CZ
Home > Technologies > Kernun Net Access
Kernun Net Access
Safety means lowering the number of Internet attacks to a minimum! Kernun Net Access knows about every move made on the Internet!
It protects and controls valuable information, data, company know-how, emails, protocols, computers – simply put, your entire private network. Thanks to the unique technology, it unifies all safety features into one system and provides complex protection for the entire network and all its applications against Internet attacks.
High level inspection
Kernun Net Access is a new type of UTM (Unified threat management) secure device, offering more features in one package, for example, firewall, antivirus, anti-spam, antispyware, content filtering, detection (IDS or IPS), routing, QoS, VPN, etc. It has been designed to protect private data networks and DMZ segments (demilitarized zones, including servers with public services, for example www, ftp, mail servers, secure remote VPN connection, etc.). It provides antivirus and anti-spam protection, blocking of unsuitable protocols (skype, icq, etc.), as well as unsuitable www pages.
Unlimited use
Kernun Net Access is typically used as a secure gate between the Internet and protected internal network, which also includes virtual private networks (VPN). The number of internal networks is technologically unlimited.
Secure policy
Kernun Net Access is highly flexible during the secure policy implementation process. That includes simple rules of status inspection, as well as sophisticated management on the level of application protocols. Thanks to its ability to inspect the contents of each application protocol, this technology is an ideal solution for environments with high security demands.
Modern and secure equipment offers:
- discovering the newest safety threats in data networks, in the Internet, complex protection,
- superb level of security and elimination of potential threats,
- reconstruction of events (even past events),
- detailed records about all procedural events and data flow,
- evidential materials relevant to safety investigation management of breaches.
Incomparable warranty
Kernun Net Access – is the only product on the market distributed with a software warranty valid for a certain number of days when an error is discovered.
What are the advantages of Kernun Net Access?
- High level of security relevant to the application level (communication monitoring, through all levels), 100% secure
- High data permeability/transferability, broadband width management, unlimited communication
- VPN network – possibility to work from home or while on the road
- Contents control, controlled resource utilization
- Intrusion Prevention System (IPS)- automatic reaction to attacks
- Detailed records of run operation and user sessions, easy orientation in events that already happened
- Connection into cluster, high availability
- Central management, easy management from graphic console
- Authentication with strong encryption algorithms, hardware tokens
Kernun Net Access standard components
Application proxies
A large amount of application proxies are used to analyze transferred data and to interpret its contents. They may not be confused with the http-cache proxy that is used as buffering memory only and not as safety measures. The application proxy offers a higher level of security than status control of IP datagrams, because it eliminates direct communication between communicating parties. It works as a middle element; it assembles new and guaranteed to be correct connection towards the client and server. The proxy understands application protocols. If not, then it will not allow such connection.
Stateful packet inspection
All communication is checked by packet inspection tool. Modern and advanced stateful packet engine offers remote OS detection, bandwidth management and DoS protection combined with high level of both throughput and security. Moreover, bi-directional address translation, traffic normalization and detail connection logs are available.
VPN server
Virtual Private Networks are absolutely necessary in many organizations. For example, they are necessary for travelling users, who must enter their system, or for partners who need access to business applications. They all require and need some method of transparent and secure channel.
Kernun Net Access is very flexible as far as the VPN setup is concerned. The supported protocols are Ipsec/IKE, PPTP, L2TP and OpenVPN; the last one is suitable for client connection to the network (client-network, point-to-multipoint), as well as for network interconnection (network-network, point-to-point). The possibilities are higher than possibilities of other protocols and at the same time it stays simple and open. A typical setup includes the utilization of X.509 certificates and modern coding/encoding methods to ensure authenticity, integrity and privacy.
WWW pages filter and content inspection
It will eliminate displaying unwanted contents on protected equipment. It eliminates risks that may become real if you visit certain web pages, even unwanted web pages, containing risky contents, like javascripts, ActiveX components, flash players etc. Access to web servers can be granted on the basis of pattern appearances in server names or URI.
As an optional extension there is a possibility to purchase an updated index of known www servers categorized according their content – see sektion Webfilter within Optional components.
Optional components
Antivirus
Proxies designed for file transfer perform antivirus checks of the transferred data. Based on the configuration, some types of documents may be excluded from the inspection (for example, html or gif files) and based on the result produced by the antivirus programme, you may select a specific method of the document elimination, shredding, quarantine, replacement of the infected document by other document and so on. The following antivirus engines are supported: Dr.Web, NOD32, McAfee, Symantec, Clamav.
Antispam
Proxies for electronic mail protocols enable you to perform anti-spam checks of transferred messages. Combined with antivirus inspection, you may build a robust system that will keep your mailbox clean.
IPS/IDS
Powerful IPS/IDS engine searches all network traffic for known attacks. The database of known attacks is regularly updated with new samples of attacks. In the IDS mode, each found attack is logged and alarm is triggered, while in the IPS mode, the connection with the attacker is immediately blocked.
Webfilter
Index of web pages and URI addresses contains more then 3,000,000 records categorized according to their content. The index is regurarly updated and its best quality is guaranted by human verification. Kernun administrator may complement the index with their own records.
The index allows the administrator to limit web sites access according to their topic, e.g. deny access to pages containing violent or adult content. This can be set on a per-user basis, such as financial content allowed only to management while adult content denied for all users.
High Availability Option
This extension offers a guarantee, ensuring that the services will be available. This is possible because the product consists of two or more mutual back up hardware devices, a so-called hot stand-by cluster. It supports connections to more than one Internet provider and distribution of loads between them.
Managed services
It enables the customer to fully rely on qualified and guaranteed software maintenance services (repair and new version installations), as well as configuration modifications. Sophisticated Kernun technology eliminates problems caused by the human factor, which means, information absence along with professional knowledge of security issues.
Typical implementation
Typical implementation of Kernun Net Access technology is represented on the perimeter of the protected network as a gate between the Internet and the inner network. All connections to and from the Internet are authorized or prohibited in the central location. Kernun Net Access also serves as an antivirus and anti-spam gate, as a server for termination of VPN connections for clients working from home or while travelling and as a termination of VPN tunnels between branches. Public service network servers (DMZ) are usually placed on another network interface.