The enormous expansion of communication technologies and instant access to information over Internet made network security an important or even the most important network quality. A normal firewall in a network and between the networks does not suffice for traffic control and traffic limiting anymore. Demand for better network security brought with it new security appliances and new security tools. Furthermore, as the number of security related appliances grew, the need to consolidate a
number of devices and tools into a single appliance has become apparent and thus Unified Threat Management (UTM) firewalls were born. UTM firewalls not only limit traffic and allow a secure remote access but also enable Denial of Service (DoS) and Distributed Denial of Service (DDoS) attack protection, Intrusion Prevention System (IPS) functionality, antivirus functionality, antispam functionality and webfiltering functionality.
Enterprises, financial institutions and Service Providers commonly use special IPS and Deep Packet Inspection (DPI) appliances besides the integrated UTM appliances. They are used with extremely high bandwidth connections and can be integrated into business systems.
We install effective security solutions for enterprises and Service Providers made by the world's leading manufacturers that are being consistently graded as the best in their class. Our confidence comes from years of experience which enable us to design, implement and maintain security solutions that meet the customer's needs and are simple to manage.
A UTM firewall test case
A company has HQ and a few dozen branch offices. These branch offices need to be securely connected to the HQ where the servers and the databases are located. There is also a growing need for remote work. The new solution should have a high level of security and its implementation and maintenance should be cost-efficient. The solution should support a future transition to IPv6.
The company also needs a secure Internet access that will be checked for viruses, worms, spam, etc. Also, a non-productive web use during business hours should be limited up to a certain degree.
Routers or firewalls that support IPsec VPN functionality will be installed at the remote offices and each of them should have an Internet connection. A fast Internet connection and a more powerful router or a UTM firewall should be installed at the HQ that will function as an IPsec tunnels concentrator. The VPN network will be built around a hub-and-spoke model. The VPN tunnels will be encrypted using a 3DES or AES encryption. Digital certificate authentication will be used for increased security. Furthermore, for better security and simpler management all the remote offices' communications will go through the HQ.
The Internet traffic is being checked by the UTM firewall for possible malicious traffic (viruses, worms, spam, etc.). The company's security policy defines the limitations that are imposed by the UTM firewall upon the non-productive web use.
The VPN client functionality is enabled on the firewall, which gives remote users a secure access to the HQ's servers. The authentication and access limiting for the VPN clients can be integrated with the internal AD/LDAP/RADIUS servers. VPN client functionality is also used to allow business partners access to the company's network.
By using a broadband Internet connection and an IPsec VPN solution the customer avoids using costly leased lines. Security and integrity of the data that is being transferred between the HQ and the remote offices is nonetheless guaranteed, which means that the IPsec VPN network can be used for confidential business data traffic between the branch offices. The company can use client/server applications to lower the necessary amount of computer hardware at the remote offices.
The benefit of the UTM firewall is a secured network that is protected from viruses, worms, spam, etc. at all business locations. Non-productive web use during business hours is also effectively limited.
Traffic limiting and prioritization using a DPI (Deep Packet Inspection) technology test case
The company has several offices that are connected to the HQ using a VPN network. The business is facing a problem of occasional errors when working with interactive applications (business applications, VoIP, videoconferencing, etc.). The network is being protected by a stateful firewall that is limiting traffic. Even though a very restrictive policy is being enforced, sometimes the network slows down and some downtime is noted.
When inspecting packet traffic the normal firewalls only see an IP address and its header. That means that they classify any TCP port 80 as an allowed http traffic, even when it really is a Peer-to-peer (P2P) traffic that is using up a lot of bandwidth. But the DPI (Deep Packet Inspection) appliance monitors the network traffic on higher layers of the ISO OSI model (layers 4 to 7). After installing of a DPI appliance in the network the company can use the appliance to prioritize important traffic (VoIP, video, business applications) and limit the bandwidth to the less important applications (BitTorent, Youtube, etc.). It can also deny any traffic for these unwanted applications. The DPI appliance can analyze static and dynamic port traffic, analyze the behavior of various applications and recognize their signatures.
By installing a DPI appliance the customer gets a faster and more reliable network. The appliance's tools can be used to control traffic and make reports that allow a thorough analysis of the entire network traffic. The DPI appliance also identifies and blocks complex network threats (DDoS, DoS attacks, etc.) that commonly are not stopped by the normal firewalls.