Firewall Technology BriefHardened Device Driver
The InJoy Firewall framework is built around InJoy's own hardened low-level device driver technology on each supported platform. This allows the InJoy Firewall to offer protection without exposing the Operating System to malicious traffic.
Similar to hardware firewalls, the InJoy Firewall framework is designed to deliver robust stand-alone operation, ensuring optimal performance, minimum heredity of third-party issues and perfect internal integration.
The InJoy Firewall does not rely on the host Operating System for any of the major features, including IPSec VPN Support, Firewall Security, DHCP Server support, PPPoE or PPTP. These features are implemented from the ground up using InJoy's own hardened codebase, in order to be as secure and flexible as possible for mission critical environments.
For maximum flexibility and remote administration capability, the InJoy Firewall solution separates the Firewall Server process from the desktop management application. The operating Firewall can be thought of as two components:
- Firewall Server
Text mode application, which provides the actual Firewall functionality, loads feature plugins and acts as a server for the Firewall GUI.
- Firewall GUI
Provides local and remote enterprise-grade management capability for remote Firewall Servers.
Because these two components operate independently, the InJoy Firewall Server can be remotely managed from any trusted system using the InJoy Firewall GUI-even across differing Operating System platforms.
The GUI connection uses shared memory for local operation and a compressed, AES encrypted TCP/IP connection for remote connections. Because the GUI is optional, it can be started and stopped on demand as the Firewall Server runs.
The InJoy Firewall relies on commonly available operating system technologies to deliver native performance and a common user interface on all supported OS platforms. Thunking layers are avoided for optimal performance and native user-interface controls are preferred over a less powerful Java implementation or a slow web interface.
The InJoy Firewall Server process is designed to protect individual network connections, thereby providing a single location for packet analysis and packet filtering. Multiple, autonomous instances of the InJoy Firewall can easily be installed in situations where multiple insecure network interfaces need protection.
The InJoy Firewall gives you the option to disable all traffic automatically during installation in case the Firewall Server process becomes inactive for any reason. This feature provides an extra layer of security for your internal network when unexpected hardware or software difficulties arise.
Many users will opt to configure the InJoy Firewall and its components using the Firewall GUI whenever possible. But administrators also have the option to manage the InJoy Firewall using plain-text configuration files resulting in the following advantages:
- Ease of distribution.
- Ease of preservation.
- Increased efficiency.