Superior Firewall ProtectionThe Firewall Security Plugin is an integrated component of the InJoy Firewall, providing you an impressive range of features to monitor network activity, control access, and automatically block any type of potentially dangerous traffic.
10+ predefined Security Levels — all
fully customizable and with clear summary descriptions,
allow you to easily configure the protection you need.
WHAT IS PROTECTED?|
The InJoy Firewall is typically installed to the Internet-connected network card, protecting the private network(s) and also the computer it is installed on. If you have several insecure network cards, multiple (separate) instances of InJoy Firewall can be installed.
InJoy Firewall Protection - Executive OverviewBelow are just a few of the reasons why you should download and use the InJoy Firewall. Once you have enjoyed intuitive, manageable and complete firewall protection, we are confident you will not want to do without it.
- Complete "Deep Packet Inspection" Security
Provides unprecedented broad-scoped security and enables the network administrator to effortlessly eliminate (D)DoS attacks, trojans, worms, SYN floods, ICMP floods, port-scanning, e-borne viruses, executable e-mail attachments and many other threats. Learn more>>
- Protection "Out of the box"
Experience shows that many firewall users never make it beyond the default configuration, which is why the InJoy Firewall — by default — ships with comprehensive firewall protection and logging.
- Unified end-point security
Multi-platform support ensures a universal defense and allows the same level of end-point security to be deployed throughout the organization.
- Open and customizable
The default 'Security Levels' and 'System Rules' are defined in a hierarchy of text-files, allowing you to easily construct organization-optimized Security Levels or modify existing levels. The resulting Security Levels are easily distributed to clients or deployed on remote computers.
- Powerful visualization and reporting
A wealth of pre-configured easy-to-understand monitoring features provide administrators with new visibility into previously unknown activity taking place on the Internet servers. Learn more>>
- Web filtering and URL monitoring
Control and monitor employees' use of the web and eliminate lost productivity. With built-in HTTP address monitoring and filtering it is easy to enforce the company's acceptable use policy.
- Handy security enforcement tools
Manual blacklisting allows you to instantly block a suspicious host from the GUI, without cluttering your overall security policy. Built-in IP packet tracing capability from the desktop folder provides you an always convenient method of analyzing new threats.
The InJoy Firewall default configuration provides a good starting point for securing most networks and it represents a good balance between security, functionality and network performance. Ready-for-business sample configurations for every aspect of firewall security and comprehensive documentation ensure rapid deployment.
10 Powerful Defense MeasuresThe InJoy Firewall provides a multi-leveled and multi-faceted approach to securing Internet connections. By submitting all Internet traffic to multiple layers and by checking special traffic with a number of specialized features, the overall threat detection becomes more effective. Here's how:
- Multi-layered enterprise-class security combines proven
technologies, including stateful inspection and static signatures,
with dynamic next-generation intrusion protection, behavioral rules
technology, dynamic blacklisting, virus checking and much more...
- A fine-mesh detection net
The default security levels provide static signatures and dynamic rules to pick up on any first signs of hacking/intrusion/abnormality, such as:
- Policy violations
- Unexpected or dangerous use of network protocols
- Any known attacks and exploits
- Any type of port-scanning
- Failed network access
- Login failure with common services
- Failed 'Remote GUI' login attempts
- Floods - DOS attacks
- Excessive amounts of dropped packets
- Malicious HTTP URL requests
- Uncommonly big packets
Dynamic (and also manual) blacklisting rules completely block access for a remote host after confirmed security violations — either permanently or for a defined period.
- The observation list
The observation list maintains a list of dynamically created rules, which uses an offense hit-count to holistically and reliably detect subtle threats — without false positives. For example, if your Internet server is pinged, a dynamic observation rule might be created to ensure that your server isn't ping-flooded by the remote user.
- Dynamic rules
Dynamic rules provide a new level of protection, as they allow the security policy to intelligently adapt. Static rules can dynamically change behaviour when matched or trigger the creation of completely new rules. A new rule can continue to monitor questionable activity for a particular user, now bearing with it a small history.
Dynamic rules also offer unprecedented support for constructing dynamic access policies. For example, you could use a dynamic rule to allow access to a particular network service, only after a special other network service is first used. The possibilities are endless.
- Protocol validation
Inspects whether traffic adheres to the expected use of the protocol, minimizing the risk of buffer overflows in standard network services, such as HTTP and SMTP.
- Application-level vulnerability protection
Prevents damaging and long URL requests from reaching your web server, thus minimizing the risk of application vulnerabilities being exploited.
- Server based E-mail protection
The SMTP e-mail proxy prevents all e-mail borne executable viruses, trojans and worms from reaching the internal computers. You can either rename the executables, deny them or simply log them. The SMTP proxy also provides relay control and optionally blocks gigantic e-mails.
- Packet integrity checking
All packets traversing the InJoy Firewall have their integrity checked to guard the operating system from malformed packet exploits and fragmentation vulnerabilities. All dropped packet are logged.
- Network Address Translation
NAT is a standard feature for Internet sharing that also increases security by hiding internal IP addresses. With NAT, all outbound traffic appear to originate from the firewall's external network IP address.
DYNAMIC RULES - A SIMPLE EXAMPLE:
To further monitor the activity of the offending user, the static rule can create a new dynamic rule and check if the remote user might fail to login with FTP yet again. If a second FTP login failure is observed from the same user, the first dynamic rule can create yet another dynamic rule to blacklist the remote user for a period of time.
Predefined LoggingThe InJoy Firewall is pre-configured to maintain a variety of detailed logs. Logging provides a record of (questionable) activity over time and allows the network administrator to detect configuration problems, construct new firewall rules, carry out investigations, and perform other useful security tasks. All pre-configured log files can be monitored in real time from the Firewall GUI.
- Security Alerts
This is the most important log for the Firewall administrator. It includes a description of the security alerts and their severity.
When extra information is available, the log record can be clicked to present a full description, a formatted trace of the offending packet and also a hex dump.
- Rejected Connections
Any TCP connection not accepted by the InJoy Firewall is logged to this file, with time stamp, direction, IP numbers, and port numbers.
- Connection Log
Any incoming and outgoing TCP connection is logged to this file. The log includes a record for both TCP connection initiation and termination.
- Dropped Packets
To increase the product transparency, any packet dropped by the InJoy Firewall is logged to this file. Each log file entry lists the cause of the rejection and even the name of the firewall rule, in case the packet was rejected by policy. Dropped packets can be clicked to show the actual packet.
- Blacklisting Log
Monitors the list of hosts which have been blacklisted (blocked) after violating the Firewall rules. The cause of the blacklisting is also logged.
- HTTP Request Log
Monitors the HTTP requests which have passed through the InJoy Firewall.
The InJoy Firewall keeps its logs in plain text format, allowing them to be opened or searched using any tool which is capable of operating on plain text files.
Logging can be defined for any rule, providing the administrator complete control over the logging files created, their location, their maximum size and their content.