CZ
Home > Technologies > Kernun Web Access
Kernun Web Access
Protect your web server while you still can. Attack detection is a good thing to have but timely prevention against attack is even more effective. It implements secure and authenticated access policy to your web by using the Kernun Web Access.
Kernun Web Access is a security oriented application designed to protect web servers. It is placed before the server and it detects hacker attacks before they can reach the server itself. It also offers visualisation of web visit frequencies and it also includes an optional module for load balancing – distribution of load.
Protection against DoS attacks
In addition to the communication comparison process with a set of samples of known data flows and its normalization, the system offers basic protection tools against Denial-of-Service (DoS) attacks. In this case, the attacker attempts to overload the server with a huge amount of requests, which seem to be legitimate. Kernun Web Access uses sophisticated algorithms to control the increase in the number of connections coming from each client and thus eliminate many of those DoS attacks.
Detailed records
Besides the security, Kernun Web Access offers a useful function, which meticulously records all communications between clients and the server. By utilizing the Kernun Reporter, the server administrator can get a clear overview of the visiting frequency in the server, characteristics and distribution of visitors and other statistical outputs. The interface of Kernun Reporter technology may be used for detailed analysis and data mining.
What are the advantages of Kernun Web Access?
- Secure Internet connection
- Attack detection and prevention
- Secure policy using authenticated access to web pages
- Strong cryptography
- Web operation control
Authentication and certificates
Kernun Web Access protects web servers from attacks performed by HTTP protocol, used for web pages and applications transfers. The technology detects known attack attempts, such as SQL injection and PHP injection attacks and others as well. Also, it normalizes communication between the web browser and server and filters out non-standard or otherwise incorrect requests.
Web servers that do not support encryption via the TLS protocol may also be protected by Kernun Web Access. The web server may still answer without encryption, but Kernun Web Access adds a secure encrypted envelope to the communication. Using Kernun Web Access, you can design and deploy authenticated access to some web pages on the protected server to a limited group of users (supported authentication methods include x.509 certificates, authentication tokens and plain passwords).
Standard components
Application proxies
A large amount of application proxies are used to analyze transferred data and to interpret its contents. They may not be confused with the http-cache proxy that is used as buffering memory only and not as safety measures. The application proxy offers a higher level of security than status control of IP datagrams, because it eliminates direct communication between communicating parties. It works as a middle element; it assembles new and guaranteed to be correct connection towards the client and server. The proxy understands application protocols. If not, then it will not allow such connection.
Stateful packet inspection
All communication is checked by packet inspection tool. Modern and advanced stateful packet engine offers remote OS detection, bandwidth management and DoS protection combined with high level of both throughput and security. Moreover, bi-directional address translation, traffic normalization and detail connection logs are available.
VPN server
Virtual Private Networks are absolutely necessary in many organizations. For example, they are necessary for travelling users, who must enter their system, or for partners who need access to business applications. They all require and need some method of transparent and secure channel.
Kernun Net Access is very flexible as far as the VPN setup is concerned. The supported protocols are Ipsec/IKE, PPTP, L2TP and OpenVPN; the last one is suitable for client connection to the network (client-network, point-to-multipoint), as well as for network interconnection (network-network, point-to-point). The possibilities are higher than possibilities of other protocols and at the same time it stays simple and open. A typical setup includes the utilization of X.509 certificates and modern coding/encoding methods to ensure authenticity, integrity and privacy.
IPS/IDS
Powerful IPS/IDS engine searches all network traffic for known attacks. The database of known attacks is regularly updated with new samples of attacks. In the IDS mode, each found attack is logged and alarm is triggered, while in the IPS mode, the connection with the attacker is immediately blocked.
Optional extensions
Antivirus
Proxy designed for file transfer such as http-, ftp-, smtp-, pop3, imap4-proxy can perform antivirus checks of the transferred data. Based on the configuration, some types of documents may be excluded from the inspection (for example, html or gif files) and based on the result produced by the antivirus programme, you may select a specific method of the document elimination, shredding, quarantine, replacement of the infected document by other document and so on. Kernun Net Access supports several antivirus systems and it is supplied with antivirus Dr. Web as a standard.
High Availability Option
This extension offers a guarantee, ensuring that the services will be available. This is possible because the product consists of two or more mutual back up hardware devices, a so-called hot stand-by cluster. It supports connections to more than one Internet provider and distribution of loads between them.
Managed services
It enables the customer to fully rely on qualified and guaranteed software maintenance services (repair and new version installations), as well as configuration modifications. Sophisticated Kernun technology eliminates problems caused by the human factor, which means, information absence along with professional knowledge of security issues.
Typical implementation
Kernun Web Access is placed in the hosting centre. The protected web server is not directly connected to the Internet, but instead, it communicates to the surrounding world through Kernun Web Access technology. That security device controls all of the web server communication, normalizes it, and enables stadard anonymous access to the web server as well as content management and administration to privileged users.