Firewalls separate network areas with different security requirements. This includes, for example, the separation of a company network from the Internet with a perimeter firewall, but also the division of an already protected network into "production" and "administration". Many production control systems, especially IoT systems, have weaker protection than a modern office PC and must therefore be specially protected.
Modern protection concepts also provide for campus firewalls between servers and clients, which are exposed to increased risk: On the one hand, through human vulnerability(social engineering, operating errors, etc.), and on the other hand, through VPN access of mobile clients from poorly protected and external networks.
Firewall concepts must be closely interlocked with the measures for endpoint security of the individual clients. Redundancies are desirable, and security gaps should be avoided.
SerNet offers as Managed Security Service Provider (MSSP) a variety of single- and multi-level firewall systems and concepts. In addition to manufacturers such as Palo Alto Networks, Fortinet, Sophos, Barracuda and others, we also deploy specially configured systems under Linux.
The primary goal of a firewall system offered by SerNet is to be able to fend off actual attacks. But it is equally important to pass the external audit of an assessor. That is why SerNet carefully evaluates the concrete protection needs of the company in order to guarantee both sides of information security with IT security and compliance. In addition, there is comprehensive advice on data protection, i.e. for personal data.
SerNet integrates next-generation firewalls from Palo Alto Networks into both single-tier and multi-tier firewall designs.
Palo Alto Networks is a leading manufacturer of next-generation firewalls - from connecting an enterprise remote office to protecting data centers. In addition to hardware platforms, the company's offerings include VM-series virtual firewalls.
SerNet integrates next-generation firewalls of the SOPHOS brand primarily into single-tier firewall concepts outside of KRITIS facilities, where price is the main factor.
SOPHOS is broadly positioned. Its offering includes firewalls and endpoint security for Windows and Mac, which provides a quick and easy overview of the status of network security via the central cloud-based console Sophos Central
SerNet will continue to use simple packet filter firewalls, e.g. under Linux. Linux offers the unique possibility of equipping the basic protection of an infrastructure with a variety of sensors. Linux thus opens up more possibilities for administration than the web-based appliances of the manufacturers, whose interfaces are usually proprietary and cannot be changed by the customer:
- analysis of network traffic
- special DNS configurations
- individual proxy systems
- integration of many authentication systems
- free programmable e-mail filters
- integration of special third party programs
Contact us if your networks cannot be protected with standard products. We solve such tasks individually and securely according to the verifiable state of the art.