Contact Us | Search



Thursday - March 11 2010
   InJoy Firewall™
Overview
Windows Firewall
OS/2 Firewall
Linux Firewall

Product Information
Administration
Superior Protection
Access Management
Traffic Shaping
IPSec VPN Support
NAT Gateway
Broadband Support
Technology Brief

License Types
Purchase
Download Area
Stay Informed

Sign up for company
and product news.
More

InJoy Firewall - Deep Packet Inspection

Deep Packet Inspection

The InJoy Firewall™ utilizes next-generation IDS technology to deliver enterprise-class Deep Packet Inspection, Application Layer vulnerability protection, and intelligent Intrusion Prevention. In addition, it provides an impressive range of features to monitor network activity, control access, and automatically block any type of potentially dangerous traffic.

InJoy Firewall - Deep Packet Inspection InJoy Firewall™ protects you through cutting-edge Deep Packet Inspection and proven Stateful Inspection technology. Its unparalleled network monitoring transforms you into an INSTANT SECURITY PROFESSIONAL.

InJoy Firewall - Deep Packet Inspection


WHAT IS DEEP PACKET PROECTION?
Deep packet inspection is a technology where traffic is analyzed not just in isolation, but in the packet streams that make up the individual application sessions. By analyzing both state and protocol compliance, deep packet inspection can spot odd behavior that might signal a brand-new attack. Further, with deep packet inspection firewalls, any threat is usually followed up with some kind of dynamic response to block the attack.

Multilayered Deep Packet Inspection

The InJoy Firewall™ provides a multi-leveled and multi-faceted approach to securing Internet connections. By submitting all Internet traffic to multiple layers and by checking special traffic with a number of specialized features, the overall threat detection becomes more effective. Here's how:

  1. Multi-layered, Deep Packet Inspection combines proven technologies, including Static Signatures and Stateful Inspection, with dynamic next-generation intrusion protection, behavioral rules technology, dynamic blacklisting, virus checking and much more...

  2. A fine-mesh detection net
    The default security levels provide static signatures and dynamic rules to pick up on any first signs of hacking/intrusion/abnormality, such as:

    • Policy violations
    • Unexpected or dangerous use of network protocols
    • Any known attacks and exploits
    • Any type of port-scanning
    • Failed network access
    • Login failure with common services
    • Failed 'Remote GUI' login attempts
    • Floods - DOS attacks
    • Excessive amounts of dropped packets
    • Malicious HTTP URL requests
    • Uncommonly big packets
    • More...

  3. Blacklisting
    Dynamic (and also manual) blacklisting rules completely block access for a remote host after confirmed security violations — either permanently or for a defined period.

  4. The observation list
    The observation list maintains a list of dynamically created rules, which uses an offense hit-count to holistically and reliably detect subtle threats — without false positives. For example, if your Internet server is pinged, a dynamic observation rule might be created to ensure that your server isn't ping-flooded by the remote user.

  5. Dynamic rules
    Dynamic rules provide a new level of protection, as they allow the security policy to intelligently adapt. Static rules can dynamically change behaviour when matched or trigger the creation of completely new rules. A new rule can continue to monitor questionable activity for a particular user, now bearing with it a small history.

    Dynamic rules also offer unprecedented support for constructing dynamic access policies. For example, you could use a dynamic rule to allow access to a particular network service, only after a special other network service is first used. The possibilities are endless.

  6. Protocol validation
    Inspects whether traffic adheres to the expected use of the protocol, minimizing the risk of buffer overflows in standard network services, such as HTTP and SMTP.

  7. Application-level vulnerability protection
    Prevents damaging and long URL requests from reaching your web server, thus minimizing the risk of application vulnerabilities being exploited.

  8. Server based E-mail protection
    The SMTP e-mail proxy prevents all e-mail borne executable viruses, trojans and worms from reaching the internal computers. You can either rename the executables, deny them or simply log them. The SMTP proxy also provides relay control and optionally blocks gigantic e-mails.

  9. Packet integrity checking
    All packets traversing the InJoy Firewall™ have their integrity checked to guard the operating system from malformed packet exploits and fragmentation vulnerabilities. All dropped packet are logged.

  10. Network Address Translation
    NAT is a standard feature for Internet sharing that also increases security by hiding internal IP addresses. With NAT, all outbound traffic appear to originate from the firewall's external network IP address.

  Firewall Demos
  Screenshot Tour
  Online Documentation
  Buy Now


Security Features:

  • Multi-layered
  • Deep Packet Inspection
  • Complete port stealthing
  • Stateful Inspection
  • SMTP Server protection
  • Protocol-level protection
  • Intrusion Detection (IDS)
  • (D)DOS protection
  • Fine-mesh System Rules
  • E-borne virus/worm/trojans
  • spyware/exploits/backdoors
  • Lures and hacker traps
  • Port Scanning log/blacklist
  • Packet integrity checking
  • Out-of-bounds checking
  • Invalid/big URL protection
  • NAT protection
  • Dynamic blacklisting
  • SYN flood protection
  • ICMP flood protection
  • Big packet blocking
  • More...

    • Home   |    Company   |    Technology   |    Products   |    Support   |    News
    The InJoy Firewall™, InJoy Dialer™, FX IPSec Toolkit™,
    and the IPAPI Packet Intercepting/NDIS Toolkit™ are registered trademarks of F/X Communications.
    Copyright © 1996-2007 F/X Communications. All Rights Reserved.