Stanford University uses Linux-based Firewall by Astaro to secure research department
by Steve Schlesinger - Thursday, 16 January 2003.
Little says that the security device doesn't require much software maintenance. In fact, Astaro Security Linux runs as an application server on top of a hardened OS . He says, "Since a lot of security products run as an application on top of a general purpose OS, you'll have to manage the underlying OS, be it Windows or Sun Solaris. This means work."

On the other hand, Little adds Astaro Security Linux functions in a self-contained entity capable of automatically updating itself for changes, such as virus updates. "This was another key buying point," he says.

The security device is hard for an intruder to tamper with. A "chroot" or change route environment exists for every service the software offers, effectively sand boxing each service – providing untrusted code that limits the ability of the intruder to do risky things. Little says, "If one could possibly exploit one service, one couldn't possibly take over the entire system."

The security device also supports standard authentication mechanisms. Remote access to the security device uses SSH Remote access to the Web services uses SSL. The VPN workstation uses IPSEC with its secure authentication components, or PPTP, the Microsoft authentication components.

Little says by running the Astaro Security Linux on systems with multiple processors, one could deploy a security system throughout the entire campus.

In fact, Little says that the university is looking for a firewall solution for all of the departments. "Our solution might be modeled for the rest of the university," he says.

Steve Schlesinger is general manager at Astaro Corp. of Burlington, Mass. USA. He was most recently vice president, corporate development, at SoundBite Communications. He was previously at Workgroup Technology and at Easel Corp.


eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Dec 19th