Firewall - Stormshield
To ensure that they stay competitive and in order to expand their activity, businesses today
know it is in their best interests to open up more channels for direct communication and
exchange with their clients and partners, sometimes even to the extent of opening up a
section of their information system.
In the meantime, corporate networks grow more complex, e.g. the development of Wi-Fi
connectivity within local networks or increasingly thorough segmentation of privileges and
usage often as a result of compliance measures (ISO270X, PCI-DSS, etc).
In this context, it is a fundamental security requirement to restrict traffic on the network
and to use solutions that can seamlessly apply filtering based on user identity.
Such segmentation, in addition to enabling the control of user access to each of the resources on the network, can offer some protection against external attacks. It also prevents
the spread of viruses internally between departments.
Furthermore, if your business is subject to standards such as PCI-DSS, you are required to
screen certain areas of your network. In many cases the installation of a firewall is a requirement to ensure compliance.
Many studies indicate that most threats emanate from within the network. Once your
network is segmented, you can configure your Stormshield Network Security appliance to
control which traffic and users are authorized to move between protected zones.
Stormshield Network Security’s integrated intrusion prevention engine uses protocol scans,
application filtering and antivirus scans to inspect authorized traffic and strengthen application security. Stormshield enables you to establish and configure user-based security
policies, giving you greater control over the network resources each user is authorized to
Thanks to the feature that filters Windows services, you can closely manage how these services are used (Active Directory backup and restoration, IIS services, Microsoft Messenger,
etc) on your network.
An inspection of the Windows DCE-RPC protocol enables the identification of accessible
services and the application of an adapted filter policy, thereby protecting your infrastructure from malware or security evasion techniques that exploit the slew of vulnerabilities on
these services.
The IPv6 protocol has been implemented in the filter features on Stormshield Network Security appliances. The security of your network is therefore ready for a smooth transition to
new-generation networks.
As threats to corporate networks grow and evolve, simple firewalls no longer form an effective barrier. The only adequate response is to upgrade networks with the latest security
technologies. Network layer protection is no longer enough.
A modern approach addresses both the threats to applications and services, as well as to
the network itself. Monitoring and restrictions must be applied to applications, users and
traffic content. A traditional firewall can no longer
deal with threats such as the use of non-standard
ports and encrypted attacks.
Full protection against applica-
Stormshield multifunction firewalls include a
tion vulnerabilities
• Complete network overview
range of modules for proactive security. A policy
• High-level filtering without
of continuous development ensures they are
reliance on ports
able to meet the needs of even the most demanding corporation. The Intrusion Prevention System (IPS) from Stormshield Network Security
synthesizes an array of technologies and over 10 years of research from 2 companies that
specialize in security (Arkoon and Netasq) to deliver exceptional levels of protection.
The Application Firewall feature from Stormshield Network Security contains a real-time
analysis module. The Stormshield Network Vulnerability Manager module enables control
of applications, services and all network vulnerabilities. It offers a complete overview of the
network to facilitate fast, effective risk management, giving you end-to-end control of the
entire infrastructure.
The built-in antivirus feature conducts antivirus, antispyware and antiphishing scans for exceptional protection against malware applications. Analytical processes are updated automatically to provide incremental protection. Stormshield Network Security solutions deliver
the highest levels of security at all times.
As user mobility intensifies, so does network complexity. It is becoming increasingly difficult to manage network security and access to applications purely on the basis of an established and known network architecture. Today, users access applications in a variety of
ways, including remote access, laptops, tablets and smartphones.
Therefore, effective security management needs to be based on the concept of the user.
So rather than being set up to block PCs and servers, a modern security system must be
enabled to block users. To achieve this, you need to implement highly modular security rules.
Stormshield’s unique multifunction firewalls enable security rule management based on
user identity. When a computer is used as a gateway, access to resources depends on the
user’s identity. You will no longer need to devote time and effort to managing the resources
on the network as each new device which is connected is automatically linked to the policy
associated with its user.
All Stormshield Network Security products feature modular security policies. This allows you
to ensure the appropriate and effective use of network resources. You can also implement
connection schedules, content filtering and VPN, SSL and IPSec access to remote resources
based on the identity of the user. This limits the number of rules to apply to all of the user’s
resources, regardless of the installation or device they are using.
User access control can be based on your internal directories (LDAP, Windows Active Directory) and be a fully seamless operation, thanks to the SSO (Single-Sign-On) agent installed
directly on the controller or on a machine on the domain. As soon as users open a Windows
session, they will be automatically authenticated on the Stormshield Network Security appliance, even when they log on through a multi-user system such as Citrix or TSE.
Stormshield Network Security appliances offer various simultaneous authentication
methods, thereby providing multiple possibilities for identifying users (certificates, captive
authentication portal, Windows transparent authentication, internal LDAP, guest mode, etc).
The boom in the use of mobile devices such as smartphones, touch screen tablets or ordinary personal laptops in the workplace or elsewhere presents a real headache for security
managers. How is it possible to keep pace with the spreading practice of BYOD (Bring Your
Own Device) while maintaining an efficient level of protection and monitoring these devices?
With Stormshield Network Security, you can
• User-based security
easily identify the mobile terminals connected
• Enables a modular security
to the information system and control their use.
Network modifications do not
It is therefore possible to allow or deny the use
affect established rules
of these devices during certain time slots, or
• No impact for users thanks to
for certain users or user groups or for access to
seamless authentication
certain resources. A stronger protection profile
can even be applied.
Stormshield Network Security offers incomparable flexibility for the authentication of users,
whether they are using professional or personal devices. The many authentication methods
offered can be used jointly to validate access from all types of devices.
Arkoon and Netasq, fully owned subsidiaries of Airbus Defence and
Space CyberSecurity, run the Stormshield brand and offer innovative
end-to-end security solutions both in France and worldwide to protect
networks (Stormshield Network Security), workstations (Stormshield
Endpoint Security) and data (Stormshield Data Security).
All trademarks are the property of their respective companies.
+33 9 69 32 96 29
The cost of a call may vary according to the country you are calling from and your telecoms operator.
Parc Scientifique Haute Borne - Parc Horizon, Bat 6, Avenue de l’Horizon 59650 Villeneuve d’Ascq - FRANCE
Arkoon & Netasq © Copyright 2014
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF