KERBER - Complex Security Solutions

KERBER is a modular software product aimed to secure company networks from various types of attacks whether originating on the Internet or inside the network. The whole solution is based on the Linux operating system. It has a graphic interface that enables a network administrator to set complex functionality for the required security. Knowledge of command line syntax is not required.

Modules:

SAS - Secure Antispam Solution

This product has been developed by SOMI Systems a.s. (plc.) on freely available open-source platforms. It has been on the market for several years and during this time has been successfully implemented by numerous companies. Through its integration into the system KERBER, it gained the SAS graphical interface, through which it is possible to configure all functions such as settings for incoming and outgoing electronic mail, turning on filters for mail analysis and management. SAS takes into account requirements for a flexible, highly efficient, and easily scalable and manageable product used for complex security against unwanted electronic mail. It is a solution that eliminates problems with SPAM and its removal to the lowest (possible) level.

ClamAV

An important part of KERBER is an antivirus software, developed by a community of antivirus specialists, called ClamAV. One of the main functionality of the software is its integration with mail servers (antivirus scan of email attachments). It consists of a number of modules. In addition to providing an antivirus protection, they are also used to automatically update antivirus databases and as a protection against phishing.


HTTP Filter

The KERBER solution consists of a transparent and configurable proxy server. It is optimised for needs of small, middle-sized and also large companies. It provides protection against malware. HTTP Filter also contains a redirector. The system administrator can use it to set up rules for users browsing the web. The criteria includes time, target domain or IP address of the source. Another part of the KERBER‘s wide scale of tools are pre-configured and content-rich target blacklists for various areas such as porn, jobsearch, chat etc. An integral part of the system is the Content Filter (filtering based on using certain keywords). All data is logged, so that it is possible to get an instant idea of where and when a certain user accessed the Internet, as well as how much data has been transferred.

VPN – private networks

The VPN tunnel is also included. It is multifunctional and is not tied by any patents. The code is open-source, and therefore it is increasingly popular at the present time. The best target group for using the VPN tunnel functions are so-called „road warriors“ i.e. travelling sales agents, who need a secure access to the company infrastructure from any place in the world. It is obvious that the communication is encrypted using the most modern encryption techniques. The graphical interface provides fully functional configuration of client certificates and keys with their simple export to the end user. Supported operating systems for client terminals include Windows, Linux and Mac OS X.

Network security

Status firewall – a system administrator can use it to manage network communication or access to the Internet. It enables either access to the network services or activates security protection. The firewall holds its position as a control point that dictates rules for communication between networks. It is fully graphically configurable. It entirely fulfils the strictest current requirements regarding security, while at the same time, maintaining the flexibility and performance of the network.

IDS (Intrusion Detection System) – i.e. technology that detects unauthorised or suspicious activity in the computer system or the network. IDS module protects against network attacks on unsecured services, attacks on applications, unauthorised access, access to sensitive data and against malware (viruses, trojan horses and worms). IDS provides a system administrator with real-time information that can be used to prevent a possible intrusion into the company network.

P2P – one of KERBER‘s functions is successful blocking of peer-to-peer communication that is based on file sharing between Internet users. Because this type of communication is mainly used to share music and video files of substantial size, by using P2P it is possible to cut down the Internet traffic by more than 50%.

DHCP (Dynamic Host Control Protocol) – using DHCP Protocol is a very useful way to prevent IP address conflicts and simplifies configuration of client equipments. DHCP is used to set a dynamic IP address, network mask, IP addresses of DNS servers and a gateway. A computer contacts DHCP server and requests necessary information. DHCP server allocates addresses within the range of addresses by picking from it or putting back into it. There is an option that DHCP server can allocate IP addresses based on physical MAC addresses of network cards.

Bandwidth Monitoring – this module is mainly used in case it is necessary to go around proxy server filters and monitor Internet line usage. It provides monitoring of bandwith usage per user accessing the Internet. Based on this information a sytem administrator can pro-actively manage data flows and Internet access.