Enhanced firewalls are complex solutions that secure network interconnection points. This group also includes commercial solutions with a wider set of features and available security technologies. Apart from features and tools available in simple firewalls, they have additional security elements.
For example, a Check Point firewall provides:
- an access control mechanism for specific network resources,
- an authentication mechanism that reliably verifies and confirms the identity of users, based on external strong authentication systems, for example the RSA SecurID one-time password system,
- encryption of transferred data,
- a network address translation mechanism that hides the internal network infrastructure,
- protection against viruses, malicious Java applets and other applications, using integrated session content analysis tools,
- support for third-party networking devices and their administration,
- the possibility to create and manage a common and consistent enterprise-wide security policy using a central administration console,
- a graphical management console with integrated panels that support the transfer of defined elements using the "drag & drop" technique,
- automated distribution of software and updates,
- one or more redundant Management Servers that assume management roles if a failure occurs, ensuring the continuity and reliability of security management,
- the ability to track administrators' actions in detail (the start and end of work, creating, editing and deleting objects and modifications of security policy rules),
- storing logs in the form of a database (instead of static text), which significantly facilitates the monitoring and analysing of the network communication status,
- embedded features: VPN, IDS/IPS, antivirus software (only for appliance solutions).
These solutions are backed with the manufacturer's guarantee and technical support and feature a graphical interface that simplifies system management.
|
