Unified Threat Management by Gibraltar
Gibraltar Security Gateways provide a comprehensive and competitive protection against a multitude of current security risks and threats. They combine several important security applications into one product and provide for secure connections in your network. Gibraltar is either available preinstalled on five different hardware appliances or just as a software release.
System and Management
▪ | Hardened OS-Kernel based Debian Linux |
▪ | Read Only Boot media: USB, CD-ROM |
▪ | Conventional Boot media's: Compact Flash, Hard disk |
▪ | Languages: German, English |
▪ | Management: Remote via a web-based Configuration tool (SSL) or Remote Login (SSH) |
▪ | Simple Configuration Management |
▪ | User management: LDAP (local and extern), Active Directory |
▪ | Automatic Software-Update-Service |
▪ | High-Availability: Hot-Standby |
▪ | Detailed logging and interactive analysis |
Interfaces
▪ | Scalable number of network interfaces |
▪ | Scalable number of IP addresses on each network interface. |
▪ | Ethernet 10/100/1000: static or dynamic IP addresses |
▪ | ADSL (PPTP, PPPoATM, PPPoE), ISDN |
▪ | Graphical traffic analysis |
Firewall and Packetfilter
▪ | Stateful Packet Inspection Firewall |
▪ | Support of all popular network protocols (protocol pass through: PPTP, FTP, H.323, IRC) |
▪ | Flexible Paket filter: Interface, MAC address, IP address, port, service, etc. |
▪ | Protection of DoS/Flood attacks. |
▪ | Limitation of Peer-2-Peer Services (P2P) |
▪ | Dynamic and static address translation: Network Address Translation (NAT), Port Address Translation (PAT) |
▪ | Transparent Layer 2 Firewalling (Bridged Mode) |
▪ | Randomized IP Sequencing |
▪ | Gezielte TTL Manipulation |
Web Filter
▪ | Proxy-Server (transparent) |
▪ | Authentification: LDAP (local and extern), Active Directory |
▪ | Blocking of websites after dynamic categorization (content filtering) |
▪ | User defined and server-based blocklists for URL's and Domains. |
▪ | Examination on dangerous content (Cookies, ActiveX, JavaScript) |
▪ | Detailed logging and interactive analysis |
E-Mail Filter
▪ | Virusfilter: protocols SMTP and POP3 |
▪ | Spamfilter: protocols SMTP and POP3 |
▪ | Filtering of undesirable E-Mail-Attachments |
▪ | Image- and PDF-spam-detection |
▪ | Deleting, marking or isolation of Spam-Mails |
▪ | Detection of Phishing-Mails |
▪ | SMTP-E-Mail-Encryption (TLS) |
▪ | Self-learning trainable Filter (Bayes-Filter) |
▪ | Sender Policy Framework (SPF) |
▪ | Blacklisting (RBL) and Hashreview (Razor, DCC) |
▪ | Rulebased Review (SpamAssassin) with automatic Update |
▪ | Review of RFC-Compliance |
▪ | Delaying of Bulk-Mails (tar pit) |
Virtual Private Networks Gateway (VPN)
▪ | Client-VPN: IPSec, OpenVPN, L2TP, PPTP |
▪ | Clientless SSL VPN: Mit Windows XP/2000, MAC OS, Linux |
▪ | Unlimited number of tunnels and Clients |
▪ | IPSec encryption: AES, 3DES, Blowfish, Twofish, CAST, Serpent |
▪ | IPSec authentification: PSK and X.509 certificates |
▪ | Perfect Forward Secrecy (PFS) |
Traffic Shaping and Bandwidthmanagement
▪ | Incoming and Outgoing Traffic |
▪ | Pre- and user- defined Traffic-classes, for example: VOIP, Citrix, RDP.. |
▪ | Minimal guarantied and maximal bandwidth per class |
▪ | VPN-bandwidthmanagement (IPSec) |
▪ | Spliiting of general bandwidth: IP-addresses of Subnets |
Captive Portal
▪ | Browser-based authentification to (WLAN-) Hotspots |
▪ | Automatic redirect to login-mask |
▪ | Authentification: LDAP (local and extern), Active Directory, external RADIUS-server |
▪ | Simultaneous public and private network services |
▪ | Logging of traffic and connection times |
▪ | Flexible user-right-management |
Anonymity
▪ | Anonymity of selected network traffic |
▪ | Provides anonym internet browsing |
Additional Services
▪ | SSL Wrapper for selected TCP services |
▪ | Transparent FTP-Virus-scanning |
##############################
Firewall:
The Gibraltar Firewall inspects and secures overall network and Internet traffic and provides for secure connections. The Gibraltar dynamic packet filter (Stateful Packet Inspection) and several application level proxy servers guarantee highest available security for all prevalent network protocols.
Proxy server:
Several proxy servers provide for high performance and additional security. The integrated e-mail proxy is able to check all e-mails against spam and viruses. The transparent Web proxy enables a restrictive management of the private Web usage of all employees.
Anonymisation Gateway:
Internet providers and companies are legally boand to monitor all network traffic. Thus, it is possible to identify and track sensitive data about companies and their customer and supplier relationships. Gibraltar is able to make selected network traffic anonymous. This means, that not even Internet providers are able to track down traffic to the originating server or user. By using Gibraltar anonymisation service, it is possible to both observe law and assure anonymity.
Virtual private network gateway:
The Gibraltar VPN server securely connects all company sites and branch offices over potentially insecure networks. It also provides encrypted and secured remote access to the company network for your field staff.
Spam filter:
The Gibraltar mail filter reliably identifies and deals with unsolicited e-mails. This will raise the productivity of your employees. By using the Gibraltar spam filter it is possible to reduce the number of unrequested e-mails by over 99 per cent.
Antivirus Gateway:
The Gibraltar Antivirus Gateway powered by Kaspersky Labs inspects all e-mails, Web downloads and FTP data transfers for computer viruses. Additionally the Antivirus Gateway includes an effective protection against phising e-mails and spyware.
Bandwidth management:
Gibraltar bandwidth management makes it possible to prioritise and to regulate overall network traffic. Time-critical applications like VoIP (Voice over IP) and all kind of terminal server protocols receive the minimum bandwidth they require. The built-in monitoring feature makes it possible to permanently observe the shaped traffic.
Secure, convenient, powerful.
Gibraltar Security Gateways offer a unique cost/performance ratio and a very simple and flexible administration. For schools and universities, Gibraltar offers very special conditions. Feel free to ask for academic licenses.
Secure and simple management by Read-only technology
Gibraltar starts and runs fully off physically write protected media. For this reason, a time-consuming and insecure hard disk installation is not necessary. On the contrary, read-only operation of Gibraltar leads to a significant improvement of security, since it is not possible for potential attackers to permanently reside on the system. System configuration can be archived alternatively on hard disk, USB media, floppy disk or e-mail.
Comfortable with easy configuration system
Gibraltar can be installed and configured with an easy to use Web based configuration tool. A detailed online help and many useful configuration scenarios assist the firewall administrator. However, if there are some questions left, Gibraltar offers professional telephone and e-mail support.
Pure flexibility on the console
For the sophisticated administrator, Gibraltar offers a maximum of flexibility and functionality by using the system console. Nothing is impossible if you are approaching Gibraltar on the console. Gibraltar can be configured both on the console and with the easy-to-use Web based configuration tool. Linux experts will be highly surprised what Gibraltar offers beneath the surface.
Scalability and reliability through simple hardware replacement
The software release of Gibraltar can be operated on all common hardware platforms. This makes Gibraltar unbeaten in scalability. Hardware replacement is very easy and can be achieved during a couple of minutes.
Unbeatable in cost/performance ratio through open source development
Gibraltar is based on an accurately hardened Debian/GNU Linux and solely uses proved and tested open source components. Except for the Web based configuration tool, all Gibraltar source codes are permanently published and can be reviewed and tested by open source community. In return, privately using Gibraltar is cost-free.
Easy updates and professional support
With the Gibraltar UpToDate-Service you stay permanently up to date. Software updates will be downloaded and installed fully automated. New releases of Gibraltar can be installed using the web based configuration tool (Gibraltar Security Appliances) or replacing the system CD (Software release).
The professional telephone and e-mail support guarantees a trouble free installation and smooth operation of Gibraltar. Gibraltar support means you will get direct support from Gibraltar developers. These guys are real security pros and will find a solution for each of your problems. Give us a test!
|