Linux Today: Linux News On Internet Time.

Astaro Appliances Take the Sting out of Security

Mar 11, 2009, 20:33 (0 Talkback[s])

"This is rounded out using a small number of commercial applications and software developed in-house by Astaro. Plug in an Astaro box and you're actually using the open-source netfilter/iptables framework for firewall protection, the de-facto standard open-source Snort intrusion protection and detection system, and StrongSWAN (IPSec) OpenVPN (SSL) and PopTop (PPTP) open-source VPN servers.

"But what's clever about the Astaro Security Gateway is that all of the underlying applications - open-source and proprietary -- are effectively invisible to anyone managing it: Configuration for all applications is done using Astaro's easy-to-use GUI (either directly, or via configuration wizards.) For example, trying to configure Snort from the command line is not for the fainthearted, but using Astaro's interface it's possible to make the system (for example) notify the administrator or to drop packets if it detects port scans in a matter of seconds. Equally, you could set up the firewall to provide (some) protection from DDOS attacks by specifying that no machine on the network should have to process more than a set number of TCP SYN packets or receive more than a set number of ICMP pings every second just by pointing and clicking."

Complete Story

Related Stories: