Innominate mGuard smart/533 w/VPN-10 BD-101020 User Manual

unbeknownst to the user. Here, anti-virus software is

only of limited use, as it can only be as secure as the

operating system. The security holes in Windows –

the operating system most often used in offices – are

well documented. Against such security gaps, even

the best anti-virus software is powerless. Aside from

this, several systems used in office environments,

such as SAP/R3 servers, do not allow the installation

of additional software.

The mGuard solution unites the advantages of hard-

ware and software-based security concepts in a single

component. All the security functions are integrated

into the self-contained, fully independent mGuard

platform. For this reason, it is not necessary to re-

configure the computer system being protected, nor

do drivers or additional software need to be installed.

Innominate’s mGuard “device attached security” sys-

tems take advantage of a special function – the

Stealth Mode. This allows the systems to perform

absolutely transparent, as they do not require their

own IP addresses. Instead, mGuard uses the same IP

as the computer it is protecting and therefore cannot

be recognized by invaders, making the system un-

assailable to attack.

The basis of the integrated security solution is the

embedded Linux running on a network processor

with XScale core by Intel (IXP 42x), with up to 533

MHz processor capacity, 64 Mbytes of SDRAM wor-

king memory and 16 Mbytes of Flash memory. The

processor features hardware-based DES, 3DES and

AES encryption. This guarantees maximum data

throughput for firewall (up to 99 Mbit/s) and VPN (up

to 70 Mbit/s).

Conventional security concepts, whether hardware or

software-based, always require a complex imple-

mentation procedure, including modifications to the

system’s configuration. In many areas, however, sys-

tems cannot be easily modified. In industry environ-

ments, for example, strict security provisions apply

for production systems. In the medical technology

sector, validation processes are required by law. And

every system modification is a costly investment in

terms of manpower.

Moreover, there are several environments which rely

on older processor technologies or which utilize pro-

prietary platforms. In order to implement additional

security measures, these technologies usually do not

offer enough performance – or drivers and software

support are not available.

Generally, conventional gateway appliances protect

entire networks or network segments with a uniform

security standard – and only against attack from “out-

side”. However, a critical company server or the lap-

top of a managing director both require security le-

vels that are much higher. What’s more: different

systems call for various levels of security. With conven-

tional gateways, this is virtually impossible to carry out.

Added to these dangers are those which arise from

“inside”. From laptops, data media or private e-mail

accounts, for example, “malicious codes” are often

introduced to company networks and disseminated,

mGuard, the “device attached securi-

ty” solution from Innominate, unites

all functions to reliably protect IP con-

nections:

■

VPN (optional) for secure data

transmission via public networks

(hardware-based DES, 3DES and

AES encryption, IPsec protocol).

■

Configurable firewall – protects

the system from unauthorized

access from “outside”. The State-

ful Inspection Firewall filters data

packets based on the originating

and target address, blocking

undesired data traffic – also from

“inside”.

■

User firewall regulates access to

internal or external resources via

user login to the mGuard and cen-

tral RADIUS server.

■

Integrated anti-virus protection

(optional) supporting the HTTP,

FTP, SMTP and POP3 protocols.

Anti-virus protection takes place

outside of the system – assuring

increased security for the applica-

tions and high performance for the

secured system.