Providing unified threat management, InstaGate 305 includes network intrusion prevention, and deep packet inspection firewall to detect and stop threats at all layers of network. IPSec VPN with 3DES/AES encryption and digital certificate support allows site-to-site security and remote-access connectivity. Based on user-definable keywords, full URLs, and regular expression matching, URL filtering allows organization to limit URLs accessible from behind firewall.
Device Raises the Bar for Sub-$1,000 Unified Threat Management (UTM) Solutions by Including Gateway Anti-Virus, URL Filtering and Intrusion Prevention
BROOMFIELD, Colo., Sept. 14 -- eSoft, Inc., a leading vendor of integrated Internet security and content management solutions, announced today the availability of its newest product, the InstaGate 305 integrated security gateway, which integrates Firewall, IPSec VPN, Gateway Anti-Virus, Web URL Filtering and Network Intrusion Prevention into a single, easy-to-deploy and manage solution.
The InstaGate 305, tailored for small network environments with critical security needs, is the latest addition to eSoft's award-winning line of unified threat management (UTM) solutions that integrate dynamic Deep Packet Inspection services such as Anti-Virus and Intrusion Prevention into traditional Firewall/VPN network security appliances. While many devices in the sub-$1,000 market provide stateful Firewall and VPN functionality, few provide the performance and depth of inspection of the InstaGate 305, which is based on a powerful Intel(R) XScale processor with a large memory footprint.
"The InstaGate 305 fills a critical gap in one of the most under-served areas of the market," said Scott Lukes, eSoft vice president of marketing. "Small organizations are exposed to the same Internet threats as large Fortune 500 enterprises -- the only difference is that they don't have the same resources to deal with them. The 305 was designed to provide all of the necessary tools to protect small networks from modern, dynamic threats -- like the recent Zotob virus -- with minimal requirements from IT."
Friday, September 29, 2006
Monday, September 25, 2006
Revamp your network security - now
Did you like to blow things up when you were little? Come on, be honest. I'll come clean. More than a few mailboxes fell under the onslaught of my juvenile pyromania. Being an adult means wanton destruction is frowned upon. But maybe there is something we can do to regain the thrill.
Try this on for size: You should blow up your network. That's right - over the next 18 months you'll be overhauling your campus network. It's time. You know you are tired of those old Layer 3 switches. Those are so five years ago. Aren't those boxes depreciated yet? Get the finance guys on the horn.
The business has changed. The insider threat is real. Folks connect to your network from conference rooms and over VPNs from unsafe environments. You can't stick your head in the sand anymore. Compliance has teeth and you need to segment networks and protect sensitive data. Acknowledging this is a huge change for me, since I used to laugh when told that people needed to secure internal networks.
I remember talking years ago to companies that were pitching that customers needed to extend the protection deeper into the network. I laughed. The moat is deep and wide. The bad guys cannot get in. Well, now the bad guys are us and they may already be on the network. We need to make the network much less hospitable to them.
Try this on for size: You should blow up your network. That's right - over the next 18 months you'll be overhauling your campus network. It's time. You know you are tired of those old Layer 3 switches. Those are so five years ago. Aren't those boxes depreciated yet? Get the finance guys on the horn.
The business has changed. The insider threat is real. Folks connect to your network from conference rooms and over VPNs from unsafe environments. You can't stick your head in the sand anymore. Compliance has teeth and you need to segment networks and protect sensitive data. Acknowledging this is a huge change for me, since I used to laugh when told that people needed to secure internal networks.
I remember talking years ago to companies that were pitching that customers needed to extend the protection deeper into the network. I laughed. The moat is deep and wide. The bad guys cannot get in. Well, now the bad guys are us and they may already be on the network. We need to make the network much less hospitable to them.
Monday, September 18, 2006
Remote application console - Network security - Remote Console Server 3.0 - Brief Article
Providing remote access to console and DOS legacy applications, Remote Console Server 3.0 is an advanced remote-access server that runs as a regular network service for Windows NT/ 2000/XP. The solution dynamically displays a console panel (up to 255x255) without distortions, and supports a mouse, function keys and hot key combinations. Administration options include access time management, session monitoring and reviewing, capability to set restrictions by IP and domain address, sending messages to currently connected users, forced online session disconnection and termination, and overtaking control. The program features in-session file uploading and downloading support; every session has an independent clipboard on the server side; and for every process, the duration time limit is user defined.--Zilab Software
Tuesday, September 12, 2006
AT&T to upgrade network infrastructure for Internet Security Systems
Telecomms holding company AT&T Inc (NYSE:T) has signed a three year contract to upgrade the network infrastructure of enterprise security company Internet Security Systems Inc (ISS).
AT&T said the new contract, which follows ISS's adoption of AT&T's MPLS technology in 2004, which extends the MPLS services to ISS locations in the US, Europe and the Asia-Pacific region. ISS will use the network upgrade to add further company locations in the future.
According to AT&T, the network upgrade will provide ISS with disaster recovery services which use the fastest, most advanced any-to-any mesh connectivity, to ensure outages at centralised hubs do not disrupt the networks.
ISS will also use the upgraded network to introduce VoIP capabilities across its enterprise, enabling it to streamline internal voice communications and gain maximum cost-efficiencies. The new contract also covers dedicated Internet, long distance and AT&T ultravailable local access services
Thursday, September 07, 2006
THE NEED FOR INTERNAL SECURITY
To thwart viruses and worms, security controls need to be instituted at the wireless edge, so malicious TCP/IP traffic can be stopped before it spreads to other devices. Complementing the external security perimeter that protects wired networks, enterprises need to create an internal security perimeter to secure their WLANs.
One solution is to deploy WLAN security gateways, which are network appliances designed to secure, manage and power WLANs. Operating at the wireless edge, between access points and other devices upstream, WI,AN security gateways protect networks from security attacks launched from wireless devices.
These gateways should meet three key requirements:
1. Precise packet-filtering controls for blocking or redirecting traffic. The gateway should include precise packet-filtering controls that can distinguish malicious traffic from legitimate traffic, and take action to block or redirect malicious traffic. A network administrator should be able to read a security bulletin describing the characteristics of a virus or worm and then precisely define a filter that targets the traffic of that virus or worm. The filter should block malicious traffic without interfering with legitimate traffic. By detecting and blocking the traffic that viruses and worms depend on, the filtering capabilities of a WLAN security gateway contain airborne attacks.
2. Filtering at the wireless edge to manage traffic among devices. To contain an attack, packet filtering must occur at the wireless edge, as close as possible to the access point. For optimal protection of the network, WLAN security gateways should be installed between the access point and the next upstream network device.
3. Session logging and audit tools for identifying infected computers and accelerating repairs. WLAN security gateways should provide logging and audit tools to help administrators remediate an attack, once it is contained. By maintaining full session logs of network traffic and tracking Layer 3 traffic data, WEAN security" gateways facilitate the identification of users with infected computers and the MAC addresses of the computers themselves. Using this information, administrators can contact users directly and begin cleaning up any infected computers.
CENTRALIZED POLICY MANAGEMENT
A tiered solution that combines WLAN security gateways at the wireless edge with a centrally located policy server provides additional advantages for network administrators combating viruses and worms. By providing centralized control over filters, the central policy server allows administrators to define a policy that immediately takes effect across the network. The policy server automatically distributes filters to all the WLAN security gateways, providing immediate protection at every access point on the network. This centralization also reduces manual labor and the risk of error.
The central policy server can manage user accounts and user groups for wireless users. Administrators can use the server's group-management features to define a special user group for users with infected computers. The group characteristics would include redirecting users to a Web page with information about how to install security patches and clean up infections.
By temporarily assigning users with infected computers to this group, administrators can ensure that users with infected computers receive the information they need the next time they log in. Once administrators have verified that the infected computers have been cleaned, they can remove users from this group and restore their normal access rights.
One solution is to deploy WLAN security gateways, which are network appliances designed to secure, manage and power WLANs. Operating at the wireless edge, between access points and other devices upstream, WI,AN security gateways protect networks from security attacks launched from wireless devices.
These gateways should meet three key requirements:
1. Precise packet-filtering controls for blocking or redirecting traffic. The gateway should include precise packet-filtering controls that can distinguish malicious traffic from legitimate traffic, and take action to block or redirect malicious traffic. A network administrator should be able to read a security bulletin describing the characteristics of a virus or worm and then precisely define a filter that targets the traffic of that virus or worm. The filter should block malicious traffic without interfering with legitimate traffic. By detecting and blocking the traffic that viruses and worms depend on, the filtering capabilities of a WLAN security gateway contain airborne attacks.
2. Filtering at the wireless edge to manage traffic among devices. To contain an attack, packet filtering must occur at the wireless edge, as close as possible to the access point. For optimal protection of the network, WLAN security gateways should be installed between the access point and the next upstream network device.
3. Session logging and audit tools for identifying infected computers and accelerating repairs. WLAN security gateways should provide logging and audit tools to help administrators remediate an attack, once it is contained. By maintaining full session logs of network traffic and tracking Layer 3 traffic data, WEAN security" gateways facilitate the identification of users with infected computers and the MAC addresses of the computers themselves. Using this information, administrators can contact users directly and begin cleaning up any infected computers.
CENTRALIZED POLICY MANAGEMENT
A tiered solution that combines WLAN security gateways at the wireless edge with a centrally located policy server provides additional advantages for network administrators combating viruses and worms. By providing centralized control over filters, the central policy server allows administrators to define a policy that immediately takes effect across the network. The policy server automatically distributes filters to all the WLAN security gateways, providing immediate protection at every access point on the network. This centralization also reduces manual labor and the risk of error.
The central policy server can manage user accounts and user groups for wireless users. Administrators can use the server's group-management features to define a special user group for users with infected computers. The group characteristics would include redirecting users to a Web page with information about how to install security patches and clean up infections.
By temporarily assigning users with infected computers to this group, administrators can ensure that users with infected computers receive the information they need the next time they log in. Once administrators have verified that the infected computers have been cleaned, they can remove users from this group and restore their normal access rights.
Friday, September 01, 2006
Prevent viruses on enterprise WLANs: security gateways provide protection from within the network perimeter - Wireless
Before wireless LANs (WLANs) became popular, the only way viruses and worms could reach an organization's computers was through portable media, such as floppy disks, or through the network perimeter, which was secured by an increasingly complex battery of defenses, including firewalls, e-mail filters and antivirus engines. The use of floppies and other portable media is declining. E-mail attachments have become the preferred channel for transferring files. As a result, on a wired network, just about all potentially malicious data enters an enterprise through the network perimeter, where it will likely be detected and blocked.
WLANs undermine perimeter defenses. Wireless users are mobile. They take their computers to other networks. Some of these networks are se cure and well managed; others are not. Computers on these networks may become infected without their users knowing it.
When these users reconnect to the enterprise network-inside the perimeter-they bring their viruses and worms with them. Once loose on the network, viruses and worms can launch attacks against internal IT systems and the network itself, bypassing the network's perimeter defenses.
Viruses and worms typically use TCP/IP traffic to replicate themselves on a network and to unleash their attacks. Many send flurries of Internet control message protocol messages to locate other local devices that may be vulnerable to attack. Standard WLAN infrastructures (access points, network cards, RADIUS servers) have no means of identifying and stopping this traffic; wireless traffic, malicious or not, from authenticated users is simply passed through to the wired network.
WLANs undermine perimeter defenses. Wireless users are mobile. They take their computers to other networks. Some of these networks are se cure and well managed; others are not. Computers on these networks may become infected without their users knowing it.
When these users reconnect to the enterprise network-inside the perimeter-they bring their viruses and worms with them. Once loose on the network, viruses and worms can launch attacks against internal IT systems and the network itself, bypassing the network's perimeter defenses.
Viruses and worms typically use TCP/IP traffic to replicate themselves on a network and to unleash their attacks. Many send flurries of Internet control message protocol messages to locate other local devices that may be vulnerable to attack. Standard WLAN infrastructures (access points, network cards, RADIUS servers) have no means of identifying and stopping this traffic; wireless traffic, malicious or not, from authenticated users is simply passed through to the wired network.
Subscribe to:
Posts (Atom)
Posts
