SPHINX
The personal firewall SPHINX is a software firewall solution designed to protect single desktop and notebook PCs both in Local Area Networks (LAN) and Wide Area Networks (WAN). With this all-new protection tool, Biodata offers a flexible combination of security mechanisms in insecure environments. Independent of location, SPHINX provides an efficient and second line of defense against external attacks. Security administrators can easily configure and operate SPHINX without changing the security policy implemented. While the PC is running, administrators are able to dynamically change security settings. The central administration station is periodically informed of state and existence.
Shielding the operating system and all applications against maalware delivered over internal or external networks, Biodata's SPHINX operates at the lowest level in the network stack. The firewall software uses a NDIS driver working below the Network Layer of the OSI (Open System Interconnection) Reference Model, thus permitting to filter and stop data packets, including Internet/Intranet (IP), Netware ( IPX) and NetBEUI (NetBios Enhanced Interface) packets. In this way, administrators can restrict data traffic to authorized transfer protocols like HTTP. These security features even withstand attacks directed at the operating system or the personal firewall itself.
1. Standard Version
Due to innovative, effective defense mechanisms, Biodata's SPHINX prevents attackers from intruding a network. Administrators can deploy full BIGfire+ functionality to a desktop PC equipped with the personal firewall. When working in their home offices, for instance, users simply connect their computer to a BIGfire+ firewall by ISDN (Integrated Services Digital Network) card, modem or network card. According to individual requirements, SPHINX is able to block services, even the complete data traffic. The personal firewall runs on the operating systems Windows NT / 98 / 2000. Customers can continue to use the tools they are familiar with. No add-ons for certain applications or additional services are needed.
Already in its basic version, SPHINX offers state-of-the-art security against hacker assaults. A common technique to enter networks is to indicate with an IP address that a certain message is coming from a trusted port (IP Spoofing). SPHINX features Anti-IP Spoofing that keeps intruders out. ICMP (Internet Control Message Protocol) Blocking stops Giant PINGs (Packet Internet Groper) and other utilities that determine whether a specific IP address is accessible. The SYN Flood Defender prevents system failures by request bombardment.
2. Virtual Private Networks:
Biodata's SPHINX can be upgraded to an even more powerful firewall system with VPN functionality. Virtual Private Networks permit users to securely communicate in a separate/remote network. SPHINX allows the creation of secure tunnel with a local or remote firewall BIGfire+. In this way remote users can effectively hide their identity taking advantage of already existing telecommunications infrastructures like the low-cost Internet while, at the same time, protecting the confidentiality and integrity of data. One-way VPNs can be also built, by allowing local PCs to remotely connect to sites, but denying remote systems access to local sites or vice versa.
With MAC Tunneling, SPHINX offers the possibility of tunneling complete MAC packets This allows users to completely exploit MAC authentication possibilities beyond the limits of networks and conserve tools of LAN authentication. The personal firewall SPHINX offers selective network encryption based on application or protocol which reduces the amount of data traffic. Furthermore, through triple-DES encryption and IKE mode of key exchange this approach permits communication with stations or servers not using SPHINX.
3. Remote Management, SNMP Functionality
The highest version of SPHINX provides remote and SNMP (Simple Network Management Protocol) management. By encrypting all of the data traffic in this version, SPHINX permits a detailed and non reversable logging of user activities. Administrators can choose whether activities will be logged and encrypted locally or on a central logging server. In addition to other higher level ways of authentication, Biodata's SPHINX can be operated by authentication based on network card addresses. If needed, this mode of authentication can also operate between stations of separate IP/IPX networks.
By taking into account the speed available on present PCs, SPHINX achieves maximum control without sensitive overhead to end users working on various workstations. This is an efficient solution for traffic shaping. There is no need for expensive firewall modules that monitor, analyze and allocate bandwidth to support network traffic. Bandwidth-requesting applications will no longer suffer delays due to flow concentration at the level of the blocking central firewall. Unlike network security probes, SPHINX provides a strong and customer-friendly control on data communication in various networks.
In network topologies with a central firewall in use, SPHINX distributes some controls from the corporate firewall level to the desktop level. In this way it is possible to minimize the bottleneck on the existing corporate firewall level. The personal firewall secures existing network investments and improves their efficiency by offering a back-up solution in case of firewall failure.
Corporate Users:
For corporate users Biodata offers a networked version where the firewall software is installed on every computer in the network. In Local Area Networks and Wide Area Networks, all of these computers are centrally managed from one single point in the company. The corporate-users version combines VPN and IPSEC functionality.
Remote Users:
The remote-users version is installed on laptops or machines of users who require access into the secure corporate network via a secure link. In Local Area Networks and Wide Area Networks, this version is centrally managed by the administration in the organization. The remote-users version also features VPN and IPSEC functionality.
Home Users:
The home-users version secures individual systems when logging on to the Internet via modem or leased line in Wide Area Networks. It is managed by the individual user. This version can either be downloaded from the Biodata webpage or purchased off the shelf.
OEM:
The OEM version secures individual systems when logging on to the Internet via modem or leased line in Wide Area Networks and Local Area Networks. It is managed by the individual user and preinstalled on a new computer.
SPHINX provides in an efficient and secure manner wide-range security functions including:
Key Features
Encrypts data using triple-DES (128 bit) algorithm
Complies with ISDN signaling standards
Operates seamlessly between private and public networks
Biodata, 1335 Oxford St., Berkeley, CA 94709. Tel: 510-647-0540; Fax: (510) 540-1940.