Server-Based Firewalls

Server-Based Firewalls run on a dedicated computer, using a standard operating system and commercially popular hardware. Server-based firewalls which are supported by SecurityAppraisers® can be adapted to accommodate a wide range of unforeseen needs that might arise for an enterprise. SecurityAppraisers® installs and maintains the following Server-Based Firewalls:

Astaro website

Astaro Security Linux "stateful-inspection" Firewall. Not only does this product prevent unsolicited network entry to the corporate network by computer criminals, but Astaro's Firewall:

is network compatible with Microsoft, Apple, Novell -- any platforms supporting popular Internet network standards such as TCP and HTTP;
stays competitively priced as your business requirements increase [Your firewalling costs using Astaro tend to increase linearly, not exponentially:
- by adding network cards and changing the license, in most cases Astaro's firewall can immediately adapt to handling more network segments, whereas most appliance firewalls require a complete replacement; and
- many other Server-Based Firewalls become exorbitantly priced when reconfigured for the multiple network interfaces that a business might become obligated to support as its business grows];
is flexible and can be adapted to specific needs a customer might have [Examples: rules can be automatically adjusted according to time of day, or patterns of network traffic, etc. -- anything that can be specified on a 'hardened' Linux platform (the configuration of firewalls to react according to the dictates of an abstract algorithm -- as opposed to simple, well-defined rules -- is called Adaptive Firewalling)];
can accommodate secure and private remote access to your corporate network and computers (using VPN technology) from your home, branch office, or anywhere an Internet connection can be made; and
runs on a dedicated Linux operating system, secured by Astaro Corporation, and Astaro will offer support on qualified hardware configurations to insure the proper functioning of both.

SecurityAppraisers® has been "ACE" certified by Astaro Corporation to install and configure their firewall products.

While SecurityAppraisers® strives to deliver cost-effective security products and services, we do not just "install boxes". We have the technical qualifications to do complex troubleshooting and adaptation, and we stand behind the work we are contracted to do. Examples of some of the adaptations of Astaro we have done for our customers are:

multiple interface, multiple gateway support: If you are an enterprise shop with multiple networks needing departmental firewalling, this can be of great assistance (posted at astaro.org for the benefit of all Astaro customers).
dead gateway detection: If you are an enterprise business using multiple ISPs to insure continuous Internet connectivity, SecurityAppraisers® has developed an integrated software extension package which will dynamically arrange for a switchover should the connection to one of your ISPs fail.
multiple interface DHCP configuration: An ability to define multiple interface DHCP subnets through Astaro's standard administrative browser interface.
secure dialup support: Should the firewall become accidentally misconfigured and thus disabling all network access and remote network support, support staff of SecurityAppraisers® can still remotely access the firewall on short notice over a dialup connection and get it back online. This extended capability furnished by SecurityAppraisers® is off by default for reasons of security, and can easily be turned on by a staffperson with physical access to the firewall server.

If you can clearly define what it is you need, SecurityAppraisers® can get the job done.

"I see that this firewall uses Linux. So it 'won't work' with Windows or Apple OS/X machines we might be using, right?"

To the contrary, it does. What makes the computers of the Internet work together, in spite of their sometimes radically differing designs, is adherence to network standards. It's why somebody on an Apple OS/X computer can send Email to a Windows user. All the network standards used by the most popular Internet applications-browser, Email, etc. are used by Linux. Much of Linux's present-day networking capabilities were designed from the ground up to do firewalling.

"We already have Intel-based server hardware. Can we use the firewall software with it?"

The hardware would have to be dedicated to running just the firewall software. It will need to be under warranty or a service contract (that is, its manufacturer, or support personnel authorized by the manufacturer, are contracted to make hardware repairs) so that defects due to wear or damage will be quickly remedied. In the case of the Astaro product, it should be demonstrated that the hardware has been field tested to support Linux (for example, Dell is a manufacturer which furnishes machines that have been qualified for Linux). Also, both products require sufficient memory, disk capacity, processor speed, and need two network cards. If the hardware in question needs any of these components upgraded, and they can be added by qualified personnel (and adding them does not void the support contract for the machine), then the hardware furnished by your company should be able to run these firewall products.

"Is a Firewall all I need to implement computer security?"

No. A Firewall alone does not constitute a complete computer security program; it is a vital cornerstone of a security plan, which should also include Content Inspection, Proactive Security Monitoring, Software Security Updates and Security Policy Enforcement, Security Tokens, Virus Scanning, and Secure Network Protocols. Confer with the other sections of this web site to learn about these security techniques.

"I read that some Firewalls listed here previously had a security problem (which has since been fixed). Why should I even consider using any that had these problems?"

Generally, the more popular a Firewall is, the more likely hackers will exploit it. Consequently, vulnerabilities found in a Firewall product, and subsequently fixed, do not necessarily indicate the level of security that the Firewall currently affords. Rather, an important consideration is the speed and consistency with which the Firewall manufacturer addresses these incidents as they occur. SecurityAppraisers® has assisted manufacturers in identifying holes in their products, and has implemented updates for their customers.