The ALF firewall system

The ALF firewall system is the tool of the strong yet user-friendly network perimeter defense. Its features were planned and developed to offer possibly the most comprehensive defense for the most frequently used services of the network against the attackers. It can be equally used for the effective defense of clients and servers. The defense modules of ALF can be very finely tuned. To picture the intense tunability of the system, let’s see an example that occurs in practice.

The system gives the opportunity, for example, for the safety manager of the company to prohibit all unauthenticated and unauthorized users browsing certain websites during working hours in the network perimeter defense regulations, or to limit it for only a part of the company’s bandwidth. That way, during the critical period the useful network communication of the company will operate smoothly and the flow of unnecessary traffic can be pushed to the background. In case someone tries to download illegal content through the line of the company, the user can be identified and the activity can be suspended. If necessary, it is possible to specify which user can browse which sites in a certain time period. This example demonstrates the possibilities of the system, but there are many more options – the possibilities are almost limitless.

The flexibility of the ALF system makes it possible for the administrators of the system to make almost arbitrary filtering for the sake of security and usability. With the system’s finely customizable statistics, the administrators can get continuous information about the operation and the parameters of the system.

The most important properties of the ALF firewall system:

  • Modular application level firewall system
  • Supporting (mixed) heterogeneous and homogeneous networks (Windows, Unix based systems)
  • Versatile authentication subsystem (CryptoCard, password, SKey)
  • Logging the traffic, creating statistics
  • Protocol-filtering modules that can be fine tuned
  • Support for high availability (HA)
  • Run-time packet-filter tuning
  • Support for the most frequently used protocols
    • proxy: http, ftp, pop3, telnet, ldap, time-stamp, ocsp, session manager
    • natív: smtp, ntp, domain, ssl
    • autentikációs: client auth, ck
  • Support for unknown TCP protocols
  • Clear, easy to learn configuration language
  • On-the-fly configuration

The principles of the system’s operation

ALF is a modular, transparent application level firewall that can be finely tuned. What does that exactly mean? Application level firewalls are capable of complete analysis of the traffic between the client and the server, rendering the transfer of potentially harmful communication to the client or to the server very difficult. We tune the settings of the system depending on whether we are protecting servers or clients. In the case of protecting a server, the rules are stricter, that way decreasing the possibility of an attack. In the case of their protection our principle is that the firewall should rather refuse some irregular but non-intrusive requests, than allow in a single harmful. In the case of protecting clients we paid attention to the fact that users wouldn’t feel the operation caused by the exaggerated protection as an annoyance. It’s a well known fact that security and convenience are normally inversely proportional, therefore in case of protecting clients the firewall can be tuned in such a way that the protection of the system wouldn’t be impaired, but the users are able to use the network efficiently.

fw_layers.hu

The system is capable of analysing network traffic in its whole depth. Due to its modular architecture, it is even capable of analysing traffic embedded into another protocol. It means that if a protected web server is reachable through an encrypted (https) connection, then one of the system modules is capable of removing this encryption layer, thus decrypting the content for the web protocol analysis module, thus it is capable of the comprehensive analysis of the network traffic.

alf_inside.hu

The ALF system consists of independent, separate modules, that were developed to perfectly complete their own (partial) task. These modules are separate entities not only logically, but physically as well. It is an improvement compared to other firewalls on the market in two aspects. On one hand, modules running on several processors or computers can co-operate, that way the system can ensure the protection of the network even in case of heavy load. The other – and even more important – advantage is that the modules are completely separated from each other, with this the system is taking the most important security principle to perfection: the separate functions and security levels are fully isolated (keep in mind that they may even run on different computers).

Transparency means that the system is completely transparent for both the clients and the servers, or maybe it’s more precise to say: invisible. The system achieves it by directing both outbound and inbound connections to itself. If we incorporate an ALF firewall into the network, then the computers inside and outside the firewall don’t even have to know about it, there is no need of any modifying any configurations at all.

Ewe also provide training about the knowledge required for the operation of the ALF firewall, and at the end an ALF Expert exam can be taken. If interested in this possibility please contact us through the info@andrews.hu address.