| News | Articles | Exploits | Advisory |
Today's
HackTrack™ Firewall Box
Product stylesheet
PDF File HackTrackFWBox_Nov2009.pdf
HackTrack™ Firewall Box solution offers a complete and a high level of cyber-security that can be easily and quickly managed and configured throughout related web services. The firewall contents Intrusion Detection System (IDS) that can be automatically actualized online by the HackTrack™ Security.Net. Therefore, the HackTrack™ Firewall solution can react instantly and effectively to actual Internet threats, cyber-attacks and intrusions.
Should any security breach be encountered within the applications utilized by the HackTrack™ Firewall such as DNS, DHCP server, and antivirus, the intruder will not be able to take advantage of this attack since the Operation System is completely protected against Buffer, Stack, and Heap Overflows. HackTrack™ Firewall minimizes any possible cyber-threats by a careful implementation of its individual part and high standard of quality control. The HackTrack™ Firewall allows a partial Internet communication only.
HackTrack™ Firewall OS can run in two security modes:
Standard Security mode:
It is the prime setup of HackTrack™ Firewall security. The configuration disables an entire communication and the packet filter blocks a complete HackTrack™ Firewall operation. Starting configuration enables HTTP and SMTP protocols only. Only the administrator is allowed to change the HackTrack™ Firewall setup. However, the security agent will notify administrator in case that the given setup may jeopardize overall security.
High Security mode:
It is the highest setup of HackTrack™ Firewall security. However, should any intruder breach the HackTrack™ Firewall security and penetrate into the system, the attacker can not perform any system operations or modifications, neither infect the system. Should a server administrator change any HackTrack™ Firewall setup such as filters, antivirus, and proxy changes, the manual HackTrack™ Firewall restart is required. Also, a special USB key with HackTrack™ Firewall configuration can be used. The administrator can not change the content of USB key configuration because it is protected against overwriting. Such protection ought to eliminate the HackTrack™ Firewall modification by the attacker.
Security:
- Intrusion Prevention System (IPS)
- Anti-spoofing
- Protocol inspection
- Completely modified system of random numbers generation
- Intrusion Detection System (IDS) – turned off in basic configuration
- IDS connection with HackTrack™ Security.NET
- Constant on-line actualization of virus definitions, rules, and ‘Hotfixes’
- Dual Internet connections support and their status automatic detection.
- Dual support of LAN and WAN network cards
- Administration authorization by one-time passwords S/KEY use
- Complete antivirus control of HTTP and e-mail traffic
- Integrated protection against unauthorized data mining
- Content filtering
Features:
Packet filter
- Firewall complete packet filtering
- IP aliasing, packet classification
- Date rate management
- IP traffic monitoring and statistics
- Rules definition for outbound communication
- Manager filters
- Bandwidth limiter (QoS); percentage limits
Integrated router with NAT support
- Complete router with NAT support
- Source and Destination NAT
- Rules and procedures for communication mining through the Firewall
- Static and Dynamic routing
- Integrated Diagnostic PING and TraceRoute Tools
- RDR, NAPT, BIMAP, PASS, BASIC, FILTER, OSPF, and BGP protocols support
- Enabling of supported protocols definition
DHCP support
- Integrated DHCP server
- Integrated DHCP client
- Automatic IP allocation in accordance with defined MAC
- BOOTp support
- Enabling of manual parameters configuration
- Windows and MS NetBIOS support
Proxy
- Complete Web Proxy (also transparent) HTTP, HTTPS, CONNECT
- Complete FTP Proxy
- Complete SOCKS
- Parent Proxy support
- Complete cache system
- Elimination of enabled rules
- Data bandwidth
- Content filtering
- IP, URL, Content, Legacy, Porn filter
- Definition of rules for individual users, IP
VPN
- VPN by IPSec
- IPSec Host to Host
- IPSec Host to Network
- IPSec Network to Network
- VPN by SSLVPN, and Central certificate administration
RADIUS
- RADIUS client
- RADIUS server
- RADIUS authentication
Setup, administration and statistics:
- Complete setup is enabled by simple guide in three languages (English, Czech, and Slovak)
- Setup modification is enabled by web administration (protected by SSL communication), remote console, and special console that is connected via configuration port
- Simple definition of rules for Inbound and Outbound communication, blocked protocols, blocked P2P, VoIP, Chat, HTTP, Internet Radio, and Multimedia
- Back up of configuration on disk is enabled
- Back up of configuration to HackTrack™ Support Center is enabled
- Complete statistics of transferred data
- Complete statistics for individual users, PC and IP
- Logs transfer to the local and distance SysLog Server is enabled
- ATEUS Centrals support (SMS)
Others:
- ADSL modems support
- Date and Time SNTP, NTP update services
- ISDN dial-in, dial-out, (PAP, CHAP, RADIUS, dial on demand)
- VRRP and IP Phone support
- HotSpot gateway; allows connection with RADIUS
- Mining by EoIP use
- VLAN Support
- Data tunnels setup for TCP/IP communication. Enabling the secure data transfer by SSL and SSH integration.
Documentation & Administration:
- Issued in English, Czech, and Slovak
HW Configuration:
1x LAN 10/100/1000Mbps – RJ45
1x WAN 10/100Mbps – RJ45
2x free PCI ports
Enabling WLAN 802.11b integration (chipset Atheros 54Mbps) to create AP
1x LAN 10/100/1000Mbps – RJ45
1x WAN 10/100Mbps – RJ45
2x free PCI ports
Enabling WLAN 802.11b integration (chipset Atheros 54Mbps) to create AP
Technical parameters:
Dimension - 399x349x147 mm
Charge - 220V/50Hz – 220W ATX
Weight – circa 11 lbs.
Dimension - 399x349x147 mm
Charge - 220V/50Hz – 220W ATX
Weight – circa 11 lbs.