Astaro Product Presentation Overview
•Als PPT, PDF herunterladen•
3 gefällt mir•2,794 views
The document summarizes an Astaro product presentation. It discusses Astaro's security gateway products which provide unified threat management for small and medium businesses. It covers their security features including firewall, VPN, intrusion prevention, email security, web security and application security. It also discusses their management tools and high availability/load balancing networking functions.
![Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (11)
Ähnlich wie Astaro Product Presentation Overview
Ähnlich wie Astaro Product Presentation Overview (20)
Mehr von Fajar Isnanto
Mehr von Fajar Isnanto (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Astaro Product Presentation Overview
- 1. Astaro Product Presentation Name of Presenter, Designation Date of Presentation
- 3. Company Profile The Leading European UTM Security Provider
- 4. Our Business ASTARO is the leading European UTM Security provider for small to medium sized companies and organizations requiring integrated products for Email, Web and Network Security that are cost efficient and easy-to-use. In contrast to suppliers of single- or other multi-function products for internet security Only Astaro offers easy-to-use All-In-One security gateways with complete enterprise-class functionality specifically designed for SMEs
- 8. Successful Asia Pacific Customers Education
- 9. Successful Asia Pacific Customers Government National Economic Development Authority
- 10. Successful Asia Pacific Customers Telcommuniations & Utilities
- 11. Successful Asia Pacific Customers Financial Services Institutions (FSI)
- 12. Successful Asia Pacific Customers Manufacturing
- 13. Successful Asia Pacific Customers Retail and Hospitality
- 14. Successful Asia Pacific Customers Non-Profit Organizations
- 15. Awards SC Magazine - Best SME Security Solution 2010 The final verdict "a great product at a highly competitive price. Overall a great value for the money." SC Magazine - 5 Star Rating Astaro Security Gateway is a "very responsive and strong appliance. Contains all the necessary security and content management features." WINMAG Pro - MKB Best Choice 2009 WindowSecurity.com - Software-Based Firewall Readers Choice Scholastic Administr@tor - Best in Tech for Network Security 2009 VAR Business 2009 Partner Program Guide - 5 Star Rating Linux Magazine - Top 20 Companies to Watch in 2009
- 16. Awards Technology Innovation of the Year Award 2008 „ superior performance” (Frost & Sullivan) Top 100 Innovator 2008 „ exceeding creative and innovative research and development” (Compamedia) PC Praxis Testsieger „ technically outstanding“ (PC Praxis) 2008 Editor’s Best Award „ competitive advantages, value to the customer“ (Windows IT Pro) 3x Best of the Year Award 2x Editor‘s Choice „ To call Astaro‘s Appliance just a UTM would be a major understatement.“ (SC Magazine) 2x Product of the Year „ Among the array of contenders, one product managed to stand out.” CRN Magazine
- 17. Certifications TOLLY Up-to-Spec Certified independent test lab (Tolly Enterprises, LLC) Common Criteria First UTM appliance to receive the Common Criteria certification from the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) ICSA Labs Firewall Certification security industry's central authority for research, intelligence, and certification testing of products (ICSA Labs) VMware - VMware Ready Certification Products that carry the VMware Ready logo have passed specific VMware integration and interoperability criteria and are ready to run mission critical business applications and operations with full VMware support.
- 18. Recognitions “ Frost & Sullivan believes that Astaro is to be a leading company in the UTM market…” - 2009
- 19. Recognitions Figure 1. Magic Quadrant for Unified Threat Management
- 21. Astaro Products in Use
- 22. Security Gateways Comprehensive All-In-One Security for SMEs
- 23. Internet Threats on the Increase Crackers Botnets Spam Phishing Scam Hoax Viruses Spyware Gray ware Intrusions Denial of Service Distributed Denial of Service Ping floods Eavesdropper Script Kiddies Espionage Malware Root kits Adware P2P File sharing Trojans Spit Bots Backdoors Buffer Overflows Hackers Malcode Bugs Key loggers Crime ware Pharming Competitors Identity theft Exploits DNS poisoning Snarf attacks Spam bots Spy bots Trap doors War driving Ransomware ASCII bombs Bluesnarfing Worms Decrypting Reverse engineering Phreaking Port Scanning
- 24. Modern IT-Security Challenges Cost Time Investment IPS SSL VPN Gateway E-Mail/Spam Filter Web Filter GW Antivirus Filter WAN Link Balancer Load Balancer Router Total: Firewall
- 25. The Astaro All-In-One Approach All-In-One Appliance Centralized Management & Reporting Browser-based Unified Management of All Applications VPN & Wireless Extensions Flexible Deployment Software Appliance Virtual Appliance Integration of Complete E-mail, Web & Network protection Networking-Features for High Availability and Load Balancing
- 26. Astaro Security Gateway Unified Threat Management Appliances
- 32. Astaro Security Gateway Products *Pricing based #IPs/Users
- 33. Deployment Models Hardware Operating System Application First UTM Appliance that passed VMware validation program Hardware Operating System Application Hardware Appliance Software Appliance Virtual Appliance
- 36. Branch Office Security Secure Branch Office Connection
- 41. How Does RED Work?
- 46. Wireless Security Secure Wireless Networks for Businesses
- 51. Easy installation Astaro Security Gateway Guest Internet Finance
- 54. Integrated Security Integrated UTM Security Strong Encryption
- 57. Astaro Clients Secure Remote Access to Business Networks
- 61. Astaro Smart Installer Fast Disaster Recovery
- 63. Management Tools Centralized Management of all Security Products
- 66. Astaro Command Center Manage all your security products from a single location
- 68. Easy Management
- 69. Multi-Client Capability for Managed Services
- 70. Products Virtual Appliance* Runs in any VMware environment Software Appliance* Runs on Intel-compatible PCs and servers Free of Charge!
- 73. Astaro Security Gateway Features Enterprise-Class Security Technology
- 88. Astaro Web Application Security
- 89. Astaro Web Application Security Security Patterns
- 93. Astaro Networking Functions Enterprise Class Network Technology
- 98. Astaro Active-Active HA (Cluster) Cluster Nodes Scalability High Availbility Active / Active LAN Master (balancing) Slave Internet
- 106. E-mail Archiving Compliance & Productivity Requirement Solutions
- 110. Deployment Scenario
Hinweis der Redaktion
- © Astaro 2008 Astaro Overview – Page
- © Astaro 2008 Astaro Overview – Page
- © Astaro 2008 Astaro Overview – Page
- © Astaro 2008 Astaro Overview – Page
- © Astaro 2008 Astaro Overview – Page
- © Astaro 2008 Astaro Overview – Page
- © Astaro 2008 Astaro Overview – Page
- © Astaro 2008 Astaro Overview – Page
- © Astaro 2008 Astaro Overview – Page
- © Astaro 2008 Astaro Overview – Page
- © Astaro 2008 Astaro Overview – Page
- © Astaro 2008 Astaro Overview – Page Astaro has won numerous industry awards. SC Magazine continuously give s the Astaro Security Gateway 5 Star Ratings, "Recommended“ & “Best Buy” designations, as well as multiple “Best of the Year” awards. CRN Magazine has also recognized Astaro as an industry leader and has honored the product line by giving us “Product of the Year” awards And PC Magazine too has named Astaro Security Gateway Best of the Year. A complete awards listing is on our website
- © Astaro 2008 Astaro Overview – Page Astaro has won numerous industry awards. SC Magazine continuously give s the Astaro Security Gateway 5 Star Ratings, "Recommended“ & “Best Buy” designations, as well as multiple “Best of the Year” awards. CRN Magazine has also recognized Astaro as an industry leader and has honored the product line by giving us “Product of the Year” awards And PC Magazine too has named Astaro Security Gateway Best of the Year. A complete awards listing is on our website
- © Astaro 2008 Astaro Overview – Page The Astaro Security Gateway has received many important certifications: - ICSA Common Criteria Tolly
- Astaro‘s goal is to provide complete IT security solutions which integrate the right technology and are also understandable, easy to use and pragmatic to employ. Furthermore, the solutions should be independent from the platform. Through the Astaro Security Gateway product family, you are able to establish a central component for the protection of Internet traffic as a whole. The solution can be adopted as self-managed solution, a managed Gateway solution for the customer (CPE) or as cloud-based service available through service providers or partners. Astaro Mail Archiving is a hosted service which simplifies mailbox management and legal compliance requirements. The image in the slide above illustrates the possible deployment scenarios for Astaro products.
- The different threat scenarios for a company's IT infrastructure has heavily evolved over the past 10 years, to the point where new technology updates are constantly required for sufficient protection. This is partly due to the continuous increase in complexity of the IT landscape. The threats themselves are also rapidly evolving and can often only be fought through a combination of different technologies.
- The number and complexity of the tools, which are required for IT security, is also on the rise. Firewalls and VPN gateways no longer provide sufficient protection. The use of Intrusion Detection and Prevention Systems (IPS) has become a mandatory asset and the demand for tools which check e-mails and web downloads for dangerous content such as spam, viruses, spyware, phishing is also on the rise. With every additional tool employed in your IT security infrastructure, the costs, expenditure of time for installation, training and maintenece will also increase. As as result, many company's today cannot cover this requirement.
- © Astaro 2008 Astaro Overview – Page Though the Astaro Security Gateway (ASG) family, we are able to provide an integrated complete solution for e-mail, web and network security. The browser-based management interface allows for easy configuration of all functions with just a few mouse-clicks - also without vast knowledge of technical IT know-how. The Astaro Command Center enables a central establishment and overview for larger and more wide-spread installations of up to hundreds of Astaro Security Gateways. Networking features such as high-availability (HA), clustering, server and WAN link balancing provide constant reliability and scalability for your deployment, usually available only to enterprise solutions. The Gateways are supported by tools which help extend your functionality for smooth daily business operations: Astaro RED offers compülete and centrally administered UTM security for remote offices and can be configured in minutes - without the need of local IT personell. With Astaro Wireless Security , you are able to easily connect our Access Point devices with your ASG's security features. Astaro VPN Clients provide mobile employees with secure and easy to administer remote access to the corporate network. The Astaro Smart Installer is a bootable USB device, with which you are able to easily install the latest version of Astaro Security Gateway software. ASG provides the same functions on all appliance models: hardware, software and virtual, allowing for more flexible deployment scenarios.
- © Astaro 2008 Astaro Overview – Page This slide illustrates different deployment scenario possibilities for Astaro Security Gateway.
- © Astaro 2008 Astaro Overview – Page For every Astaro Security Gateway, a free Essential Firewall license is available. This license provides the base functionality with fundamental security features activated for the protection of company networks. This basis can also be flexibly extended through optional subscriptions for Astaro Network, Web, Mail, Web Application and Wireless Security. Many providers of UTM solutions list in their datasheets a large number of functions. Often enough however, certain product features are only rudimentarily implemented. For example, some manufacturers talk about spam protection when they only employ a single mechanism such as RBL lists. Effective spam protection is only reached however through a combination of different techniques, which are specialized in recognizing certain spam methodology. Enterprise e-mail solutions and Astaro's UTM solutions work in this way.
- © Astaro 2008 Astaro Overview – Page - Secure firewall through flexible filter rules - Supports integrated VPN clients for all important operating systems (Windows, Linux, Mac OS X, iOS, Android etc.) - Recognizes malware in encrypted HTTPS data and prevents users from accepting invalid certificates - Clean mailbox though reputation-based spam recognition with a high positive hit rate - Protection for trusted mails through transparent email encryption (TLS, S/MIME, OpenPGP) - User and group-based web filtering without time-consuming authentication through single sign on - Blocks Skype, Bittorrent and other applications through a mouse click - Integrated Web Application Firewall protects web servers against manipulation and information loss - Flexible scalability through clustering with integrated load balancing for up to 10 Gateways - Integrated wireless controller provides security and WLAN functionality for all connected Access Points
- © Astaro 2008 Astaro Overview – Page Simple management is one of the most important aspects for an all-in-one security solution. Esepcially designed for the requirements of small and middle sized companies, all features can be easily used without much technical security know-how. For this reason, every function can be configured via an intuitive browser-based user interface in many different languages. The intuitive dashboard provides a quick overview about the current status of the Gateway, for example the resources used, active connections and recognized malware. The UserPortal allows every user to see their individual mail log, manage their own spam quarantine or install their own VPN Client configuration with a single mouse click. This saves the administrator much time. Extensive log data, which is stored in a local database, allows the generation of many easy to read reports . Especially in their own user friendliness, many of today's UTM solutions come up short.
- © Astaro 2008 Astaro Overview – Page - Comfortable management through a browser-based GUI in many languages - Low maintenance though automated pattern and firmware updates - Relieves the administrator's burden through Mail and VPN management via the UserPortal - available in over 15 languages - Simple connection for mobile employees through one click SSL VPN with unlimited number of free clients - Automated configuration backup by e-mail and fast disaster recovery through backup import via a USB stick - Reuse existing user and group definitions from Active Directory and eDirectory - Integrated database supported reporting for extensive information with over 120 graphical reports - Integrated management of log data and spam quarantine makes external servers unnecessary - Secure connection for remote locations in just a few minutes - Plug and play configuration for redundant HA and cluster installations through “Zero Config HA“
- The ASG product line covers models for small networks and remote locations with up to 10 users to large networks with up to 5000 users. As opposed to other UTM solutions, Astaro software can be also installed on your own servers. The same set of security applications, including features such as Active/Active Clustering, WAN Uplink Balancing or Active Directory Integration, is available on all Astaro Security Gateway models - no matter if the hardware, software or virtual appliance is deployed. Furthermore, every hardware appliance contains an integrated hard drive for local spam quarantine and log/reporting information. Therefore, even the smallest remote office can get the same protection as a company's central office - without compromise. The ASG 525 and 625 models offer the highest availability through a redundant hard drive and power supply.
- © Astaro 2008 Astaro Overview – Page There are 3 deployment options for all of Astaro’s appliances Software Appliance Since the operating system and all featured applications are bundled within a single ISO image, Astaro software appliances are much easier and faster to install than software applications that require a separate, pre-installed operating system. By supporting a broad range of Intel-compatible server systems, software appliances allow for maximum deployment flexibility on your hardware of choice. The Astaro software appliances are available on CD with a printed manual or can be downloaded directly from Astaro servers and independently burned onto a CD. There is no need for client based software installation. Specific licensing packages are available, varying by the number of users/IP addresses. Hardware Appliance Astaro hardware appliances are based on high quality Intel-compatible server systems with each model offering an identical feature set. Small businesses do not have to surrender important security features due to scaled-down hardware performance. All models offer an integrated hard disk drive in order to locally store quarantined emails and log data, avoiding the need for additional servers. Astaro hardware appliances can be easily deployed at the perimeter of your network to protect all email, web and network user traffic. Since all hardware appliances feature a pre-installed operating system and software, the initial setup will be fast and without complication. There is no further need for client based software installation. With a complete range of models available, Astaro hardware appliances effectively protect networks from 10 to more than 2000 users. Virtual Appliance Astaro virtual appliances allow for easy deployment in virtualized environments. Optimized hardware allocation and reduced hardware expenditure is available since physical computers are able to run multiple virtual servers/appliances in parallel by using the underlying virtualization infrastructure. As a result, it is ideally suited for both managed security services as well as companies of all sizes consolidating physical servers onto fewer virtual systems. The Astaro virtual appliances can be downloaded from Astaro servers and burned independently onto a CD. It can then be installed on any VMware system running either a VMware server or VMware ESX server. Specific licensing packages are available, varying by the number of users/IP addresses. Astaro is one of the few security vendors offering a virtual appliance and we have been partners with VMware for over 5 years.
- Routers for private users are cheap. However, to install these individually and to manage them requires a lot of time investment. Very often, important security functions, which business customers require, are not present. Low-end UTM appliances usually have the obligatory security features. However, if you sum up the effort and the hidden costs for roll out, maintenance, subscriptions and management software, these products are everything but "simple" and "affordable". MPLS and Managed VPN Services are comfortable but require high budgets. Furthermore, they are not available everywhere.
- Routers for private users are cheap. However, to install these individually and to manage them requires a lot of time investment. Very often, important security functions, which business customers require, are not present. Low-end UTM appliances usually have the obligatory security features. However, if you sum up the effort and the hidden costs for roll out, maintenance, subscriptions and management software, these products are everything but "simple" and "affordable". MPLS and Managed VPN Services are comfortable but require high budgets. Furthermore, they are not available everywhere.
- © Astaro 2008 Astaro Overview – Page If your business has many small branch offices such as travel agencies, retail stores, gas stations etc., then you need an easy and affordable way to connect them back to the headquarter location and to keep their Internet access secure – for that, RED makes your life a lot easier. Astaro RED (Remote Ethernet Device) is the first security gateway requiring no local setup. It's complete configuration is performed centrally via an Astaro Security Gateway located at your main office and automatically distributed to the RED appliances. All data for the remote office will then be filtered through the central ASG.
- The small and affordable Astaro RED appliance creates a secure VPN tunnel to a central Astaro Security Gateway. This works like a direct Ethernet cable between the central and remote offices. Astaro RED appliances work similar to a "thin client" in regard to the central Astaro Security Gateway. This means, the entire traffic is redirected to the central office, where the security functions of the central Gateway are running. Through this, remote offices which are connected via an Astaro RED, are able to have the same level of security as their central office location. Astaro RED therefore offers complete enterprise-class security for small remote and home offices (depending on the security features running on the central Gateway).
- Astaro RED is the first complete Security Gateway which does not require configuration or special technical know-how at the local office. The configuration is carried out at the headquarter location and automatically distributed to all Astaro RED devices. Even mass roll outs for up to 100 appliances per day is realistic. Configuration and setup are carried out automatically and are ready in just a few steps: - Appliance can be sent unconfigured to the remote office - At the remote location, an employee will communicate the Device ID to the IT department at the headquarter location (found on the bottom of the appliance) - The IT department will give the RED device a name within the central ASG - A new configuration will be automatically generated - Connect the Internet cable to the Astaro RED - Connect to a computer - Plug it in - The tunnel will be created automatically Requirements: Central ASG needs to run at least V7.505 with the Network Security Subscription (minimum). The remote office needs an Internet connection (Router/ Cable modem with DHCP and Port 3400 open)
- The Astaro Security Gateway works as an "Astaro RED controller" and centrally manages all Astaro RED appliances via a cloud-based provisioning service. The complete configuration, logging and bug fixing is carried out at the headquarter location. Individual administration for each unit is not required. With Astaro RED, the administration of the IP addresses of the remote offices are reduced to child's play. The DHCP and DNS server configuration is carried out centrally in the Astaro Security Gateway and distributed over to the connected Astaro RED appliances. The individual creation and administration of security policies for every single location is also not necessary. You need only to create and administer a global policy which is valid for all remote locations. A further advantage is the integrated reporting function from Astaro which delivers information to all connected networks - without the need for a separate reporting tool.
- Technical facts about Astaro RED
- A WLAN solution needs to be: - simple to administer No WLAN expertise required through auto configuration Fast and simple provisioning of many Access Points for central management - reliable Uninterrupted signal for the entire office - secure Integrated UTM functionality Strong encryption Supports the latest Wi-Fi standards (802.11n)
- Access Points for home users (D-Link, Linksys) Such consumer products are affordable, but offer only a limited amount of features. These are usually restricted in the WLAN area (for authentication, multiple and guest zones) and also in the security area (for content filtering). They are also hard to individually manage, especially when there are more than one in use. Low-end UTM appliances with integrated WLAN (Watchguard, Fortinet, Cisco) These appliances require a substantial initial investment and offer integrated UTM security. However, they have only a restricted areas of application. Since these appliances are usually located in the server room, the whole office will not receive a signal. Enterprise WLAN Soltuions (Aruba, Belden/Trapeze, Meru Networks) These solutions offer comprehensive WLAN functionality, but are relatively expensive and through it's complexity often hard to manage. Furthermore, they require an additional security solution for the protection of the network.
- This slide shows our Access Points (the AP 10 on the left and AP 30 on the right). The AP 10 is for up to 10 users with a maximum throughput of 150 Mbit/s. This WLAN solution is directed towards smaller office environments. The AP 30 is for up to 30 users with a maximum throughput of 300 Mbit/s. This PoE aligned Access Point is available in the design of a smoke detector for a ceiling mount and is directed towards larger office environments. This appliance covers higher requirements for amount of users, signal reach and performance.
- Astaro Wireless Security is a new approach, which serves to simplify the secure and reliable availability of WLAN environments. The integrated wireless controller in the ASG ensures that the affordable Access Points do not require any manual configuration. Astaro Access Points can be positioned anywhere in the office and offer a strong WLAN signal all over the office - the placement behind an Astaro RED is also possible, WLAN access for guests is also available in minutes and many clients can also be protected through the UTM security of the central ASG.
- Plug & Play Implementation Configuration and implementation of the Access Points require only a few steps: - Create a new WLAN in the WebAdmin (network name, zone and encryption should be specified) - Connect the Access Points to anywhere in the network - All Access Points appear automatically in the WebAdmin as "Pending Access Point". - Click on "Accept" and the Access Point automatically creates a tunnel and allows for a secure connection Requirements: Min. V7.507 Min. Wireless Security Subscription
- The Astaro Security Gateway works as a WLAN controller and centrally administers all Access Points. Configuration, logging and bug fixing are all carried out in the Astaro Security Gateway. Astaro Access Points act in regard to the Security Gateway's WLAN Controller as a thin client. The Astaro Access Points do not require any configuration. This means, the controlling functions in the Access Point devices are reduced to a minimum and are found in the WLAN controller instead. A further advantage is the integration of Astaro's reporting function, which delivers information to the connected WLAN clients without the need for a separate reporting tool. An active Wireless Security Subscription is required for the Astaro Security Gateway as a minimum requirement in order to use and administer the Astaro Access Points.
- Placement Choice Astaro Access Points can be placed anywhere in your organization, providing a strong wireless signal all over the office. This allows mobile users the possibility, also in different locations like the conference room, corridors or reception, uninterrupted access to networked data. Multiple Zones All Astaro Access Points support up to 8 WLAN zones (SSIDs), each providing different authentication and privacy settings. This enables wireless guest Internet access without the risk of compromising the integrity of your network. The capacity of broadcasting multiple SSIDs allows the creation of what is often called a "virtual access point", the partitioning of a single physical access point into several virtual access points, each of which have a different set of security and network settings.
- Wireless Access Points seamlessly integrates in Astaro Security Gateway and instantly protects all wireless clients through complete UTM security, as provided by Astaro‘s award winning security technology. With Astaro Wireless Security, all security applications are executed within the central gateway, and all wireless traffic is forwarded to the Astaro Security Gateway. Thus, the wireless clients obtain the same level of UTM security as if they were physically connected to your internal network. Astaro Wireless Security supports state-of-the-art wireless encryption and authentication standards, ensuring the wireless connection is as secure as it gets: PA2-Enterprise in combination with IEEE 802.1X (RADIUS authentication) The Astaro Wireless Security monitoring function also enables users to easily recognize rejected authentication attempts.
- This slide details the technical information of the AP devices. The AP30 is delivered with a PoE Injector as standard! For larger installations, in which a PoE Injector already exists, AP devices without the PoE Injector and mains supply are available.
- Summary
- © Astaro 2008 Astaro Overview – Page
- Remote access to corporate network data from any location at any time is a necessity for mobile or home workers in many businesses. However, setting up these clients on individual PCs often becomes a huge administrative burden. Astaro VPN clients offer secure and flexible remote access for any type of network environment and operating system with minimal administrative effort. Astaro offers two different clients for IPsec and SSL connections. Depending on your individual requirements and client operating systems in use you can easily deploy both clients to securely connect to any Astaro Security Gateway.
- Astaro IPsec Client is a powerful and feature rich client for IPsec based remote access from Windows XP, Windows Vista or Windows 7 based PCs (32 and 64 bit support). Many encryption types available: AES (128/192/256), DES, 3DES (112/168), Blowfish (128/448), RSA (up to 2048 Bit), DH groups 1/2/5/14, MD5, SHA-256/384/512 Windows 7 (32 and 64 Bit support).
- Astaro SSL Client is an easy-to-use client for transparent SSL access to all company applications (no “Webifier” required). Installs on Windows, Linux, MacOS and UNIX operating systems. Available free of charge with any Astaro Security Gateway!
- © Astaro 2008 Astaro Overview – Page
- The Astaro Smart Installer is a special USB device that contains a unique chip which allows emulation of a USB CD-ROM. With it you can place the latest version of an Astaro image on an Astaro Gateway, if for example the installation is many updates or major versions behind. This saves the long process of applying many updates or moving across major versions all at once. Furthermore, a configuration backup can be easily installed after a system crash - without manual intervention.
- What are the challenges when many Gateways are used in one comapny?
- How are central management tasks approached today?
- © Astaro 2008 Astaro Overview – Page Whether you have two or more than two hundred ASGs deployed, Astaro Command Center (ACC) saves you time and makes your life much easier! A browser-based GUI provides a centralized point where administrators can get a global view of their infrastructure and keep aware of events in real-time. Working with multiple sites has never been easier. Real-Time Monitoring of Critical System Parameters An overview for license status, threats, Fireware/Pattern updates, resources in use and other parameters in real-time. Aggregated Reporting Creates company-wide information on all Gateways via a central consolidated report. Inventory Management A fast overview about the properties of devices such as software version, CPU, memory, hard drive, network interfaces, CD-ROMs and more. Central Device Management “ Prefetch” and install pattern and system updates. System shutdown and Reboot. Central Configuration Global configuration of IPsec, Packet Filter configuration and Web Proxy Policies. Role-Based Administration Simultaneous management through users with differing administration rights - full revisioning available.
- © Astaro 2008 Astaro Overview – Page Dashboard view provides a quick overview about critical system parameters. List view shows all details about connected ASGs. Through the drill down and filtering possibility, specific important parameters can be featured.
- © Astaro 2008 Astaro Overview – Page The Command Center can be deployed in different ways: A) Deploy Astaro Command Center at the corporate headquarter location to distribute management tasks among regions or departments. B) Deploy Astaro Command Center in MSP environments to offer managed service with role-based multi-client access.
- © Astaro 2008 Astaro Overview – Page The Astaro Command Center is available on two platforms. The software can be run on a dedicated, Intel-compatible PC of your choice, or as a Virtual Machine within a VMware environment such as a VMware Player or VMware ESX. Both appliances include the Linux OS with many applications and updates and maintenance. Both, the software and virtual appliances are available as free full versions.
- © Astaro 2008 Astaro Overview – Page Summary
- © Astaro 2008 Astaro Overview – Page The Essential Firewall contains the fundamental basis security functions which every business should use such as a firewall, network tools, routing and secure remote access. These are all available free of charge for all Astaro appliances - also for commercial use! With the integrated firewall, unauthorized access to internal and external resources are rejected and hacker attacks blocked. The Essential Firewall contains: Stateful Packet Inspection Firewall - Packet filtering which searches Packet headers - Stateful packet inspection – follows events via sessions and recognizes logging irregularities - All data packets are checked twice: upon entering the Gateway and upon leaving Flexible Rule Management - For hosts, networks, groups or VPN users - Time based activation - Interface based rules Network Address Translation - SNAT/DNAT - Masquerading Remote Access VPNs: - PPTP & L2TP Network Services - IPv4/IPv6 dual stack - Static Routing - Transparent bridging - DynDNS client - NTP server - DHCP Server/Relay - DNS Server
- © Astaro 2008 Astaro Overview – Page Hackers develop their attack methods continuously so firewalls alone can only recognize few attacks. Support is provided by Intrusion Prevention Systems (IPS) which are able to detect new forms of worms and other exploits. Furthermore, site.-to-site VPNs are required in order to create secure connections from remote offices to the central location. With the introduction of Astaro RED, there is now another possibility to connect remote offices to the central location without any configuration. All of these functions are available through the Astaro Network Security subscription.
- © Astaro 2004 Astaro Security Linux – Page The integrated VPN Gateway provides the following functions: - Site-to-Site VPN for secure communication between two locations - Supports IPsec and SSL protocols - Star, hub-and-spoke and fully meshed configurations - Remote access for home workers and mobile users (Road Warriors) - Supports IPsec, SSL, L2TP and PPTP VPNs - Integrated clients in all operating systems (Windows, Linux, Mac OS X, iOs, Android…) as well as the Cisco IPSec Client Astaro IPsec Client Astaro SSL Client: Free download without user restrictions - Supports all Major Encryption and Many Authentication Methods - IPSec offers high interoperability with other devices - XAUTH allows for integration of One-Time-Password systems - Internal Certificate Authority - Full Public Key Infrastructure (PKI) Support
- © Astaro 2004 Astaro Security Linux – Page The functionality of the Intrusion Prevention is seamlessly integrated in the firewall. An intuative summary of the rules in simple to activate categories (mail server attacks, web server attacks etc) simplifies management and does not require detailed know-how on special protocols. Through participation in the Microsoft Active Protections Program (MAPP), Astaro is one of the few vendors who are able to block Mircrosoft specific attacks - long before official recognition and also before Microsoft patches are available! The database contains rules for: Probing, Port Scans, Interrogations, Host Sweeps Attacks on application weak-spots Protocol exploits MAPP (Microsoft Active Protections Program) Signatures Intrusion Detection and Prevention: Admin notification or the immediate blocking of traffic Performance Management Interface: One click to create complete rule sets for e.g. for e-mail or web server requirements
- © Astaro 2008 Astaro Overview – Page Astaro Mail Security ensures that the abuse which email is subjected to, such as spam, viruses and privacy issues, do not affect your daily business routines. Through this application, real messages are properly delivered and employees can find what they need without being exposed to damaging content. Dual yet individual virus engines operate in parallel to scan and block threats in content before it has a chance to enter the network. Astaro Mail Security stops spam, phishing and other unwanted email before it gets delivered and clutters up mailboxes. The combination of many different recognition mechanisms offer a high hit rate and low amount of false positives. Through Astaro's Email Encryption, sensitive information can be automatically encrypted and protected against external spys.
- © Astaro 2004 Astaro Security Linux – Page Astaro E-mail Antivirus offers the following functions: - Dual Independent Virus Scanners with Multiple Detection Methods - Virus signatures, heuristic analysis - Blocks viruses, worms, Trojans and other malware before they reach the mail server or desktops Scans SMTP and POP3 traffic - Huge Signature Database with more than 800,000 virus signatures - Frequent automatic updates - Flexible Management - Can specify file formats (endings) and content (MIME type) to block - Emails and attachments can be dropped, rejected with message to sender, passed with a warning or quarantined
- © Astaro 2004 Astaro Security Linux – Page Astaro Anti Spam: Identifies and Disposes Unsolicited SMTP and POP3 Emails Highest Detection Rate through Combination of Multiple Methods to Identify Spam - Reputation service with spam outbreak detection (format and language agnostic) using patented Recurrent-Pattern DetectionTM technology - Realtime Blackhole Lists (RBLs) - Dialup network blocking - Greylisting - BATV (Bounce Address Tag Verification) - SPF (Sender Policy Framework) record checking - Expression filter - Recipient verification - Reverse-DNS & HELO syntax checks… Flexible Management - Emails and attachments can be rejected with message to sender, passed with a warning or quarantined
- © Astaro 2004 Astaro Security Linux – Page
- © Astaro 2004 Astaro Security Linux – Page En-/Decryption and Digital Signatures for SMTP Emails Supports OpenPGP and S/MIME Completely Transparent to the Enduser No additional Software on Client PC required Easy Setup Only three configuration steps to start Central Management of all Keys and Certificates No key or certificate distribution required Allows Content/Virus Scanning even for Encrypted SMTP Emails
- © Astaro 2008 Astaro Overview – Page The unrestricted usage of the Internet, Instant Messaging, and Peer-to-Peer Programs not only reduces employee productivity, but can also lead to serious legal liability. Furthermore Malware hidden within downloads, needs to be filtered out to protect users and PCs from infection and data loss. The Astaro Security Gateway Web Security subscription protects your organization and your users and gives you visibility into how they spend their time online. Spyware and viruses in FTP, HTTP and even in encrypted HTTPS data is reliably recognized and stopped, before they are able to reach the network and create any damage. The URL filter ensures when and where your employees spend their time online. With IM/P2P filtering, you are able to restrict the use of instant messagng and Peer-to-Peer applications. All information is collected and displayed in detailed reports, which shows how effective your security policies are and which areas need to be worked on.
- © Astaro 2004 Astaro Security Linux – Page - Blocks (Unintentional) Downloads of Spyware, Adware, and Other Malicious Software - Prevents Infected Systems from Sending Information Back to the Spyware (Home) Servers - Checks Against a Database of Known Spyware URLs - Filters and Removes Active Content Such as Java, Active X, Flash, Cookies, VBScript or JavaScript
- © Astaro 2004 Astaro Security Linux – Page Web Antivirus/Malware: Reliably detects and blocks viruses, worms, trojans, and other “malware” in emails, web and FTP downloads before they reach email servers or desktops Scans HTTP, HTTPS and FTP, traffic Web & FTP Downloads Web-based E-mail (MSN Hotmail, Yahoo! Mail) Dual Independent Virus Scanners with Multiple Detection Methods Virus signatures, Heuristic analysis Huge Signature Database with more than 800,000 virus signatures Frequent automatic updates Flexible Management Can specify file formats (endings) and content (MIME type) to block
- © Astaro 2004 Astaro Security Linux – Page URL Filter: Controls employee web usage Improves productivity Ensures compliance with company-wide surf regulations Administrators can restrict web resources via 96 pre-defined categories Games, shopping, drugs, jobs, sport, entertainment, etc. Additional categories can be individually managed Filter Might also Consider Global Reputation Whitelists and Blacklists to Tailor Access for Groups of Users Many User Authentication Options IP Address, Active Directory SSO, eDirectory SSO, LDAP, RADIUS/TACACS+ Time-based access policies
- © Astaro 2004 Astaro Security Linux – Page IM Client examples: AOL IM, ICQ, MSN Messenger, Yahoo! Messenger, IRC, Google Talk/Jabber, Tencent QQ, Skype P2P Client examples: Applejuice, Ares, Bittorrent, Direct Connect, Edonkey, Gnutella, IMesh, MUTE, Manolito, Pando, Share, WinMX, Winny Flexible control: Depending on application the administrator can decide to either allow or block it completely, block file transfers only or just log its usage Specific users/IP addresses can be excluded from general rules Specific hosts and networks can be excluded from IM/P2P control Granular Bandwidth Control Define max. allowed bandwidth per application
- © Astaro 2008 Astaro Overview – Page Astaro Web Application Security hardens your web servers using Reverse Proxy technology to protect them from modern attacks and data loss. With it, you can securely offer applications like Outlook Web Access (OWA) and guard against techniques like SQL Injection and Cross Site Scripting (XSS). Stop hackers from using these types of attacks to gain access to sensitive information like credit card data, personal information, and social security numbers. Astaro Web Application Security aids you in compliance efforts where a web application firewall is required, such as PCI-DSS. Reverse Proxy will monitor and manage the connections to and from your Web or Outlook Web Access servers. Using this technology, Astaro can scan of all the transactions occurring in real-time while giving you layered security options for how the Internet interacts with your servers both over normal HTTP and encrypted HTTPS. The integrated Web Application Firewall offers a series of functions to protect your web server and applications: - A scanning engine recognizes and reliably blocks viruses, worms, Trojans and other malware in server uploads and downloads, before they reach the server of the user. - URL Hardening ensures that website visitors occupy only the areas publically presented and have only access to specifc content. - Cookie Signing prevents that the content of a cookie, that is given out from your web server to the user, is manipulted.
- Different types of attacks require different mechanisms for recognition. One mechanism is the use of patterns, similar to that in a IPS-System. With this, many of the usual SQL injection and XSS attacks can be recognized and prevented. Astaro WAS uses a comprehensive set of patterns, which are updated live. - Over 350 patterns dedicated to this single area of protection - Live-updated in real time using Astaro Up2Date technology - Can be configured by any administrator, no special training is required - Support for multiple profiles which can be applied to different servers separately - No complex regular expressions to master - Reduces the risk of data theft and site tampering.
- Astaro WAS inspects all outgoing and returning cookies <click> - Outgoing cookies are stamped with a digital, tamper-proof signature Returning cookies are inspected by WAS - Invalid or missing signatures will cause cookie to be discarded (Cookies not issued by the server will have no signature at all)
- URL hardening checks every website request that a visitor is allowed to make; restricting them to valid ones only. For this, the administrator needs only to define the initial URL (for example www.astaro.com). When a page is then requested, WAS checks the links to the sub pages and objects and saves these as &quot;allowed&quot; URLs. For our example, allowed URLs would be \\products, \\solutions etc… <click> If someone tries to access www.astaro.com\\admin.php for example via manual intervention, WAS will reject the request. Additionally, the URLs and objects which are sent to the browser from the server will be signed. <click> Through this, the manipulation of single parameters such as /resources.php?userID=123 can be prevented.
- Another feature of Astaro’s Web Application Security is the Antivirus features. With two engines which operate separately in parallel it is possible to scan uploads and downloads <click> This prevents users from uploading files like email attachments (OWA) or posting infected content to your bulletin board (UBB). On the other side it prevents customers/visitors from becoming infected should your site attempt to distribute a virus to them.
- WAN Link Balancing enables the simple and simultaneous use of many Internet connections. With this extension, Astaro allowed the option of an active/passive setup (the second connection will then only be used when the first connection is not available). Alternatively, the new Multipath-Balancing can be used. The new active/active balancing enables you to distribute many connections and fix standard priorities for respective connections in case of a sytsem crash. This scenario shows a configuration with a special type of data transfer (Web/Mail) which is connected to a special uplink interface. Both connections serve as opposing security systems in the case one fails.
- Sales Kick-Off October 2006 © Astaro 2006 Whats’s New in Astaro Security Gateway V7 – Page Ethernet Link Aggregation enables many Ethernet-Ports to be logically connected for: - More performance - More stability and reliability Requirements: The connected partner needs to support link aggregation (802.3ad)
- Incoming data traffic can be dynamically divided over many servers in a cluster. The failure of a server in the list (dead peer) will be immediately recognized through a customizable availability test (health-check - TCP, ICMP (Ping), HTTP Connect or HTTPS Connect). Session persistence guarantees that clients are always connected with the same server. This should prevent the crash of existing sessions, which the client would be forced to usually do, and the information would need to be reentered (for example with online shopping).
- With active/passive HA, a slave system operates in stand-by operation. In normal operation, all tunnels, firewall connections and quarantined objects are synchronized. <click> In the case that the master fails, the slave takes over in less than 2 seconds. -> After the take over, the IPsec tunnels do not need to be rebuilt. Both devices are logically available for management, but only one is visible.
- The Active-Active (Cluster) mode offers high availability as well as integrated load balancing for up to 10 nodes. The load balancing is steered by the master, therefore an external load balancer is not required. As opposed to other cluster solutions, the master node inspects every data packet before it is forwarded to the other nodes. This ensures that only the performance intensive tasks such as virus scanning, IPsec or Intrusion Prevention are distributed to the other nodes. The existing network environment does not need to be updated - the complete cluster is considered as &quot;one&quot; routing device inside of the network. New nodes can be added during live operations. The whole configuration, all connections and Firmware releases will be automatically synched during operations. The synch load between the node is minimal thanks to the innovative Astaro algorythem. Astaro Active-Active HA enables the use of fully networked configurations via redundant switches (intern/extern). Advantages Drastically improved performance (up to 1 Gbps) for complex scanning tasks. Makes ASG to one of the most performance strong security solutions on the entire market.
- Through &quot;Zero-Config HA&quot;, configuring HA environments is reduced to child's play. All devices are set to “Automatic Configuration“ as standard With the connection of double devices via the HA interface, configuration follows independently in Active-Passive HA mode. In order to configure a Active-Active (Cluster), you need only to change the HA-mode on the master to &quot;cluster&quot;. All devices then independently register in the cluster No additional configuration is required for the slave nodes of the cluster
- Astaro Security Gateways support the uninterrupted power supply (UPS) from APC and MGE. This works by the signal of a power cut (change to battery supply) via the USB port, then a message is sent to the admin. After a critical battery level has been reached, the ASG is &quot;ordered&quot; to then power down.
- Astaro Security Gateways offer different routing functions: Static routing enables the manual entry of routers in the WebAdmin. Via policy routing, the paths are independently defined by the source and target address as well as by the data type in order for VoIP data to find the least low-lag path or for unimportant information to find the cheapest connection route for example. Dynamic OSPF routing enables the automated recognition of current network topologies and the selection of the most optimal route. Changes to the topology (for example with power loss) will be automatically recognized. Astaro supports OSPF V2 - RFC 2328 inclusive of MD5 and password authentication. OSPF is the most used protocol inside of large backbone networks and offers many advantages as opposed to older protocols such as RIP. Multicast routing allows for the distribution of single packets to many recipients, which for example makes the assignment of media streams much more efficient.
- The integrated DHCP proxy can be used as a server to supply clients in local networks with dynamic IP addresses. It can also be appointed as a relay in order to forward address requests to an external server. For every network Interface, different DHCP configurations are possible.
- The integrated DNS proxy allows for flexible resolution of domain names in IP addresses. Not only can different external DNS servers be used, but also unique static entries in the ASG can be administered. A local cache accelerates the requests to the DNS server. Split DNS allows the possibility for requests to specific domains to be forwarded to a local DNS server.
- Astaro QoS can guarantee bandwidth availability for certain types of outgoing network traffic. This bandwidth is however not continuously reserved and blocked off for other applications but only applied when the bandwidth availability becomes tight. For example, when unimportant data is taking up too much of the whole bandwidth availability. Applications (for example P2P, Surfen, ERP, VoIP) can be simply defined through a data selector (also when used by ToS and DiffServ flags) and certain bandwidth pools with priorities can be allocated. For certain data types, (such as Skype, Bittorent etc.) there are predefined selectors. All settings can be made by each Interface. Incoming traffic is optimized by different techniques such as Stochastic Fairness Queuing (SFQ) or Random Early Detection (RED) in order to avoid data queues.
- When it comes to e-mail management, we find three challenges which administrators face all the time: The first and most unpopular, due to its complexity, is compliance, as in most countries e-mail communication has to be archived by legal or regulatory compliance requirements. Tools are therefore required to archive e-mails securely for defined periods of time and also make sure they are deleted when expired. The next challenge is the sheer e-mail volume clogging valuable storage space on your mail server as well as the growing amounts of individual mail files (PST files) that are simply not manageable on a larger scale. They are often not backed up and also are slow when searching through them (which is not possible with OWA at all). And last but not least, e-mail discovery is a very important task, as the vast amount of information formed by all those messages must be searchable to produce fast and reliable results – also a task often left to the pc-client and end-user who must browse through large e-mail folders to retrieve specific e-mails which is slow and frustrating.
- When you are looking into solving these kind of problems, you will find that an e-mail archiving solution will just the answer. However, looking at today‘s offerings you will also quickly realize that there are three different types of solutions available. The first type are pure software solutions. As a pure on-site software installation, it fits quite nicely into your corporate environment, but at high cost: You will have to provide your own hardware - which also is the limiting factor, it‘s expensive in terms of initial investment AND maintenance. And last but not least, when it comes to scalability, you will find that it doesn‘t really scale well at all. The same is more or less true for appliances. Slightly lower maintenance costs and a less tight integration into existing environments but still the same scalability issues and hardware limitations. A newer and far better approach comes with the hosted archiving services. They offer very low initial investments and are mostly easy to use solutions that don‘t require installation efforts on-site – if at all. However, most of the services you will find today have additional hidden costs and storage limits. They do a very good job in hiding these facts with very intransparent licensing models.
- Astaro solves all of the challenges we have just talked about by offering a cloud-based e-mail archiving service that is easy to setup, accessable from everyware and scales with your growth. Astaro Mail Archiving is easily setup after a simple registration and automatic provisioning process and archives e-mails from MS Exchange Servers over an encrypted internet tunnel, storing them securely into data centers. Once in the archive, you can access all of your corporatate e-mail from anywhere, anytime through an Outlook Plugin or WebGUI that allows an instant and easy, Google-like search. To get deeper into the beauty of our solution, let‘s first look at the setup...
- To set up Astaro Mail Archiving, you practically don‘t need to install any additional hardware or software at your site. By using the Journaling function of your existing MS-Exchange server (MS Exchange 2003, 2007 and 2010 are supported), the installation is complete within 15 minutes of registration and you can start to archive your e-mails. This enables you to archive all incoming, outgoing, and internal e-mails and transfer the majority of your e-mails to the cloud - so that the required storage space on your mailbox server can be reduced.
- Compliance is usually the main challenge when considering an e-mail archiving solution. Astaro Mail Archiving makes the task simple: Only archive what you really need to by filtering out undesired messages and individually selecting the archiving period for the messages that you want to archive: whether you archive messages for a year or a decade, Astaro will not charge you any more! Of course, all actions are carefully monitored and logged so that evidence can be provided whenever necessary. There are also special auditor roles, which provide auditors with the ability to access all company messages, for example. If desired, these roles can be secured by a dual control principle.
- Whether auditor or end-user: Your search will produce results in seconds and will not only search e-mail content but also all attachments. You can choose between two Google-like search options: Use a web interface when on-the-go or if you need to perform auditor searches or choose an Outlook plug-in (for MS Outlook 2003, 2007, 2010) which seamlessly integrates into your familiar work environment.
- Users practically don‘t have to learn or even change the way they work with e-mail. The plugin integrates seamlessly into the Outlook clients and messages can be handled the same way as you are used to. Even drag and drop operations are possible and for convenience, searches are automatically saved! As an extra advantages, you will even get the possibility to upload existing e-mails such as PST-files or older mailbox folders into the archive.
- When it comes to storing your valuable e-mail communication into the cloud, the Astaro Mail Archiving service ensures that your data stays secure: High availability data centers receive your e-mails via a TLS encyrpted link to your corporate e-mail server. Once processed, the data is encrypted and stored in redundant storage networks, where it is also automatically backed up to a separate data center. Astaro Mail Archiving is flexible and convenient to use with support for user synchronization through your local Active Directory or for example support for multiple transport forms and formats. Even importing exisiting data is easy through the PST-file import.
- Licensing for Astaro Mail Archiving is straight-forward and transparent: The product is licensed per mailbox and has typical user scales as shown in the slide here. Beside your appropriate scale, you only have to choose whether you want to sign for a 1, 3 or 5 years period. And to be clear: this not only includes the right to archive e-mails for the amount of users, you will also truly have no limitations: - No storage limit This means that for licensed users and regular business use, you will be able to archive messages without worrying about growing disk space - No retention time limit This means that only you decide whether you want to store an e-mail for 1 or 10 years, no additional fees are applied if you want to store for longer. - No additional fees for PST import Have tried to get existing PST files into any other cloud from our competitors? We not only can tell you how this is easily done, we tell you also how much it additionally costs: Nothing!
- Summary