|
AAEC Security Products & Services
Today, many organizations want to take advantage of the Internet's full range of capabilities, but are reluctant to do so because of security concerns. To help address the needs of those organizations, AAEC offers a wide variety of security services:
- Firewalls
- Encryption for Virtual Private Networks
- Security Consulting Services
- Network Security Design
- Site Audits
Firewalls
Most Internet routers on the market today support packet filtering - a means by which the router can discard packets based on different criteria, such as source and destination IP address, protocol type (e.g. TCP), or application type (e.g. Telnet). For example, a packet filter can be used to permit only traffic destined for the File Transfer Protocol (FTP) server program to reach a particular host. When properly implemented, packet filters provide a good and effective first defense against possible intruders. All routers installed by AAEC support packet filtering.
While packet filters can protect against certain forms of attack, they are ineffective against other attacks. The intruder can still attempt to exploit security holes within a particular host application. Customers may try diligently to keep their software as up-to-date as possible, but the intruders may know where the holes are before a system vendor can provide a fix.
For a further substantial reduction in risk, most security authorities recommend the use of firewall systems that support proxy application gateways. When proxies are in use, your hosts never exchange traffic directly with Internet hosts. Incoming and outgoing service requests result in connections to the proxy system, which establishes another connection on behalf of the user -- and in accordance with the site's security policy.
Similarly, external users who wish to make use of internal resources connect first to the firewall, where they can be forced to authenticate themselves before they gain further access to internal machines. Since the proxy application sits between the inside and outside parts of the conversation, it can also log any or all transactions, or even permit certain types of operations while prohibiting others.
Unlike most Internet server software, proxy applications are small, so it's much easier to read and understand the source code for the proxy to ensure that no security holes are present.
AAEC is an authorized reseller of CheckPoint FireWall-1, developed by Checkpoint Software Technologies. The CheckPoint FireWall-1 system is available in the traditional UNIX-based platform and is also now available for Microsoft Windows NT environments.
CheckPointFireWall-1's basic properties are:
- The Latest in Network Security Technology
- Full Connectivity with Security
- Easy-to-Use: Simple and Reliable Management
- Centralized Management and Control
- Visual Tracking and Auditing: The Log Viewer
- Encryption for virtual private networks & commerce over the Internet
- IP Address Translation for hiding Internal Networks
- Client Authentication for remote users and Branch Offices
CheckPointFireWall-1's unique technology overcomes the limitations of past firewall approaches, by introducing a single architecture for fully transparent connectivity with security. This technology intercepts and inspects all inbound and outbound traffic passing through key locations in the network (Internet gateways, servers, etc.), verifying full compliance with the security policy. Unlike other security solutions, CheckPoint FireWall inspection module blocks communications before they enter the operating system, ensuring the full security and integrity of your network.
Only CheckPoint FireWall-1 provides fully secure bidirectional communication for all Internet applications and services. This package supports over 100 built-in Internet services, including Web browsers, the traditional set of Internet applications (e.g. mail, FTP, Telnet, etc.), the entire TCP and UDP families, Mbone and many others. CheckPoint FireWall-1's open architecture is extensible to new and custom applications. New services can be added easily through pop-up template windows or by using high-level scripting language.
Combined with a user friendly graphical interface and centralized control, CheckPointFireWall-1 provides the most comprehensive and reliable interworking security solution available today, ensuring the integrity, authenticity and privacy of communication between any destinations around the world.
Encryption for Virtual Private Networks
CheckPoint FireWall-1 contains an encryption module that establishes a fully confidential communication channel over the Internet for virtual private networking. By providing an additional layer of security and data integrity, the encryption module ensures secure, flexible and cost-effective interenterprise commerce between any two enterprises around the globe.
CheckPoint Fire Wall-1 encryption does not alter communication length but maintains MTU validity and eliminates packet fragmentation, thus achieving the highest performance available over a network. Routing priorities and policies are also preserved.
Security Consulting Services
In addition to its hardware and software security products, AAEC offers a wide range of security consulting services, including Security Policy Consulting.
Every company should have a written computer and network security policy. These policies need not be complex, but should be published within your company, and should cover the technologies and procedures appropriate to your organization's particular environment. A good policy facilitates the deployment of network security tools (such as firewalls), and makes future system administration decisions easier.
It is very important to note that the proper configuration of security tools such as the CheckPoint FireWall-1 is dependent upon your organization's security policy. If your organization lacks such a policy, the likelihood that a CheckPoint firewall or any other security product will be configured poorly are greatly increased. Some configuration problems are merely annoying, as they may just make it more difficult for internal users to access external resources. On the other hand, some configuration problems may result in security breaches.
Network Security Design
AAEC has almost 15 years experience in network design and management issues, including the unique security issues surrounding local and wide area networking. We can assist your organization in designing you networks with security and reliability in mind from the start. We can also help you to reengineer your existing networks in the face of today's greater security challenges.
Site Audits
The best way to remain informed about the integrity of your network's security is regular security auditing of your network by experience personnel. While all organizations should regularly check their own networks, AAEC provides a comprehensive external audit service. This may take several forms, depending on your organization's needs, and may range from evaluation of firewalls, detection of "back doors" on your internal network, and a validation of current security tools
AAEC is prepared to help your organization connect to the Internet in a secure manner. For additional information on these products and services, contact us today!
Network Integration | Security Products & Services | Virtual Private Networks | Remote Computing & Thin Clients
Energy Modeling | Programming & DB Development | Web Services & Design | Training & Support
Home | Services | Products | Contact Us | About AAEC | Search
© Copyright 1999 AAEC | Last updated 05/27/99 | Feedback