  |
||
-AltaVista Firewall-Technical Issue (Specific)What Internet services can be accessed through AltaVista Firewall?Does AltaVista Firewall contain both predefined and custom security policies? What is the source of AltaVista Firewall technology? Can AltaVista Firewall be expanded to handle larger, more complex environments? What sorts of logs are generated? What sorts of authentication mechanisms are provided for incoming users? Does AltaVista Firewall contain any alarms, traps, or lures? Has AltaVista Firewall been independently tested or certified? Does AltaVista Firewall include anti-spoofing software? Can AltaVista Firewall take evasive measures against an attack on the firewall? Can AltaVista Firewall generate custom reports? Does AltaVista Firewall install in a secure or unsecured mode?
Q: What Internet services can be accessed through AltaVista Firewall? A: AltaVista Firewall includes application gateways which let you securely access the following popular Internet services: Electronic mail (SMTP) Additionally, an easily configurable, generic TCP-application gateway is included for use with your non-standard services.
A: Yes. To determine your security policy for each Internet service, you simply point-and-click through the intuitive menu of predefined security policies, and select the one that best suits your business and security needs. The predefined policies are designed to simplify configuration and ensure correct settings of policies that might otherwise compromise the firewall. Predefined security policies also offer a simple "turn-key" solution for less experienced firewall administrators - now they can be sure that the security policy is secure. The firewall also offers the ability to create custom security policies, for more flexibility.
A: AltaVista Firewall is based upon proven and tested application-level firewall technology, developed by Digital over a decade ago to protect its own Internet connections. These Digital connections are among the busiest in the world, with over two million mail messages passing through them each day. AltaVista Firewall and its predecessors, Digital Firewall for UNIX and Digital SEAL, have been installed at the highest level of US and foreign government sites, countless Fortune 500 sites, and many smaller businesses around the world.
A: Yes, AltaVista Firewall is now available in your choice of platforms-Windows NT(Intel & Alpha), BSD/OS and Digital UNIX, which enable it to easily scale from small businesses to enterprise environments.
A: AltaVista Firewall logs everything of interest. There is also an extensive reporting system which analyzes log data based on data throughput, connectivity, source, and destination. Audit logs show every connection, as well as the times and amount of traffic transferred for each session. Reports can be easily customized via the software's graphic interface.
A: AltaVista Firewall supports strong user authentication using a variety of authentication methods. The use of authentication is optional - you can configure individual application gateways to require authentication for incoming or outgoing connections, or both. Predefined security policies require authentication for incoming FTP and TELNET connections: it is a basic security requirement that unauthenticated users are not allowed to connect to systems inside the firewall.
A: AltaVista Firewall includes the most comprehensive real-time alarm system available today. This system automatically detects events that pose a potential risk to your networks as they happen, not after they happen. Upon detection, real-time alarms trigger you to respond to the threat. Through the GUI you can easily configure alarms to notify you or members of your team by mail or pager.
A: Yes. AltaVista Firewall has received NCSA certification (see http://www.ncsa.com). It has also been independently tested by a variety of groups. Digital has tested AltaVista Firewall with SATAN and failed to find any security vulnerabilities. SATAN is a collection of tests that probe for security vulnerabilities in networked systems. SATAN probes for security holes that are generally known to industry security experts. Thus, properly configured firewalls will be able to repel SATAN's probes. And AltaVista Firewall is able to do so. Q: Does AltaVista Firewall include anti-spoofing software?
A: Yes. The firewall includes unique software to prevent IP-spoofing attacks, including modifications. In an IP spoofing attack, a system on the untrusted side (Internet) of the firewall identifies itself as being on the trusted side (your private network). AltaVista Firewall recognizes which side of the firewall a host should be on. If a packet that purports to come from inside the firewall arrives on the external network interface, it is rejected and the event is logged. Q: Can AltaVista Firewall take evasive measures against an attack on the firewall? A: AltaVista Firewall includes a unique evasive action mode which allows you to configure the firewall to use its inherent intelligence to automatically take evasive action when under severe attack. This means the firewall can automatically respond to the attack by:
Q: Can AltaVista Firewall generate custom reports?
A: The AltaVista Firewall lets you easily make point-and-click selections from a menu of report types detailing individual service usage over various periods. You can even configure the firewall to automatically mail each report type on a daily, weekly, or monthly basis to one or more recipients. Q: Does AltaVista Firewall install in a secure or unsecured state?
A: AltaVista Firewall is automatically installed in a secure state. That means during initial configuration, the firewall blocks all traffic and logs all events. All Internet services are switched off - the administrator must explicitly turn on any required service. When the service is first switched on, the most restrictive security policy for the service is set by default. The administrator must explicitly set a less restrictive policy. This ensures maximum security and minimized room for error. With the AltaVista's predefined policies and secure installation mode, the firewall can be up and running in hours rather than days! | ||