YES Secure CryptoWall

                                                          YES Secure CryptoWall features a modular design and is based on a three level security concept.

A YES Secure CryptoWall consists of a combination of YES Secure CryptoGuard VPN and YES Secure CryptoBastion. The YES Secure CryptoWall software is unlimited for the user quantity.

On the external side a packet filter firewall, called YES Secure CryptoGuard VPN is placed, which checks source and destination IP address, time and the port numbers of each single packet. Additionally the YES Secure CryptoGuard can encrypt and decrypt the data. The YES Secure CryptoGuard software is based on the COS operating system.

The central device is the YES Secure CryptoBastion as an application layer gateway. Up to level 7 of the OSI model each single packet can be checked, even on command level, if it is allowed or not according to the generated rules. The rules can be seen as a translation from the organizations security policy into the Security Management Station (SMS).

On the internal side a second YES Secure CryptoGuard VPN is placed. This YES Secure CryptoGuard has two functions. First it should protect the YES Secure CryptoBastion from the internal network (Statistics mention that 60 to 70% from the attacks come from the internal network). Secondly it offers encryption of the data passing the intranet. Further details of the YES Secure CryptoGuard systems can be found on the product description YES Secure CryptoGuard.

The entire data traffic to the Internet runs exclusively through this machine. Proxies establish only connections for defined services and protocols. By this, direct access to the systems from the outside is made impossible, and the structure of the internal network remains invisible to the outside. YES Secure CryptoBastion checks the access rights of every external user and works transparently after successful authentication. Its administration is performed centrally by a Security Management Station (SMS).

YES Secure CryptoBastion works as an application layer firewall up to level 7 of the OSI model. This means that each packet is controlled at proxy level. The services HTTP(S), ESMTP, FTP, TELNET, NNTP, RTSP, TCP, UDP, NET8 are checked by specific proxies. Each packet can be checked at command level, for example HTTP command put, get, post, delete, head and connect. For FTP even more than 20 commands can be allowed, logged or blocked.

These detailed control mechanism makes the YES Secure CryptoWall a high secure firewall.

The throughput of the YES Secure CryptoWall depends on the used hardware. Nowadays the YES Secure CryptoWall will be installed on the hardware platform defined by the customer. The throughput can be more than 300 Mbps.