Security : Services : Front Door Firewall

Front Door Firewall - Monitored Maintenance - Intrusion Detection
Vulnerability Analysis - Virtual Private Networks - Usage Monitoring Systems

What is the FrontDoor Firewall?

The FrontDoor Firewall is a fully customizable stateful firewall, Network Address Translation, Transparent HTTP proxy, Intrusion Detection System and Virtual Private Network Gateway server. It is designed to be an all-inclusive Network Security solution for small to mid-size businesses.

Features:

The FrontDoor Firewall product differentiates itself from its every major competitor by being the only true customized solution. It was developed and tested over the course of two years to become a toolbox of network security features. This toolbox then allows us to build up a network defense system from scratch with a default deny all rule, therefore, we only open up the ports we use, instead of starting off with an initially open configuration and closing off ports that we do not use. Following the rule of Security through Obscurity, which states that a system’s popularity is directly proportional to its network security vulnerability, our system’s level of penetrability is next to 0%, since our system is customized down to the OS level for each installation.

FrontDoor’s hardware platform is an Intel-based tower style server with the following minimum specifications:

  • Pentium Pro 200MHz 256k cache Processor (enough processing power for 3.5Mbs sustained bandwidth ***faster processor configurations are available at added cost)
  • 64MB RAM
  • Hard Drive
  • (2) 3COM EtherLink PCI Network Interface Cards
  • 3 1/2" Floppy Drive (for emergency recovery)
  • Keyboard

After the server is loaded with the custom FreeBSD UNIX based Operating System and our custom security package, it is ready to fulfill its function of an Outside Perimeter Firewall. The FrontDoor Firewall boasts the following features:

  • Quadruple pass-through rule processing – any traffic going in/out of the firewall is evaluated four distinct times against four distinct rule sets, which allows a greater level of granular control within a network
  • Full stateful packet filter operation, including statefulness support for the ICMP and UDP protocols allows for a wider range of network cloaking options)
  • "Smart" NAT (Network Address Translation) – conditional bi-directional NAT adds yet another layer of security to the system by masquerading IP addresses
  • Transparent HTTP proxy – allows for specific control of web-based content available to your employees
  • Denial Of Service protection – custom code within the OS slows down the packet response rate to suspected hosts, therefore preventing the attack from causing link saturation
  • Digital Certificate based Secure Remote Management interface – allows for quicker response times and lower maintenance costs
  • Guaranteed 4 hour response times on "network-down" emergencies, maximum 4 hour response times on others (usually less than 15 minutes)
  • PROACTIVE bug/security hole patches – we constantly monitor the hacking underworld as well as official network security sources and therefore are able to quickly counteract new attacks through promptly deploying system hotfixes
  • Industry Standard IPSEC compliant VPN module – with encryption key strengths of up to 2048 bits, and support for the latest encryption algorithms, including Blowfish and Rjandel, cracking the code becomes a next to impssible task.
  • Roaming Dialup Client VPN capabilities – as log as the user has access to the internet, a secure VPN connection can be established with the main office.