|
|
|
|
Network Security Application
Innovative All-in-one Affordable Security
NOTE: For Network Security Application pricing, check the particular appliance platform page you are interested in: Hardware, Software, and Virtual.
___________________________________________________________________________________________
Astaro Network Security includes fully integrated features such as a configurable firewall paired with an Intrusion Protection system, Denial of Service, lots of traffic forwarding and NAT tools and much more. Take a deeper look at the extensive range of features provided by this security application.
Astaro Network Security can be added onto Astaro's Hardware, Software or Virtual Appliances in 1, 3 or 5-year subscriptions adding an Intrusion Prevention System, DoS Protection, IPSec & SSL Branch Office VPN and Remote Access, Advanced Routing (OSPF, Multicast), custom QoS, server Load Balancing, generic/SOCKS/IDENT proxies and VoIP Security and Standard Support (see note below) which is upgradeable to Premium Support.
___________________________________________________________________________________________
|
|
The backbone of a security system which blocks and allows traffic.
A good firewall can stop costly events that lead to data loss or theft, infected workstations, and other productivity-sapping incidents. Properly configured, a firewall can keep much of your operation protected.
Astaro’s firewall:
-
Uses an object-based approach. Simply define an object like a workstation or company web server, and then re-use this information all through the configuration.
-
Is intuitive, easy to use, and removes the confusing interfaces found in many UTM’s today by offering an open, visual layout that allows administrators to be as broad or detailed as they need.
-
Has a packet filter that includes a time-saving feature that pushes any change made to an object to all URLs that use it. For example, if you have a web server at an internal address with dozens of rules that govern access to and from this resource and need to make a change to the address, you need only change it once and all rules that contain "web server" as an object will instantly be updated. This can save hours of time vs. manually adding each rule and reduces the chance for human error.
The packet filter is a deny-by-default tool, which means only traffic that administrators specifically allow will occur. This eliminates the need for administrators to spend time learning and "locking down" the product right out of the box. Since no permissions exist by default, there is no chance that traffic which is unwanted will be allowed through the firewall by accident.
The Astaro Firewall includes a combination of many powerful tools and features for controlling data flows that are allowed to pass from the Internet to the internal LAN and vice versa:
-
Stateful Packet Filter
-
Application-Level Deep Packet Filtering
-
Flexible Rules Management:
-
Can include hosts, networks, groups or vpn users
-
Automatic rule generation for application proxies and internal services
-
Time-based activation
-
Policy-based routing
-
Interface based rules
-
Network Address Translation
This feature is included within the free Essential Firewall Edition.
|
|
Identify and stop worms, exploits and other attacks.
An Intrusion Prevention System (IPS) can identify and stop many threats, exploits, back-door programs, and other attacks as they pass through the device. An IPS can strongly bolster a firewalls security policy by helping ensure that traffic which is allowed to pass via the firewall rule policy is further inspected to make sure it does not contain unwanted threats. Even with good patching practices, a company can find itself faced with a threat that affects its systems and resources. It is in these situations that IPS can often shine, as patterns to catch the threat are released before an official update or patch is made available - protecting the business during this crucial period.
Astaro’s IPS is a deep-packet-inspection system which peers inside the traffic packets as they pass through the installation, and can remove certain packets which contain undesired contents that are matched against a deployable rules list of over 8000 patterns. This signature list of patterns is live-updated every few minutes and constantly adapts and evolves to keep you protected from threats as they emerge and spread.
Astaro’s Intrusion Prevention System stops intruders and protects against even the most sophisticated threats by integrating fast and reliable pattern scanning technologies:
- Identifies and Blocks Application and Protocol Related Probes and Attacks through Deep Packet Inspection
- Database of over 8,000 Patterns and Rules Including:
- Probing, port scans, interrogations, host sweeps
- Attacks on application vulnerabilities
- Protocol exploitations
- Intrusion Detection and Prevention
- Notify administrator and/or block traffic immediately
- Powerful Management Interface
- One click to enable or disable complete rule sets e.g. for email- or webservers
This feature is included within the optional Network Security subscription.
|
|
Protect your network against artificial traffic floods than can damage your computers.
Denial of Services (DoS) attackes can confuse and overwhelm your networks resources. They have the capacity to cripple or even damage your computers by sending many requests or large amounts of data which “Deny” them the ability to serve up other requests to valid users. This type of Denial of Service (DoS) attack can bring down a server, even damaging it in the process, while making the Internet unavailable to employees trying to work.
Astaro's product can keep your resources safe from these situations. They have tools to limit the rates at which your servers are asked to respond to requests, providing protection you might have to otherwise spend a lot more money on to acquire.
Astaro’s Denial of Service (DoS) Protection offers flexible means for protecting network resources against many types of flooding and port-scan attacks:
- DoS and DDoS (Distributed Denial of Service) / Flooding Protection
- TCP SYN Flood Protection
- UDP Flood Protection
- ICMP Flood Protection
- Based onSource and/or Destination IP Address
- Adjustable maximum allowed packet rates
- Adjustable logging level
- Port-Scan Protection
- Log, drop or reject detected port scan traffic
- Adjustable logging level
This feature is included within the optional Network Security subscription.
|
|
Control how the Internet is used . . . Increase Employee & Network Performance!
Astaro enables users to divide their Internet bandwidth as desired. If the web server should be as responsive for customers as possible, the highest priority can be allocated to all applications. Though Astaro's control application, bandwidth can also be reserved for web traffic ahead of other requests.
Astaro’s Quality of Service:
-
Setup is easy: You specify the available bandwidth you have from your ISP and let their auto-rules intelligence optimize your Internet connection.
-
Shaping and prioritization of smaller packets is done automatically.
-
Diving deeper: It is possible to craft specific rules which match traffic patterns or ports with bandwidth maximums and minimums.
If you can dictate which applications or users are able to utilize the Internet, you control how a fixed resource is used during different conditions.
For example, you can allow the use of Bittorrent programs during the entire workday for the company at a rate of 10Mbps, but then limit Bittorrent use to only 2Mbps for a certain group or user. These types of rules can be created and managed for almost any type of traffic.
With Astaro, you can make sure that the proper programs get the right priority for the Internet connection you have. If you would like your web server to always respond quickly to your customers by getting preference ahead of other traffic like a picture download from Google Images, their bandwidth control can reserve bandwidth for web traffic ahead of these other requests.
Astaro’s QoS uses a combination of prioritization and bandwidth reservation mechanisms which are based on internaet standard Differentiated Services (DiffServ) and Integrated Services (IntServ) protocols. The following functionality is offered:
- Outbound Dynamic Bandwidth Reservation (Guaranteed Minimum, Maximum Limit) Based on:
- Source/destination server or network
- Service/Port
- TOS/DSCP bits
- Pre-defined traffic selectors for IM/P2P applications
- Inbound Queuing Optimization via:
- Stochastic Fairness Queuing (SFQ)
- Random Early Detection (RED)
- Proportional bandwidth shaping
- Dynamically adapts amount of reserved bandwidth to available link speeds
- Download Equalizer
- Intelligently drops downlink packets to avoid network congestion
- Upload Optimizer
- Accelerates TCP handshake packets (SYN, ACK, …)
This feature is included within the optional Network Security subscription.
|
|
Connect separate sites together with an encrypted link.
Linking remote sites with a main office lets users send and receive information via a secure connection. Employees can use file servers and printers which are not physically in the same office. With Astaro, users can link hundreds of sites together via VPN connection without any experience setting up VPN networks or knowledge about how they work.
Astaro’s Branch Office VPN provides visual views for tunnel status and a clear overview of what sites are connected.
Use Astaro for trouble free, stable connectivity. Remote locations benefit from a direct link to the company HQ and with each other. Tunnels can fall-back and re-establish across a different available Internet connection during outages. Choices are available whether to fully share the computers in both networks or make rules which limit what can travel over the tunnel(s). Astaro's product supports host names for tunnels and with a built-in Dynamic DNS (DynDNS) client. Users can connect everything with public or private IP addresses using multiple Internet connections. The Astaro Command Center product can be used to build VPN tunnels across dozens or hundreds of devices from a central GUI.
Astaro’s Branch Office VPN application includes a broad range of standardized tunneling protocols and technologies allowing for securely connecting multiple offices via the Internet:
- Supports IPsec and SSL Protocols
- IPSec offers high interoperability with other devices
- SSL allows for easy setup between two Astaro Security Gateway devices
- Star, hub-and-spoke and fully meshed configurations
- Nat-Traversal for establishing tunnels between NAT devices
- Supports all Major Encryption and Many Authentication Methods
- DES, 3DES, AES, Serpent, Blowfish, Twofish
- MD5, SHA-1
- XAUTH allows for integration of One-Time-Password systems
- Full Public Key Infrastructure (PKI) Support
- Via Internal or external certificate authority
This feature is included within the optional Network Security subscription.
|
|
Secure access deployed by the user on any operating system.
Secure Sockets Layer (SSL) Remote Access is a virtual private network which usually operates over the HTTPS port of 443 and allows the user to connect to the Astaro device from anywhere in the world. This application is ideal for users who travel or frequently find themselves outside of work or their home offices and need a stable, secure connection.
SSL Remote Access offers the same encryption strength and security of other remote access types and is activated with a simple click or automatically each time the user’s machine starts up. Administrators benefit from having a self-deploying distribution method, so they do not have to physically install and deploy the SSL Remote Access on each machine. After being allowed to use the service by the administrator, employees navigate to the Astaro UserPortal, download and install their personal client and simply connect.
Automatic split tunneling can segment only traffic destined for the central office network down the VPN tunnel, while other traffic uses the normal Internet connection of the user. No technical information or experience is needed to install and connect with Astaro's SSL Remote Access. The Astaro SSL VPN client is available free of charge and allows unlimited users to make use of this access type.
Astaro’s SSL Remote Access technology offers a broad range of standardized tunneling methods with one-click-configuration options for easily connecting mobile workers to their corporate network:
- Fully Transparent Access to Network Resources without Requiring any "Webifier" for Each Application
- SSL encryption and Authentication Methods:
- DES, AES (up to 256 bts)
- MD5, SHA-1
- Supports Feature Rich SSL VPN Clients:
- Free Astaro SSL VPN Client (based on OpenVPN Client that runs on Windows, Linux, MacOSX,and many UNIX operating systems)
- One-Click-Configuration via Astaro’s UserPortal:
- Download of SSL client software, configuration files, keys and certificates with a single mouse click
- Automated installation and configuration of SSL client software within minutes
- Automatic Split Tunneling
- Automatic Network Configuration Update
- IP Address Assignment via Virtual IP Pool
- VPN Traffic Compression
This feature is included within the optional Network Security subscription.
|
|
Give outside employees secure access to the network.
For workers in the field, being able to access resources on the company network is often required to conduct business. Industry-standard VPN technology is accepted and used everywhere from small businesses to enterprises sized organizations. Using a the Astaro Secure Client, users can access resources behind the Astaro device with absolute and security.
Remote access over IPSec provides the utmost in security and peace of mind for network administrators. This method uses the Astaro Secure Client to build a stable, fast tunnel to the Astaro gateway, where users can print documents, share file and otherwise conduct business over this encrypted tunnel.
Administrators strictly control what is accessible once the tunnel is established; from individual applications on a single machine, to full access across entire networks.
Astaro’s IPSec Remote Access technology offers a broad range of standardized tunneling methods with one-click-configuration options for easily connecting mobile workers to their corporate network:
- Support of all Major IPSec Encryption and Many Authentication Methods:
- DES, 3DES, AES, Serpent, Blowfish, Twofish
- MD5, SHA-1
- XAUTH allows for integration of One-Time-Password systems
- Supported IPSec Clients:
- Astaro Secure Client with integrated desktop firewall (runs on Windows XP, Windows Vista and Windows 7 based PCs)
- Cisco IPSec client
- One-Click-Configuration via Astaro’s UserPortal:
- Download of Astaro Secure Client software, configuration files, keys and certificates with a single mouse click
- Automated installation and configuration of Astaro Secure Client software within minutes
This feature is included within the optional Network Security subscription.
|
|
Native Windows Remote Access
Easy remote access for employees.
Windows has integrated options for securely connecting a client to a remote end point. Astaro can act as a receiver for this feature to enable users to create tunnels quickly. For environments that seek a user-friendly VPN technology, this type of tunnel can be deployed easily while still offering encrypted links with full control over what can be accessed once the connection is established.
This type of VPN deployment is aimed at companies who are required to provide remote access connectivity for users, but need to keep the following issues in mind: budget, deployment process and error free operation. Through this application, external workers can enjoy the comforts of the office environment through secure access to file shares, printers and email.
Using L2TP or PPTP, users can authenticate and build a secure tunnel to any Astaro installation in moments using the client tools already included in their Windows operating system. Administrators can set what is accessed by the entire VPN group, individual users, or a mixture of both, such as allowing all VPN users to access the file share, then allowing only John Doe to use remote desktop to his workstation in the office.
Astaro offers secure and easy to use Remote Access technologies for connecting mobile users via native Windows clients to their corporate network via the following protocols:
- PPTP (Point-To-Point Tunneling Protocol)
- Supports strong encryption (128 bit)
- Local or RADIUS based user authentication
- Authentication protocols: MSCHAPv2
- IP Address assignment via pool network or DHCP server
- Supports native Windows and Apple iPhone client
- L2TP (Layer-2-Tunneling Protocol) over IPSec
- Authentication via pre-shared key or X.509 certificate
- Local or RADIUS based user authentication
- Authentication protocols: PAP, CHAP, MSCHAP, MSCHAPv2
- IP Address assignment via pool network or DHCP server
- Supports native Windows and Apple iPhone client
This feature is included within the free Essential Firewall Edition.
|
|
Work with users and groups from an existing server.
Directory Authentication interfaces with external databases in order to make use of their users and groups in your security configuration. This allows users to surf, view their mail quarantine and connect to their VPN - all with their existing network name and password. Administrators are able to additionally generate detailed reports based on the user name.
Directory authentication servers contain user and group information along with login names and passwords. By linking existing directory authentication resources with your Astaro, you are able to re-use this existing user and group information when building a security policy. Astaro can join with many types of authentication servers, with special integration for Active Directory and eDirectory. Features that support authentication can be configured to provide benefits to both the administrator and the user.
Users can take advantage of many areas of Astaro simply by using their existing name and password they are already familiar with; no need to learn a new set of credentials. Administrators can build Web Security access profiles and then assign them to users or groups which already exist in their configuration, and gain extra detail level in many reports that replaces IP addresses with user names for better visual overviews.
Astaro’s Directory integration is unique in the industry by providing a broad set of alternative methods allowing for easy integration of Astaro’s products into existing environments.
Comprehensive Authentication Methods:
- Active Directory
- eDirectory
- Radius
- Tacacs+
- LDAP Local
Single Sign-On (SSO) Support for Transparent Authentication:
- Active Directory
- eDirectory
Other Highlights:
- Point & Click User Definitions via Graphical eDirectory and Active Directory Browsers
- Automatic User Creation and Synchronization
- User Pre-fetch at Configurable Intervals
- Easy Server Connection Testing via “TEST” Button
- Supports Windows Server 2008 Native Mode
This feature is included within the optional Network Security subscription.
|
|
A central place for users to manage mail and remote access.
The Astaro UserPortal is a self-management hub where employees can work with their email messages and previously configured remote access technologies without the help of an administrator. Companies can save time, and empower users to manage their own spam quarantine and message activity without and IT administrators interventions.
The UserPortal is perfect for allowing employees to manage some tasks themselves. It is available in over 15 languages and can be customized. Users can make own personal spam whitelist or sort through their spam quarantine in moments to find a message they are searching for.
Upon login users can download their SSL VPN client to permit secure access to resources behind the Astaro installation. They can review, release and delete messages in their mail quarantine directly, without waiting for the daily report or an administrator to respond to a release request. This allows them to work more effectively and frees up administrators to do other tasks.
Astaro UserPortal boasts the industries only personalized mail log, so if a message has been received but was deleted due to a virus or bounced due to a blacklist entry, the user can still find out what exactly happened to that message, even though they haven’t received it and it isn’t in their quarantine.
Astaro’s web-based UserPortal presents many options to the end-user to track and monitor quarantined messages or manage VPN client packages, hence greatly reducing the administrator’s workload in dealing with user queries.
- SMTP / POP3 Mail Quarantine
- Search, view, release, download, delete and whitelist spam mails in your personalized quarantine
- Individual Mail Log
- Gain a quick overview over your complete email traffic
- Personal Whitelist
- Manage your personal email whitelist of sender addresses which should not be subject to spam scans
- POP3 Account Management
- Redirect POP3 email accounts through the Astaro Security Gateway to take advantage of spam and virus scanning
- Remote Access Package Download including VPN Client Software, Config Files and Certificates for:
- Comprehensive Language Support
- Available in 15 local languages
- Customizable HTML welcome page
This feature is included within the optional Network Security subscription.
|
|
|
|
|
|
APC
