(585) 254-1966
Products



Sophos Security Gateway Hardware Appliances

Description: Astaro Security Gateway Hardware Appliances

Our hardware appliances are purpose built, high-performance security devices. They integrate Sophos's security applications with a hardened Operating System on optimized Intel-compatible server systems that cater to every business size. This section details the series of Sophos Security Gateway hardware models available.



Sophos Security Gateway 110 Sophos Security Gateway 120 Sophos Security Gateway 220

Description: Astaro Security Gateway 110


Recommended users

1 - 10

Firewall throughput

1.8 Gbit/s

VPN throughput

180 Mbps

Ethernet ports

4 x GE ports

Storage

160 GB

UTM Throughput

45 Mbps

Description: Astaro Security Gateway 120


Recommended users

25 - 80

Firewall throughput

1.8 Gbit/s

VPN throughput

180 Mbps

Ethernet ports

4 x GE ports

Storage

160 GB

UTM Throughput

45 Mbps

Description: Astaro Security Gateway 220


Recommended users

75 - 300

Firewall throughput

3 Gbit/s

VPN throughput

480 Mbps

Ethernet ports

8 x GE ports

Storage

160 GB

UTM Throughput

95 Mbps

     
Sophos Security Gateway 320 Sophos Security Gateway 425 Sophos Security Gateway 525

Description: Astaro Security Gateway 320


Recommended users

200 - 800

Firewall throughput

3.4 Gbps

VPN throughput

700 Mbps

Ethernet ports

8 x GE ports

Storage

160 GB

UTM Throughput

165 Mbps

Description: Astaro Security Gateway 425


Recommended users

600 - 1500

Firewall throughput

6 Gbps

VPN throughput

780 Mbps

Ethernet ports

6 x GE Copper + 2 x GE SFP

Storage

160 GB

UTM Throughput

300 Mbps

Description: Astaro Security Gateway 525


Recommended users

1300 - 3500

Firewall throughput

6 Gbit/s

VPN throughput

900 Mbps

Ethernet ports

10 x GE Copper + 4 x GE SFP

Storage

320 GB

UTM Throughput

340 Mbps

     
  Sophos Security Gateway 625  
 

Description: Astaro Security Gateway 625


Recommended users

2000 - 5000

Firewall throughput

10 Gbit/s

VPN throughput

1100 Mbit/s

Ethernet ports

10 x GE Copper + 8 x GE SFP

Storage

450 GB

UTM Throughput

575 Mbit/s

 

 

Sophos Network Security


Description: Astaro Network Security
Sophos Network Security includes fully integrated features such as a configurable firewall paired with an Intrusion Protection system, Denial of Service, lots of traffic forwarding and NAT tools and much more. Take a deeper look at the extensive range of features provided by this security application.

Firewall

Sophos’s firewall uses an object-based approach. Simply define an object like a workstation or company web server, and then re-use this information all through the configuration. Sophos’s firewall is intuitive, easy to use, and removes the confusing interfaces found in many UTM’s today by offering an open, visual layout that allows administrators to be as broad or detailed as they need. Sophos’s packet filter includes a time-saving feature that pushes any change made to an object to all URLs that use it. For example, if you have a web server at an internal address with dozens of rules that govern access to and from this resource and need to make a change to the address, you need only change it once and all rules that contain "web server" as an object will instantly be updated. This can save hours of time vs. manually adding each rule and reduces the chance for human error.
The packet filter is a deny-by-default tool, which means only traffic that administrators specifically allow will occur. This eliminates the need for administrators to spend time learning and "locking down" the product right out of the box. Since no permissions exist by default, there is no chance that traffic which is unwanted will be allowed through the firewall by accident.

Intrusion Prevention

An Intrusion Prevention System (IPS) can identify and stop many threats, exploits, back-door programs, and other attacks as they pass through the device. An IPS can strongly bolster a firewalls security policy by helping ensure that traffic which is allowed to pass via the firewall rule policy is further inspected to make sure it does not contain unwanted threats.
Even with good patching practices, a company can find itself faced with a threat that affects its systems and resources. It is in these situations that IPS can often shine, as patterns to catch the threat are released before an official update or patch is made available - protecting the business during this crucial period. Sophos’s IPS is a deep-packet-inspection system which peers inside the traffic packets as they pass through the installation, and can remove certain packets which contain undesired contents that are matched against a deployable rules list of over 8000 patterns. This signature list of patterns is live-updated every few minutes and constantly adapts and evolves to keep you protected from threats as they emerge and spread.

DoS Protection

A business using Sophos’s protection can keep this damaging stream from impacting them directly and causing damage to their machines. Resources such as Web and Mail Servers are frequent targets of attacks that want to cripple them by sending many requests or large amounts of data which “Deny” them the ability to serve up other requests to valid users.
This type of Denial of Service (DoS) attack can bring down a server, even damaging it in the process, while making the Internet unavailable to employees trying to work. Our product can keep your resources safe from these situations. We have tools to limit the rates at which your servers are asked to respond to requests, providing protection you might have to otherwise spend a lot more money on to acquire.

Bandwidth Control

Sophos’s Quality of Service setup is easy; you specify the available bandwidth you have from your ISP and let our auto-rules intelligence optimize your Internet connection. Shaping and prioritization of smaller packets is done automatically. Diving deeper, it is possible to craft specific rules which match traffic patterns or ports with bandwidth maximums and minimums. If you can dictate which applications or users are able to utilize the Internet, you control how a fixed resource is used during different conditions.
For example, you can allow the use of Bittorrent programs during the entire workday for the company at a rate of 10Mbps, but then limit Bittorrent use to only 2Mbps for a certain group or user. These types of rules can be created and managed for almost any type of traffic. With Sophos, you can make sure that the proper programs get the right priority for the Internet connection you have. If you would like your web server to always respond quickly to your customers by getting preference ahead of other traffic like a picture download from Google Images, our bandwidth control can reserve bandwidth for web traffic ahead of these other requests.

Branch Office VPN

Sophos’s Branch Office VPN provides visual views for tunnel status and a clear overview of what sites are connected.
Use Sophos for trouble free, stable connectivity. Remote locations benefit from a direct link to the company HQ and with each other. Tunnels can fall-back and re-establish across a different available Internet connection during outages. Choices are available whether to fully share the computers in both networks or make rules which limit what can travel over the tunnel(s). Our product supports host names for tunnels and with a built-in Dynamic DNS (DynDNS) client. Users can connect everything with public or private IP addresses using multiple Internet connections. The Sophos Command Center product can be used to build VPN tunnels across dozens or hundreds of devices from a central GUI.
.
SSL Remote Access
SSL Remote Access offers the same encryption strength and security of other remote access types and is activated with a simple click or automatically each time the user’s machine starts up. Administrators benefit from having a self-deploying distribution method, so they do not have to physically install and deploy the SSL Remote Access on each machine. After being allowed to use the service by the administrator, employees navigate to the Sophos UserPortal, download and install their personal client and simply connect.
Automatic split tunneling can segment only traffic destined for the central office network down the VPN tunnel, while other traffic uses the normal Internet connection of the user.
No technical information or experience is needed to install and connect with Sophos's SSL Remote Access. The Sophos SSL VPN client is available free of charge and allows unlimited users to make use of this access type.

IPSec Remote Access

Remote access over IPSec provides the utmost in security and peace of mind for network administrators. This method uses the Sophos Secure Client to build a stable, fast tunnel to the Sophos gateway, where users can print documents, share file and otherwise conduct business over this encrypted tunnel.
Administrators strictly control what is accessible once the tunnel is established; from individual applications on a single machine, to full access across entire networks.

Native Windows Remote Access

This type of VPN deployment is aimed at companies who are required to provide remote access connectivity for users, but need to keep the following issues in mind: budget, deployment process and error free operation. Through this application, external workers can enjoy the comforts of the office environment through secure access to file shares, printers and email.
Using L2TP or PPTP, users can authenticate and build a secure tunnel to any Sophos installation in moments using the client tools already included in their Windows operating system. Administrators can set what is accessed by the entire VPN group, individual users, or a mixture of both, such as allowing all VPN users to access the file share, then allowing only John Doe to use remote desktop to his workstation in the office.

Directory Authentication

Directory authentication servers contain user and group information along with login names and passwords. By linking existing directory authentication resources with your Sophos, you are able to re-use this existing user and group information when building a security policy. Sophos can join with many types of authentication servers, with special integration for Active Directory and eDirectory. Features that support authentication can be configured to provide benefits to both the administrator and the user.

Users can take advantage of many areas of Sophos simply by using their existing name and password they are already familiar with; no need to learn a new set of credentials. Administrators can build Web Security access profiles and then assign them to users or groups which already exist in their configuration, and gain extra detail level in many reports that replaces IP addresses with user names for better visual overviews

UserPortal

The UserPortal is perfect for allowing employees to manage some tasks themselves. It is available in over 15 languages and can be customized. Users can make own personal spam whitelist or sort through their spam quarantine in moments to find a message they are searching for.
Upon login users can download their SSL VPN client to permit secure access to resources behind the Sophos installation. They can review, release and delete messages in their mail quarantine directly, without waiting for the daily report or an administrator to respond to a release request. This allows them to work more effectively and frees up administrators to do other tasks.
Sophos UserPortal boasts the industries only personalized mail log, so if a message has been received but was deleted due to a virus or bounced due to a blacklist entry, the user can still find out what exactly happened to that message, even though they haven’t received it and it isn’t in their quarantine.


Sophos Mail Security


Description: Astaro Mail Security
Sophos Mail Security ensures that the abuse which email is subjected to, such as spam, viruses and privacy issues, do not affect your daily business routines. Through this application, real messages are properly delivered and employees can find what they need without being exposed to damaging content. Take a deeper look at the extensive range of features provided by this security application.

Anti Spam

The fight against spam is far from simple, but has a very simple goal: only valid, wanted messages should end up in an inbox. Spammers are clever, and constantly adjust their methods to bypass the filtering technology which stops their messages from being delivered and keeps them from getting paid. Sophos has several weapons in our Mail Filtering toolkit which can remove spam. Our primary engine uses a global pattern and fingerprinting technology to keep your inboxes clean.
Using Sophos, spam is identified by real-time communication with a network of millions of analyzers and participants which electronically scan and share the fingerprints of the mails they receive. With this approach, spam outbreaks are noticed within seconds, and Sophos receives live information as to which messages should be treated as spam, and which are valid. Our Anti-Spam engine doesn’t care what language the message is in, or even what it says inside. By tracking and identifying spam as it is launched and spread, the solution can scan at a much faster rate, with a far greater accuracy, than a traditional examination system where each message is totally inspected against an inflexible number of fixed rules.

Antivirus Scanning

Viruses remain a problem even with the latest in desktop defense. By stopping this malicious content before it enters the network, administrators can use Sophos to prevent viruses from draining productivity, damaging data on servers and workstations, and causing embarrassment to the company from infected machines spreading the virus to business contacts.
Sophos’s dual-scanning system allows for files, messages, and website objects to be scanned twice with different engines, increasing the effectiveness vs. a single scanner. All companies have varying response times to the latest threats, and even a period of a few minutes of ineffective pattern awareness can cause serious damage to your network. By having parallel scanners, this risk is further reduced.
Protected by Sophos Antivirus, users that encounter viruses while surfing and downloading files get a detailed block page informing them why the block has happened, so they do not get confused or need to create an IT support ticket for why a website or download “isn’t working”. Mail messages with viruses can be quarantined for review or deleted outright, while built-in reports show you the effectiveness of Sophos’s Antivirus solution.

 

Email Encryption

The learning cost associated with implementing email encryption products is high. With Sophos’s mail encryption, the learning costs is removed. Operating transparently at the gateway, Sophos’s system easily encrypts and decrypts messages and allows the administrator to manage all operations from a central point.

Once enabled, the mail encryption engine can be pre-loaded with PGP or S/MIME encryption keys of senders and expected recipients before deployment so the system is ready to go right away. Sophos can also “farm” keys out of messages. So that if chuck@Sophos.com emails your company with his key or digital signature attached to his message (a common practice among those using encrypted email), then Sophos’s encryption system will notice this and extract his key, placing it in the system repository. Future emails to Chuck from any user of your company will be automatically encrypted, and he will decrypt it with the existing system that he uses.

 
Sophos Web Security


Description: Astaro Web Security
Sophos Web Security protects employees from threats and allows you to apply terms and conditions to where and how they can spend their time online. Spyware and viruses are stopped before they can enter the network and cause damage. Everything is tracked and arranged in detailed reports which show how effective your policy is so adjustments can be made.

URL Filtering

Using Sophos’s URL Filtering, companies control Web Security by blocking and allowing everything from an entire category type to a single URL. The reporting will show who visited what site, when, and how many times, along with bandwidth statistics that allow you to identify excessive or inappropriate usage.
Sophos URL Filtering is designed to provide many benefits without a confusing setup procedure. Just enable the filter and then choose the material you wish to block along with who should fall under this set of restrictions. You can create multiple profiles and assign them to different things; such as putting the guest wireless LAN under heavy restrictions while the in-house employee machines enjoy a more relaxed profile.
With over 95 classification categories, you have complete control over what is allowed to be accessed, by whom, and when. Combined with a directory authentication resource like Active Directory, policies can be built for existing users and groups, while detailed reports outline how effective the policy has been and if adjustments need to be made. Buckets can be used to combine multiple categories into a single profile, so that time isn’t wasted in building additional security policies.

Spyware Protection

They are known by many names: spyware, malware, adware and more; programs which are usually installed accidently or under false pretenses. Once infected a user is subject to a number of undesirable consequences. Stop these programs at the gateway before they can enter the network and be installed. Sophos’s Spyware filtering can keep computers running smooth, free up administrator resources and keep employees happy and working without interruption.
Using a global, live database with billions of URLsitems classified as spyware will be blocked with an informative message to the end user. No longer will search and “not found” pages be altered and injected with advertisements. Even if the spyware is brought into the network physically on a USB drive and installed without using the Internet, Sophos can provide benefits.

Antivirus Scanning

Viruses remain a problem even with the latest in desktop defense. By stopping this malicious content before it enters the network, administrators can use Sophos to prevent viruses from draining productivity, damaging data on servers and workstations, and causing embarrassment to the company from infected machines spreading the virus to business contacts.
Sophos’s dual-scanning system allows for files, messages, and website objects to be scanned twice with different engines, increasing the effectiveness vs. a single scanner. All companies have varying response times to the latest threats, and even a period of a few minutes of ineffective pattern awareness can cause serious damage to your network. By having parallel scanners, this risk is further reduced.
Protected by Sophos Antivirus, users that encounter viruses while surfing and downloading files get a detailed block page informing them why the block has happened, so they do not get confused or need to create an IT support ticket for why a website or download “isn’t working”. Mail messages with viruses can be quarantined for review or deleted outright, while built-in reports show you the effectiveness of Sophos’s Antivirus solution.

HTTPS Scanning

HTTPS is a secure connection usually made between the user’s browser and a target website. Web masters use HTTPS in their sites so that file sharing and even home-user sites can make use of HTTPS.
Sophos’s HTTPS filtering can examine inside encrypted streams using an advanced man-in-the-middle approach to provide a full range of control. Acting as a trusted authority which can be deployed by download, email attachment or directory policy push, Sophos is able to completely scan HTTPS.
URL filtering can be performed on the sites accessed and Sophos can also look deep inside the stream itself and identify viruses, spyware and malicious content that is being accessed over HTTPS. This provides great protection should a site that is trusted become compromised and start serving malicious content over HTTPS, as Sophos will still be able to stop it. Programs which tunnel over HTTPS, like anonymous surfing or crafty instant message programs will no longer be allowed to connect.

IM/P2P Filtering

The Instant Message and Peer to Peer filtering provides extended security benefits over a firewall alone. Many programs have been cleverly designed to ensure they can connect through security devices, and have the ability to use common ports in order to reach the Internet. Some are smart enough to scan the device blocking them in order to find a port which is allowed through. They then configure themselves to use this path and can repeat this process upon each startup. With this design, they are impossible to block without a capable solution.
Using signature-based recognition, Sophos can identify IM and P2P programs easily, and gives the administrator the option to individually block these programs. Administrators can also monitor how often they are used, or remove the ability for Instant Message programs to send and receive files. Peer to Peer programs that use common transfer networks are recognized by their core technology. Many utilities and programs that appear to be a dedicated product are really just a wrapping for an engine like Bittorrent or Gnutella. Sophos’s filtering isn’t fooled by this and if Bittorrent is set to block, any program which uses this network will be blocked.

User Reporting

Companies can be surprised by exactly how much is lost in wages and time while 50% of their workforce wastes two hours each day surfing to inappropriate places.. The mere act of installing a filter on your network can set the perception that Internet usage is monitored. As soon as the first “blocked” page is seen, employees will adjust their surfing habits accordingly knowing that where they go is now being monitored.
Detailed reports also demonstrate how much bandwidth is being used so that if a single person is responsible for the majority of web use at the company, this can be investigated and addressed. Reports are available at a high level summary viewer you can dive deeper into an individual user’s usage and get a full list of their activity. Reporting by category is also useful reverse reports showing all users that accessed a particular site or category can be created and inappropriate web-usage can be addressed.
User reports are also available for Email, letting you know what amounts of messages are sent and received by everyone in the company, so if a user is infected with a program that is sending hundreds of advertising messages per second, this behavior can be recognized and stopped.

Interactive Web Reporting

The Interactive Web Reporting system gives you a clear, simple place to start, then reacts to your next requests based on your clicks. As the data shifts to match your needs, you can drill deeper and ask for more detail. This lets you have as much information as you need (all the way down to everything the logs have to offer) without being bombarded by a barrage of numbers from the beginning. As you shape the data and craft reports exactly for you, everything can be saved, so in the future you can jump immediately to the final result.
Administrators are not the main user of reports. Managers, executives, and department heads make extensive use of Web Reporting data and create requests to the admin. They don’t want to login to the security device with a special set of restrictions and run the reports themselves. Instead, we let you deliver the information they need via email at regular intervals, so they just have to look to their inbox for the usage data they want.
In addition to our reactive reporting interface, and ability to save and subscribe all reports, you will find a new feature which tells you what users search for via the major search engines. Know that Johnny is searching hundreds of times a day for “Explicit Pictures” while Kate is Googling for “ways around Web Filter”. This visibility lets you identify employees which are abusing search engines at work and take action.

Application Control

Using an advanced packet-inspection engine, ASG peers inside your network traffic to identify the true contents of what is being sent and received. Through an interactive display, you can make educated decisions on how your connection is used. Mold your security policy directly to your needs in real-time by accelerating Salesforce.com, blocking Skype, and controlling the various components of Facebook. This real-time processing happens without network slowdown, while traffic is matched against a list of applications which is constantly updated. You make the decisions what you want to allow or block and can set priorities so that some applications can always perform smoothly despite what else is happening. You are not forced to block Youtube outright to regain control of your connection, you can give it a bandwidth limit or increase the priority of essential applications so they never have to suffer at the expense of other apps.
Sophos doesn’t participate in the “pattern arms race” already underway by our competitors; what use is 3000 patterns for traffic you will never see in your network? We focus instead on applications your company actually uses. Our AppAccuracy program monitors the unclassified applications seen by installations around the globe; we can intelligently add new patterns which are actually needed.

 
Sophos Web Application Security



Description: Astaro Web Application SecuritySophos Web Application Security hardens your web servers using Reverse Proxy technology to protect them from modern attacks and data loss. With it, you can securely offer applications like Outlook Web Access (OWA) and guard against techniques like SQL Injection and Cross Site Scripting (XSS). Stop hackers from using these types of attacks to gain access to sensitive information like credit card data, personal information, and social security numbers. Sophos Web Application Security aids you in compliance efforts where a web application firewall is required, such as PCI-DSS.

Form Hardening

A web form on a web page allows users to enter data that is then sent to a server for processing. Internet visitors fill out forms using controls like checkboxes, radio buttons, and drop-down boxes. As the data entry using these tools is frequently exploited by hackers, Form Hardening is designed to prevent a visitor from submitting something unexpected.
How it works is ASG becomes aware of the possible responses in a form which is sent out by a server to a visitor. Form Hardening inspects the answer which is given and compares it against the possible “valid” responses. If the response differs or the Form Hardening process was tampered with, the form will be rejected. For example, if a user is offered a ratings dropdown with a possible value of “1-5”, the system will reject the form if the user manipulates the form and submits a value of “6”.
This feature and the protection it provides can prevent many types of exploits and techniques which are used by hackers to breach sites, steal data, and acquire forbidden information.

Reverse Proxy

Rather than using basic port forwarding to blindly allow visitors to access your Web or application servers (like Outlook Web Access), the Web Application Security Reverse Proxy lets you control the incoming traffic to servers so you can apply various scanning and security features in order to protect them. Our Reverse Proxy removes the complex and cumbersome setup procedures of other products; you can manually specify the internal server(s) you wish to protect, or perform an automated scan which will identify machines currently offering services on HTTP and HTTPS internally. Now simply define which Interface or alias IP address the public Internet accesses these servers with, and apply protection profiles based on your needs.
Reverse Proxy also lets you offload HTTPS encryption from your web server. Visitors can arrive on HTTPS and ASG can decrypt it and pass normal HTTP to the target internal server, saving you having to setup and master HTTPS on the Web Server itself, and offloading the decryption operation onto the ASG to save Web Server resources. Alternatively, visitors could arrive on HTTP and then be passed over HTTPS for the journey through the Internal Network to the server if the situation demands it. With support for 3rd party certificates and easy graphical management of the entire process in a clear, precise manner, your traffic can be secured without the need for dedicated training in this area.

Antivirus

Viruses remain a problem even with the latest in desktop defense. By stopping malicious content before it enters or leaves the network, administrators can prevent viruses from draining productivity, damaging data on servers and workstations, and causing embarrassment to the company from infected machines spreading the virus to business contacts or visitor’s to your site.
Sophos’s dual-scanning system allows for files, messages, and website objects to be scanned twice with different engines, increasing effectiveness vs. a single scanner. All companies have varying response times to the latest threats, and even a period of a few minutes of ineffective pattern awareness can cause serious damage to your network. By having parallel scanners, this risk is further reduced.
Protected by Sophos Antivirus, all the objects which travel both to and from your web and application servers are scanned in real-time for infection. Visitors will not be able to upload infected content, and your servers are protected from being exploited to hand out malicious files and infected materials to your customers.

URL Hardening

URL hardening enforces what request a client is allowed to make of a web server. It makes certain what happens next by the user is something the web server is actually expecting. This whitelist-style approach means if you have left a directory open, misconfigured a script/application, or otherwise left your site open to exploitation, this feature will act as a shield.
While patterns can (and are) used successfully to counter injection and XSS attacks, this type of protection provides additional security. As you visit the site, URL hardening will analyse the response to your query from the server, and in real-time create a valid "moves list" of valid links you can request "next". As such, this is a sort of dynamic, reactive white list approach built on a per-user basis.
All you have to do is define your "ingress" points where a user is allowed to "land" (such as www.Sophos.com or www.Sophos.com/products) depending on the size of the site and the amount of deep-linking you allow, this could be just a few links, or dozens+. From there, Sophos auto-whitelists the users next available “moves” by examining the valid links and navigable points the web server issues them in response to their “click”.
This makes it difficult for the visitor to access or do something unexpected, as this URL hardening approach regulates their activities to known paths and areas of expected access.

Web Application Firewall

The Sophos Web Application Firewall adds a scanning engine and attack pattern recognition to the Web Application Security suite of tools. The patterns are kept current using Sophos Up2Date technology, and are downloaded and applied in real time to keep you protected automatically. Many products of this type require extensive training by the administrator and try to make sure that they understand all areas of the techniques, the patterns which identify and stop them. Administrators may not have the time to learn all about how a security product designed to stop these attacks should be configured and put in place protecting their servers. Our approach changes that.
Delivered to the administrator as a configuration menu, you can simply choose the protections you want to apply without dealing with pages of complex patterns and endless configuration screens to activate the protection and have it operate correctly.
Creating a security profile can be done by any admin, and in minutes your servers will be protected from attacks like SQL injection and Cross Site Scripting (XSS), and you do not have to become an expert in this area during the process! With no need to learn complex regular expressions or risk blocking real users performing valid requests, you get all the benefits without having to invest major time.

Cookie Protection

Cookies can be used by creative attackers to cause unexpected problems for your company. These tiny packets of data are usually only supposed to be used by browsers to interact with a server and remember small preferences of the last visit, such as how a preference has been selected by a visitor. Attackers however can exploit the contents of a cookie and how they are digested by a server, causing them to have all sorts of negative effects, depending on how vulnerable your configuration is. Rather than invest time and money in becoming an expert on web server cookies and all the ways that they can be abused to cause you trouble, let our Cookie Protection keep you safe.
For example, someone might visit your site and use your online store to add an item to their shopping cart and then leave. Information like the item number, and more importantly price, might be stored in a cookie so when the user returns, they do not have to add it again.
A malicious user might manually edit the information inside the cookie with a new price for the item. If they then visit a vulnerable server, it could permit them to complete the checkout process using the new price, and if this isn’t noticed, let the user purchase and acquire the item at this invalid amount. Cookie signing protects against this type of exploiting, since when this user edited the contents, the digital signature would no longer be valid and Sophos would then discard it and not pass it to the web server.

Sophos Wireless Security


Description: Astaro Wireless Security
Although every organization would benefit from wireless networking, existing solutions either lack important functionality or are too expensive and difficult to manage. Sophos Wireless Security is a new approach that dramatically simplifies the operation of secure and reliable wireless networks. With Sophos Security Gateway's built-in wireless controller, our access points are cost-effective and require no manual configuration, redefining wireless networking for small and medium businesses.

Plug & Play Deployment

The configuration and deployment of access points only requires a few simple steps. You need only plug in the Sophos access point anywhere in your LAN, it will find the controller, fetch its IP address via DHCP and import the configuration. The device will then show up in the web user interface of Sophos Security Gateway automatically, from which it only needs to be manually enabled. The access point becomes operational within seconds.

Central Management

Sophos Security Gateway acts as a wireless controller, centrally managing all Sophos access points. The complete configuration, logging and troubleshooting is all performed within the Sophos Security Gateway.
Sophos access points act similar to a thin client in relation to the wireless controller of Sophos Security Gateway. The Sophos access points are configuration-less, meaning that the intelligence in the access points has been minimized and centralized in the wireless controller instead.
Two different modes of integration may be chosen, thus either creating an entirely new wireless network or for bridging into the network the access point is physically connected to. Similarly, keeping control of your wireless networks has never been easier, as Sophos‘s built-in reporting displays information about connected wireless clients without the need for a separate tool.
An active Wireless Security subscription on the Sophos Security Gateway is the minimum requirement for using and centrally managing Sophos access points.

 

Integrated Security

With Sophos Wireless Security, all security applications are executed within the central gateway, and all wireless traffic is forwarded to the Sophos Security Gateway. Thus, the wireless clients obtain the same level of UTM security as if they were physically connected to your internal network.
The following unified threat management applications are available for Sophos Security Gateway appliances:

  • Sophos Network Security includes fully integrated features such as a configurable firewall paired with an Intrusion Protection system, Denial of Service, lots of traffic forwarding and NAT tools and much more. Take a deeper look at the extensive range of features provided by this security application
  • Sophos Mail Security ensures that the abuse which email is subjected to, such as spam, viruses and privacy issues, do not affect your daily business routines. Through this application, real messages are properly delivered and employees can find what they need without being exposed to damaging content
  • Sophos Web Security protects employees from threats and allows rule definition of how they spend their time online. Spyware and viruses are stopped before they can enter the network and cause damage. Everything is tracked and arranged in detailed reports which show how effective your policy is so adjustments can be made.
  • Sophos Web Application Security protects your web servers from modern attacks and data loss. Stop hackers from using techniques like SQL Injection and Cross Site Scripting (XSS) to gain access to sensitive information. Secure your web applications from being exploited and keep your business PCI-compliant while avoiding theft of sensitive client data like credit card numbers.

Strong Encryption

Wireless networks are affected by unauthorized access problems much more than cabled networks because potential attackers need only to be within the coverage range for access. To close this security hole, Sophos Wireless Security supports the most advanced encryption and authentication standards for wireless traffic available today, featuring WPA2-Enterprise in combination with IEEE 802.1X (RADIUS authentication). WPA2-Enterprise uses 128 bit AES encryption, a proven block-based encryption standard, providing users with the highest level of assurance that their data will remain protected. In addition, the monitoring capabilities of Sophos Wireless Security will allow users to easily detect failed authentication attempts.

Placement Choice

Many wireless systems have the drawback that they are housed in the server room and thus, cannot be flexibly deployed. This is not the case with the Sophos access points as they can be placed anywhere in the office. Thanks to their advanced roaming capabilities, they offer a strong signal covering the whole office, providing users with the mobility not featured with many other wireless solutions or wired networks. This enables the mobile user the freedom to travel to various places such as meeting rooms, hallways, lobbies and still have access to networked data.

Guest Internet Access

ll Sophos access points support multiple wireless zones (SSIDs), each providing different authentication and privacy settings. This enables wireless guest Internet access without the risk of compromising the integrity of your network.
On each Sophos access point, up to eight different SSIDs can be configured. A Service Set Identifier (SSID) is the name which identifies a particular wireless network and is advertised to the wireless clients. The capacity of broadcasting multiple SSIDs allows the creation of what is often called a "virtual access point", the partitioning of a single physical access point into several virtual access points, each of which have a different set of security and network settings.

Sophos Access Points



Description: Astaro Access PointsThe wireless access points AP10, AP30 and AP50 are the easiest and most cost-effective way to secure your wireless networks. You can centrally manage them via an Sophos Security Gateway, which acts as a wireless controller. The Sophos access points are configuration-less, meaning that the intelligence in the access points have been minimized and centralized in the wireless controller instead. Through this approach, the total cost of ownership of a wireless LAN can be reduced significantly, because of less expensive upgrades and easy migration paths for to future technology.

Plug & Play Deployment

With Sophos Wireless Security, you can create secure and reliable wireless networks within minutes. Its configuration-less access points are deployed rapidly as they require no local configuration.

Central Management

Sophos Security Gateway acts as a wireless controller, centrally managing all Sophos access points. The complete configuration, logging and troubleshooting is all performed within the Sophos Security Gateway.

Integrated Security

Seamlessly integrate wireless access points into Sophos Security Gateway and instantly protect all wireless clients through complete unified threat management security.

Strong Encryption

Sophos Wireless Security supports state-of-the-art wireless encryption and authentication standards, ensuring the wireless connection is as secure as it gets.

Placement Choice

Sophos access points can be placed anywhere in your organization, providing a strong wireless signal all over the office.

Guest Internet Access

With Sophos Wireless Security, you can easily set up wireless guest Internet access without the risk of compromising the integrity of your network.


Sophos RED




 

Description: Astaro RED Sophos RED (Remote Ethernet Device) is the easiest and most affordable way to secure your branch offices. You can centrally configure it via an Sophos Security Gateway located at your headquarter which automatically distributes the configuration to the Sophos RED appliance. By forwarding all traffic to the central Sophos Security Gateway, Sophos RED provides complete UTM security even for your smallest remote or home office. In contrast to standard security appliances Sophos RED not only provides stronger security but also slashes the total cost of ownership by 80% as there's no need for technical skill or ongoing maintenance at the remote site.

Complete UTM Security

Sophos RED acts similar to a thin client in relation to the centralized Sophos Security Gateway, i.e. all security applications are executed within the central gateway. Therefore the branch office which is connected via the Sophos RED appliance obtains the same level of security as the central office. An active Network Security subscription on the central gateway is the minimum requirement for any Sophos RED device. The following applications are available for Sophos Security Gateway appliances:

  • Sophos Network Security includes fully integrated features such as a configurable firewall paired with an Intrusion Protection system, Denial of Service, lots of traffic forwarding and NAT tools and much more. Take a deeper look at the extensive range of features provided by this security application.
  • Sophos Mail Security ensures that the abuse which email is subjected to, such as spam, viruses and privacy issues, do not affect your daily business routines. Through this application, real messages are properly delivered and employees can find what they need without being exposed to damaging content. 
  • Sophos Web Security protects employees from threats and allows rule definition of how they spend their time online. Spyware and viruses are stopped before they can enter the network and cause damage. Everything is tracked and arranged in detailed reports which show how effective your policy is so adjustments can be made.
  • Sophos Web Application Security protects your web servers from modern attacks and data loss. Stop hackers from using techniques like SQL Injection and Cross Site Scripting (XSS) to gain access to sensitive information. Secure your web applications from being exploited and keep your business PCI-compliant while avoiding theft of sensitive client data like credit card numbers

.

Built-in Central Management

With Sophos RED, managing your remote site’s IP addresses becomes a no-brainer. You can easily define your global DHCP and DNS Server configuration on your central Sophos Security Gateway and roll it out to all sites connected via the Sophos RED device.
Similarly, creating and managing separate security policies for each individual site is no longer required. You just need to create and maintain one global security policy for protecting all remote sites. Keeping control and global visibility of your remote networks has never been easier, as Sophos‘s built-in reporting integrates RED-connected networks without the need for a separate reporting tool.
In fact, RED-connected sites appear like they are physically connected to your Sophos Security Gateway through an ultra long Ethernet cable. With this new approach, branch offices can be managed as if they were located just within another in-house department.
.

Virtual Ethernet Cable

The Sophos RED device establishes a secure Layer 2 ("Ethernet") tunnel to the central Sophos Security Gateway using strong AES256 encryption and SHA1-HMAC authentication. Furthermore, all communication is automatically authenticated via an SSL channel by using trusted digital X.509 certificates before any data is being transferred.
As Sophos RED acts like an Ethernet cable all advantages of your LAN can be applied to your branch office. This includes central IP address management through DHCP and the usage of challenging protocols like multicast or netbios.
Hardware based AES encryption acceleration furthermore empowers each Sophos RED device to provide throughput rates of more than 30 Mbps, which exceeds the bandwidth available for typical small office WAN connections today and ensures low latency.

Rapid Deployment

The configuration and deployment is completely automated and requires only a few steps: After entering a name and a unique device ID within the central Sophos Security Gateway, a new configuration file is created and stored automatically with the Sophos provisioning service.
After sending the unconfigured Sophos RED device to the remote office, the Internet router will need to be connected, the device should then be added to the network and plugged into the wall. As soon as the Sophos RED device is powered up, it will automatically retrieve its configuration from the provision service, will connect to the central Sophos Security Gateway and establish a secure Ethernet tunnel.


 

Download Sophos Product Information

Layer 3 Technologies, Inc.
Tel: (585) 254-1966 Fax: (585) 254-2266
Copyright © 2000-2013 All rights reserved
Legal | Privacy | Sitemap