Software Security Gateway is intended for providing a firewall and monitoring of information flows between interacting system applications and network segments processing information of different access level.

Security Gateway provides one or several distributed applications interaction protocol realization. In this case application components inside the network segment interact only with each other and with the gateway. Their transparent interaction through Security Gateway is not allowed (Security Gateway initiates and terminates all the intersegment interactions).

MAIN ADVANTAGES OF SOFTWARE SECURITY GATEWAY:

• Operation under Unix-like OS on a secure platform (IBM compatible PC with 2 or more network interfaces)
• Security mechanisms realization depending on interfaced networks and applications interaction layout and their security policy in part of internet interaction
• Security administrator notification about occurrences connected with unauthorized access attempts and registration of requests for data exchange between interfaced network segments on distributed applications interaction protocols
• Compliance with management directives requirements

VARIANTS OF SECURITY GATEWAY USE AS PART OF LAN INFORMATION SECURITY SUBSYSTEM (ACS):

• At the border of network segments interaction
• For data protection and control at the border of e-mail systems infrastructure interaction for provision of interaction between remote objects of a single system
• Different combinations of base variants

FUNCTIONAL CAPABILITIES:

Discretionary policy at network and application levels:

• Independent packets filtering at network level;
• Identification of access subjects to application services by address or name;
• Semantic identification of formats of data contained in transferred messages;
• Authentification (authenticity check) of requests of access to application services using the temporary password;
• Application level protocols filtering on values of application addresses of a sender and a recipient, on management commands code, on type (code) of data transferred on application protocol messages;
• Application level addresses translation, allowing to hide address space architecture of a secure network from the “outer world";
• Intermediate processing of messages of distributed applications in part of generation of proxy messages, transfer of proxy messages into interfaced network segment in accordance with preset application addresses.

Mandatory policy at network and application levels:

• Access control in accordance with established confidentiality marks;
• Application protocols messages filtering in accordance with established confidentiality marks of transferred information.

Registration at network and application levels:

• At network level registration of packets not compliant with discretionary and mandatory filtering policies and users (application processes) notification (signaling) about unauthorized access attempts are carried out;
• At application level registration of users access to application service, Registration of messages not compliant with discretionary and mandatory access management policies and notification (signaling) of users and applications about unauthorized access attempts are carried out.

SOFTWARE MEDIUM INTEGRITY MONITORING AND OPERATION RELIABILITY:

• Software and configuration data integrity monitoring at the moment of operation system start using checksums located in memory fields unavailable for unauthorized access;
• Rapid system restore in case of a fault by means of distribution copy of software and backup copy of configuration parameters generated after primary configuration completion;
• Use of hardware of proxy loading;
• Operation checkby means of routine testing and testing after faults management (manually or by means of special software), possibility of local and remote administration.