this then has multi-level shell security to stop unauthorized root access. Physically, the KS1500 is housed in a 2U-high standard 19-inch rack-mounted enclosure. The secure operating system was designed to meet TCSEC/NCSC criteria at the 'Orange-book' B2 level. The firewall boasts a host of certification standards including Common Criteria Eval uation Assurance Level 4+ (EAL4+), ICSA, ITSEC E3, Checkmark, etc. Performance is the strength of the KS1500, which is designed to cope with 1.5 Gbits/sec throughput and up to 1.2 million simultaneous connections. We tested model KS1500, which can have up to 18 Ethernet interfaces, of which two are gigabit-over-copper as standard. All have an integrated VPN, run the same firewall software, and have the same configuration GUI. CyberGuard offers a range of firewall/VPN appliances with specifications ranging from three Ethernet interfaces and 125Mbits/ sec throughput to 21 Ethernet interfaces and 2Gbits/sec throughput.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |