.png)
High Assurance Guards
The Bastion™ and DeepSecure ™ products are designed and engineered to meet the exacting standards set by clients such as the UK Ministry of Defence, Her Majesty’s Government and NATO, whose data sharing requirements face a wide range of threats amid the need to communicate in security-hardened environments.
The Deep-Secure solution integrates with the Data Diode solution from BAE Systems to provide a robust content filtering and classification control system for data being passed through the diode
Bastion
Bastion is an Application Protocol Firewall that acts as a trusted intermediary for all messaging traffic between internal and external networks or networks that do not share a common level of trust. Certified to EAL4 standard, it stops virus, malware and hacker attacks and offers a protected environment in which additional message screening can be applied. So it is normally installed in conjunction with various components of the DeepSecure advanced content security solution. Bastion is a key component in connecting sensitive Government networks and works on SMTP and X.400 messaging traffic, SNMP management traffic and X.525 directory replication traffic
Deep-Secure
DeepSecure is an advanced content checking and policy enforcement system which offers protection against the deliberate or accidental release of sensitive information to unauthorised people within the most stringent security environments. This includes checking encrypted or signed messages. In addition to enjoying the protection of Bastion’s EAL4 evaluation for network separation, DeepSecure’s Policy Server is separately evaluated to EAL4 for the application and enforcement of policy through our ClearPoint management interface. Our content security technology can also be applied as a stand-alone package, DeepSecure Lite, in closed environments where firewall protection is provided at the network security layer or within environments having low impact levels.
Deep-Secure Chat Guard
The Deep-Secure Chat Guard controls both the establishment of XMPP chat sessions and the flow of documents and data during those sessions.
Deep-Secure Mail Guard
The Deep-Secure Mail Guard controls the flow of SMTP and/or X.400 email messages using a sophisticated Policy Enforcement and Content Checking service.
The Mail Guard is available on a number of platforms. It can exploit the EAL4 evaluated network separation technology provided by the Bastion® platform, or may run on a mainstream operating system platform in closed environments where firewall protection is provided at the network security layer or within environments having low impact levels.
It controls the flow of SMTP and/or X.400 email messages using a sophisticated Policy Enforcement and Content Checking service.
It provides a rich selection of message security functionality and content policy options, using the same policy server code as in the EAL4 evaluated DeepSecure solution.
Deep-Secure Network Management Guard
The Deep-Secure Network Management Guard controls the flow of network management traffic, carried by SNMP, between managed networks and a single management network. Leveraging the trusted and proven DeepSecure® technology platform, the Deep-Secure Network Management Guard lowers the cost of network management in sensitive systems by enforcing a highly configurable data sharing policy.
The Deep-Secure Network Management Guard allows network managers to monitor and control a number of networks without introducing any unwanted connectivity between them. The Guard is deployed on the boundary of a management network, where it interfaces to a managed network, and all network management traffic is passed through it.
The Guard checks Simple Network Management Protocol (SNMP) and Internet Control Message Protocol (ICMP) PING traffic, allowing it to pass or blocking it as policy dictates. When traffic is blocked the Deep-Secure Network Management Guard will log the event. It can also be configured to generate Traps to inform the manager of the event.
The Guard acts as a full application layer proxy for SNMP and PING. This means no protocol control information passes between the networks, reducing leakage paths and scope for attacks to propagate. The Guard is transparent to both the managed devices and the management network; hence it can be rapidly deployed without changing underlying network infrastructures.
The Deep-Secure Network Management Guard is available as a pre-installed appliance. It provides EAL4 evaluated network separation through use of Oracle’s Solaris Zones and Trusted Extensions which the underlying Bastion® platform relies upon. The Deep-Secure Network Management Guard can be remotely administered via SSH.
Deep-Secure Secure File Transfer Guard
The Deep-Secure File Transfer Guard controls the flow of documents by FTP(S) and/or SFTP between networks.
Request Information
Would you like more information regarding the products and services offered by CMI? Simply fill out the form below and a member of our team will contact you!