• Press Kit
• Pictures
• Professional Articles
• Distribution List
• Archiv  

Two-Tier Firewall GeNUGate

• Download PDF

The only Highly Resistant Firewall Worldwide with Certification to CC EAL 4+

The GeNUGate firewall offers two-fold protection at the critical transition point between public and local networks: with an application level gateway on the outside, and a packet filter on the inside. Another packet filter, a rule-configured router for example, can easily be integrated to create a triple-level firewall system. GeNUA , the company that designed and implemented this concept, decided to have the system tested by the German Federal Office for Information Security (BSI) according to the international standard Common Criteria (CC). This involved disclosing the source code and completing a comprehensive test procedure. The result was certification of the system at level EAL 4+. In addition, the firewall was classified as highly resistant, as the central security feature self-protection complies with level EAL 6 requirements. GeNUGate is the only firewall worldwide which provides this relevant security feature.

GeNUGate: Complete solution with two firewalls

GeNUGate is a complete solution, comprising the required hardware, operating system and firewall software. All components are perfectly matched, and designed to meet the strictest security requirements. Accordingly, the operating system is trimmed back to its essential functions, with hardening at critical points, and the application level gateway and packet filter run on two separate computers, each protecting the other.

Application Level Gateway and Packet Filter - Multi-Level Teamwork

At the heart of the firewall system is the application level gateway. This breaks the incoming data flow down at application level, and analyzes and filters all the packet content. A user authentication procedure is also carried out. No link to the destination is established until these checks have been successfully completed. The application level gateway never allows a direct connection between the Internet and the local network  thereby providing an important protective function. The packet filter operates on the inside, running checks on data packets at network and transport level based on the header information IP address, protocol type and port number. The protection mechanisms provided by both these components access different network levels, and combine to create a compact two-level firewall system.

Effective protection against hazards from the Internet

The combination solution provides effective network protection against hazards from the Internet. Attacks are recognized, classified and reported to the administrator, according to their level of importance. They will often have been identified already by network port monitoring functions, e.g. by scanning activities. GeNUGate provides a content filter to deal with active content in e-mail, www, POP and news services that could potentially be used to mount attacks: Java, JavaScript, VB-Script and ActiveX can be neutralized or removed, as desired, and filtering by cookies, MIME types, extensions or URLs is also possible. In addition, GeNUGate can recognize and immediately reject data packets with counterfeit IP addresses. The firewall affords protection against spam, since the system cannot be misused as a mail relay and has effective filters, such as tagging and gray- and blacklisting, to block unwanted e-mails. The application level gateway, which interrupts the communication path and translates the data, also conceals the entire name and address space from the outside environment. A further security feature provided by GeNUGate is the optional integration of a virus scanner into the firewall system.

Cluster for High Bandwidths and Availability

GeNUGate is a highly flexible firewall system that can be customized to meet many different user requirements. The system comes in four hardware versions: GeNUGate 200, 400, 600 and 800. These systems can also be combined into any number of high-performance clusters, to satisfy the most demanding requirements in terms of bandwidth and availability. Configuration and administration of the firewall are carried out via a web GUI or, if several systems are applied, via a central management station.

Contact for more information:

GeNUA, Gesellschaft für Netzwerk- und Unix-Administration mbH
Dietmar Bruhns
Domagkstrasse 7
85551 Kirchheim
Germany
phone +49 89 991950-169
fax +49 89 991950-999
dietmar_bruhns@genua.eu
www.genua.eu