impossible for ideas to compete in the marketplace if no forum for
Dedicated Perimeter Protection Strategy
Contributed by Panda Software USA, Inc.
Latest data indicates that one in every 204 e-mail messages contains a virus, and that 99 percent of viruses enter companies via SMTP mail or HTTP web-browsing.
And its not just viruses that cause problems. In January 2003, the SQL Slammer worm hit thousands of servers around the world, exploiting a buffer overflow vulnerability and causing denial of services in SQL servers which resulted in losses estimated, according to Computer Economics, at 705 million euros.
Whatâ€™s more, employee productivity is being increasingly degraded not only due to the time they spend classifying and eliminating the large number of spam messages that reach their inboxes, but also due to the time they spend accessing inappropriate or unauthorized web content, which, if distributed, can damage the corporate image.
Due to the increasing sophistication of Internet-borne threats, Panda Software proposes a layered protection strategy in which the Internet gateway plays a vital role, as is the strategic network point used to send and receive e-mails, all type of content... and 99 percent of viruses.
Panda GateDefender is an appliance that combines high-performance hardware and software to provide maximum protection at the Internet gateway. It boosts and complements your corporate anti-malware protection on both servers and workstations, stopping viruses, spam, undesirable content and other Internet-borne threats.
Perimeter Protection Strategy
In recent years, the entry points used by computer viruses have varied greatly. Whereas before, floppy disks and other removable devices were the main source of infections, nowadays the Internet is unrivalled as a channel for infections.
Similarly, viruses that enter via the Internet are, statistically speaking, the fastest and most dangerous, often with multiple propagation and infection methods such as the so-called ‘blended threatsâ€™. This makes it essential that protection is installed in gateways as most viruses enter via e-mail or Internet downloads.
However, there are other entry points and propagation vectors in a corporate environment such as remote laptops or modem connections to the Internet, instant messaging, web mail or POP3 external mail accounts. And because of this multitude of threats and unmonitored entry points, companies continue to be attacked and many now rate security for Internet communication as a strategic priority.
According to Computer Economics, 99 percent of companies surveyed have some kind of antivirus protection installed. Even so, 76 percent admit having been infected by a virus in the last year and over 50 percent reported having suffered a massive virus attack.
The simple answer might seem to be that antiviruses are not offering adequate protection. The truth however is quite different. Although 99 percent of companies have some kind of antivirus protection, in most cases one of the following points apply.
Infections and Propagation Vectors
Layered Protection Strategy
Today, 100% security doesnâ€™t exist. However, Panda Software gets as close as possible by promoting a layered anti-malware protection strategy. By protecting all layers of the organization - inbound/outbound Internet connection (Router), web browsing (proxy server, web and database servers), e-mail gateways (SMTP), data storage (Internal database servers), internal messaging (Groupware and Collaboration), file servers and users (desktops and remote users)-, as well as all possible communication and information exchange protocols in all products, security levels begin to reach the longed-for 100 percent protection level.
In this way, for each layer of the organization, Panda offers a different product, optimized especially for each environment (Panda GateDefender for Internet connections, ExchangeSecure for mail servers, ClientShield for desktops, etc.).
As layers of protection are added, the effectiveness of antivirus protection and therefore investment in security is maximized. This layered security strategy makes it extremely difficult for a virus or other malware to enter the organization, thus reducing the risk of infection and propagation. The more layers of an organization that are protected, the nearer the organization will be to achieving 100% security, as antivirus efficiency is maximized.
The new Panda GateDefender is a high-performance, dedicated perimeter protection server, which combines hardware and software to provide maximum ease of management. It protects clients from the main Internet threats (viruses, worms, Trojans, spam and undesirable content) at the Internet gateway, preventing them from getting into corporate networks and spreading before they are detected by other security systems.
The integration of hardware and software allows this solution to offer optimum performance. As it is installed in the network perimeter, it protects the Internet gateway, reducing the risks and workload of the rest of the network computers and as it is a dedicated solution, it guarantees maximum performance in the tasks it is configured to carry out.
It offers gateway level protection designed to integrate simply in any network and without degrading corporate network performance or productivity, and without affecting other critical systems such as firewalls and application / web servers.
GateDefender is available in three models to adapt to the needs of small to large companies, with up to 40,000 workstations, adjusting scan capacity to the overall volume of network traffic.
It scans the six most widely used protocols (HTTP, FTP, SMTP, POP3, IMAP4 and NNTP).
High performance, transparent to users
Panda GateDefender takes over the workload of the traditional antiviruses in your network, both on workstations and servers, optimizing use of the network resources.
It guarantees excellent performance and
the highest scanning capability of its class. It can scan up to 300.000
The virus and spam signature file is
automatically updated every two hours and the scan engines, every twelve
Easy administration. 'Plug-in and forget'
Designed to integrate simply in any corporate network, with no need for reconfiguring network traffic.
GateDefender sends proactive information to administrators. It is managed safely and remotely through a simple intuitive web console.
GateDefender checks all e-mail entering the company using its anti -spam module. Messages are scanned and classified as either spam or not spam, blocking unsolicited mail before it reaches users' inboxes or modifying the subject of these messages.
This results in a significant reduction in the repercussions of spam on productivity.
The web filtering module allows
administrators to restrict Internet access. They can define undesirable
This allows administrators to control
corporate network resources and prevent offensive, sexual or violent web
List of VIP users can be establish, to whom this control will not be applied.
Prevents unknown viruses and computer worms from even entering corporate networks. This system reduces bandwidth consumption and allows for optimized resource use by heading off potential dangers before they reach the network.
Low cost of ownership
By preventing saturation of network resources and loss of productivity, along with its 'plug-in and forget' operation, result in low cost of ownership of Panda GateDefender.
GateDefender adapts perfectly to the needs of all small, medium and large companies - up to 40,000 workstations adjusting scan capacity to the overall volume of network traffic.
Its load balancing is completely automatic and native, allowing workload to be shared across multiple units. The result is increased scalability and improved antivirus performance.
Detailed reports and customizable alerts
GateDefender provides network traffic and antivirus protection activity statistics. It also offers comprehensive virus, spam and content filtering reports, as well as customizable alerts and notifications.
Nowadays, there is no such thing as total protection. However, Panda Software strives to get as close as possible by using a layered protection strategy, which involves installing a different product in each layer, optimized especially for each environment (Panda GateDefender for Internet connections, ExchangeSecure for mail servers, ClientShield for desktops, etc.).
Panda GateDefender represents an extra layer of defense for the corporate environment, as it prevents worms, viruses and Trojans from even entering the network, perfectly complementing the role of other types of protection installed.
The antivirus in a workstation prevents the action of a virus that has entered the corporate environment, via a laptop with a modem, external storage drives, web mail, external POP3 accounts or instant messaging.
Gateway antivirus solutions installed in network servers protect the servers and prevent that malware detection systems in workstations degrade corporate productivity.
Panda GateDefender blocks viruses, spam and undesirable content entering or leaving via the Internet and filters traffic that uses the six most widely used protocols, as well as stopping attacks like SQL Slammer or other vulnerability exploits that go unchecked by traditional antiviruses. By doing this it increase protection and free up the rest of the computer so that they can dedicate 100 percent of their resources to the corresponding functions. As it is an integrated protection system, both the hardware and software settings are designed for optimum performance, minimizing its impact on the network.
However, if protection is not installed in the rest of the network layers and a virus slipped in through a laptop computer, for example, Panda GateDefender would only stop the virus from leaving the network, preventing the effect that sending a virus to clients or suppliers can have on corporate image, but the network would be infected. Workstations and servers would fail and the network administrator would have to dedicate a lot of time and resources on disinfecting the computers, restoring backup copies and managing incidents, etc.
Likewise, a company that only has antivirus protection in workstations and file and mail servers could still be exposed to virus epidemics like LoveLetter, Klez, Nimda and SQL Slammer, that can crash servers, cause denial of services or simply cause administrators to shut down systems to prevent a potential massive infection.
Panda GateDefender is also a complement to the role of the firewall antivirus , as it allows for improved performance and prevents vulnerability exploits that traditional antiviruses for firewalls canâ€™t detect. Panda GateDefender is a server dedicated to and optimized for anti-malware, anti-spam and web filtering, while a firewall is a dedicated access control server. This separation of roles should be fundamental for the companyâ€™s main servers.
So there is a clear need to strive for 100% security with a layered protection strategy as provided by Panda Software. Each protection layer added increases exponentially the value of the solutions installed across the network. Long gone is the first generation of file infectors, boot viruses, etc. whose sole means of propagation were floppy disks. Since the first macro viruses appeared in 1995 to the first Internet viruses in 1999, these threats have constantly increased in quantity, sophistication and damage. Over the last few years, we have witnessed the appearance of fast-spreading worms that go one step ahead of conventional antivirus protection by using spam message to spread and often use e-mail as their only means of transmission. Whatâ€™s more, the use of new applications like P2P file sharing programs such as KaZaA or eMule or wireless connections opens a new means of propagation for threats.
Panda GateDefender is a device that is installed in the network perimeter to intercept and scan both inbound and outbound traffic, offering complete anti -malware protection.
Scanning of communication protocols
GateDefender intercepts and scan HTTP, FTP, SMTP, POP3, IMAP4 and NNTP traffic for malware. The administrator can enable or disable the scan of each of these protocols.
In order to intercept and filter traffic in each protocol, by default the system will use the standard ports:
Operating System and Interception Software
The software incorporated in GateDefender is based on the Hardened Linux operating system, reinforced and optimized to offer maximum security and high performance. The GateDefender operating system only includes the services and processes it needs to function correctly.
Panda GateDefender acts as a transparent bridge between the Internet and the corporat e network. This means that the traffic passes through transparently and the appliance intercepts the protocols it has been configured to scan.
The actions that can be taken when a virus, worm or Trojan is detected are:
Panda GateDefender complements the anti-malware scan with anti-spam protection to check the e-mail leaving the company, thereby reducing the repercussions of spam on productivity.
The anti-spam scan can be enabled for SMTP, POP3 and IMAP4. It will only apply the spam scan to inbound mail through each of these protocols.
To determine if a message is spam, it scans the message body and headers, in any format (text, html). After doing this, the system will determine the probability of the message being spam and classify it as 'Spam' or 'Not spam'.
The actions to take can be configured depending on how the message has been classified, spam or not spam, the user can choose from the options Flag the subject, Redirect the message to an e-mail address or Block the message.
In order to fine tune the analysis the anti -spam module has a learning function.
White lists and black lists of addresses can also be generated, so that depending on the senderâ€™s address of a message, it will be excluded from the scan or classified as spam.
The web filtering module allows network administrators to control corporate network resource use and prevent offensive, sexual or violent web content from entering the company, which can degrade the work environment and productivity as well as compromising corporate image if these are forwarded or reproduced by employees.
The module scans the URLs accessed through HTTP and blocks access to those that are configured as unauthorized, as well as let the administrator know which contents are accessing the users. The filtering criteria are based on predefi ned content categories and on white lists (permitted) and blacklists (unauthorized) defined by the administrator. GateDefender allows a list of VIP users to be created so that the web filtering criteria is not applied to certain users.
The anti-malware module incorporated in Panda GateDefender has the capacity to detect and eliminate other malicious or undesirable contents. These can be classified as:
As well as jokes, dialers and spyware, Panda GateDefender can also block attempts to exploit vulnerabilities that can affect different components of the organization.
Protection against Vulnerabilities
To prevent system failures in these cases and ensure continuous perimeter antivirus services, Panda GateDefender includes a partition control or auto-restore system. When GateDefender is started, a control partition is booted, which decides which work partition is going to use to execute the malware system. If the auto-restore system detects that the work partition fails, it will start the next established partition . It will also try to restore the damaged partition, in order to make it functional for later bootings.
The system partitions are updated with the latest software versions, in order to make restoring as least traumatic as possible.
Note: There are other perimeter solutions that promise high-availability using SCSI RAID disks. Panda Software believes that SCSI RAID disks are only necessary for storage servers that have to protect data and provide high-availability. However, SCSI RAID disks donâ€™t offer any benefits in devices that are not geared to storing data, such as Panda GateDefender or other appliances on the market. This is really just another marketing angle that does no more than add to the cost for the end-user and Panda Software would prefer to eliminate unnecessary costs. Panda GateDefender offers high-availability by using tools like WatchDog and Auto-restore System, as well as load balancing.
Panda GateDefender 8000 series incorporates a system monitoring circuit integrated in the motherboard, that avoids the systems getting blocked for a long period. The Watchdog system receives signals that assure that the system is working properly, and in the case that the signal is missing for a certain period the system will be completely restarted from the motherboard. This will prevent the network services form being inaccessible for an excessive period of time.
Thanks to this fault tolerance system, Panda GateDefender can recover automatically from service failures either in the applications or the operating system.
In addition to this “watchdog hardware” Panda GateDefender has a “watchdog software” that periodically monitors the state of all the processes being executed. If it detects that one of those is not working properly it will try to recover the process without having to completely restart the system. If the recovery of the process would not be possible, it completely restart the system from the watchdog hardware. This software fault tolerance system allows the recovery of processes without the need of a complete restart of GateDefender.
Load balancing allows the workload to be shared across multiple GateDefender units, providing improved performance and higher availability. No additional hardware or software is needed to implement load balancing across multiple GateDefender units and although it is highly advisable to use switches, these can also be connected through hubs.
One of the appliances will act as the master, with the rest acting as slaves. From the administration console, users can view all the appliances in the load balancing system and the mode each one is running in.
When several GateDefender units are installed in parallel, they will automatically negotiate the role or mode of functioning of each one and whenever a new appliance is incorporated, the modes of functioning will be re-negotiated.
The master appliance implements a load balancing algorithm and redirects connections to the different slave appliances in order to balance the system workload. The master appliance will also scan connections and let clean traffic through.
Slave appliances will not let traffic
through and will simply scan the connections redirected to them,
returning clean traffic to the master appliance.
Visit the Authors Web Site
Search Our Site
Search the ENTIRE Business
Forum site. Search includes the Business