Firewall & VPN Appliance genuscreen: Protection for Data Transfer and Networks
Data exchange between multiple locations via the Internet is convenient and economical – but must be reliably protected from eavesdroppers and prying eyes. In much the same way, your network also needs to be shielded from Internet hazards.
A common requirement above and beyond this is the creation of secure zones for especially sensitive systems within large networks. We developed our Firewall & VPN Appliance genuscreen for precisely this purpose: The security solution creates strongly encrypted virtual private networks (VPNs) for data communication via public networks. These can also be used to securely transfer highly sensitive information. In addition, the high-performance genuscreen firewall strictly filters data traffic at the interfaces and only allows expressly permitted connections. All other requests are blocked without exception. The Firewall & VPN Appliance genuscreen has been officially tested for compliance with the highest security standards as evidenced by the approval for the encrypted transmission of data up to the German classification level RESTRICTED and the certification according to Common Criteria (CC) EAL 4+.
- Scalable up to installations with > 1,000 systems
- Centrally administrated: time saving, simple administration of large installations
- Strong security performance, demonstrated through regular certifications and approvals from the BSI
- Protection against data theft through backdoor-free VPN technology "Made in Germany"
- Can be used in the high-security sector through approval for classification level RESTRICTED; proven dial-up solution for restricted data
- Can be used internationally thanks to the approval for EU/NATO RESTRICTED
- Certified and centrally administrable communication solution for RESTRICTED data with clients for all requirements (genuconnect, SecurePIM app for iOS devices, ECOS Secure Boot Stick)
- Advanced update mechanism protects against attacks with quantum computers
T + 49 89 991950-902
Basic information about the stateful packet filter
High-Security Solution: Approval for the German Classification Level RESTRICTED
genuscreen can be used to create virtual private networks (VPNs) for the secure transfer of data via public networks. Your data thereby traverses the Internet over encrypted connections known as VPN tunnels. This method can also be used to securely transfer sensitive data between distributed locations, with powerful encryption techniques guaranteeing confidentiality.
The genuscreen IPsec VPN solution has the official approval of the German Federal Office for Information Security (BSI) for classification level RESTRICTED. Official public bodies, military units as well as companies that have access to classified information as suppliers can therefore use genuscreen to conveniently exchange restricted information via the Internet, with security guaranteed by the German Federal Office for Information Security. However, genuscreen is not just for companies that handle classified data: Any organization will benefit from a high-security VPN appliance approved by an independent organization. According to the new directive for classified information (Verschlusssachenanweisung), the approval includes the firewall functions in addition to the VPN.
Convenient VPN for Various Requirements
The Firewall & VPN Appliance genuscreen offers a host of practical benefits for your VPN needs: Expertly applied IPsec functions can be used to operate large networks with many users via a handful of tunnels. Fully meshed and high-performance VPNs are available with easy-to-configure settings and low maintenance and computer capacity overhead. genuscreen is also capable of SSH VPNs to easily connect different networks. Unlike other methods, the IP addresses do not need to be synchronized for secure communication between networks via SSH. genuscreen receives the data transmitted by the sender and transfers it to a remote station in the other network via SSH-VPN. Here, the data is then securely transmitted to the recipient by the second genuscreen appliance, even if the same IP addresses are used in this network as in that of the sender. You can thereby integrate customers and partners with IP addresses over which you have no control or even new corporate locations in the encrypted communication network.
Firewall Appliance at a Glance – Including Under IPv6
genuscreen takes the initiative. As a stateful packet filter, the system monitors the communication flow: If, for example, local computer A requests data from computer B in an external network, genuscreen allows the response from B pass to A. Any attempt by external computer B to establish an unsolicited network connection in computer A’s local network is rejected, however. The firewall always assesses the overall context before making a decision about the connection, thereby enabling convenient communication with high security. This, of course, also applies to your data communication under IPv6 – our solution fully implements this standard.
This level requires the submission of comprehensive documentation, the source code and extensive testing and verifies that all safety functions are correctly implemented. EAL 4+ is the highest level that can be used completely on a complex system such as a firewall. Through the certification, our customers can be assured that, with genuscreen, they are using a high-quality security solution that cannot be defeated even by skilled attackers.
SIP Module for Securing IP-Based Communication
All-IP and other developments require the broad changeover to Voice-over-IP communication, for which the Session Initiation Protocol (SIP) is of key importance. Because new technologies lead to new attack vectors, IT security must ensure completely secure operation. With the additional option of the SIP module, you receive a specialized test instance that permits data communication only if the corresponding connection has been fully analyzed and determined to be secure. The SIP module can also be used on SSL/TLS connections. Session Border Controller (SBC) functionalities prevent attacks on telephones and telephone systems and allow security guidelines to be implemented. The SIP module also ensures the interoperability of systems that, e.g., use different encryption standards, and simplifies certificate management.
Top Bridging Firewall
The Firewall & VPN Appliance genuscreen plays a strong role as bridging firewall. The solution is simply inserted in the existing IT landscape and provides protection as a stealth system for, e.g., especially sensitive systems within your network, such as the servers of the development or personnel departments. These “invisible” firewalls are implemented without changing a single IP address and are certain to pose an unexpected obstacle to attackers.
Teamwork in Clusters and Centralized Administration
We offer genuscreen in a variety of hardware models to cater to wide-ranging performance requirements. Clusters handle even greater bandwidth and availability requirements:
All models can be bundled as high-performance clusters. genuscreen is administered via its own web-based GUI. If you use several of these firewall & VPN appliances or other solutions from genua, you can manage the full range of systems via the Central Management Station genucenter. You thereby have the status of all systems in view at all times, can make changes and updates and can easily transfer them to entire areas. The result is a very high security level in the entire network with very little effort.
Post-Quantum Cryptography: genua Meets Future Security Requirements
With products from genua you can make the transition to post-quantum cryptography. Our update mechanism guarantees trustworthy product updates today and in the future: In addition to a digital signature for maximum security according to current standards, the addition of a quantum-resistant signature already provides effective protection against attacks with quantum computers.
A Safe Investment in Accordance with the BSI Recommendation
Experts assume that in a few years, quantum computers could weaken or even break the current cryptographic methods. The security of the XMSS method developed by genua in cooperation with the Technical University of Darmstadt and the Technical University of Eindhoven is well understood today. By applying this method, we meet the recommendations for future-proof software updates according to the German Federal Office for Information Security (BSI) and the National Institute of Standards and Technology (NIST).
Training Courses & Hacking Bootcamps
In intense training and hacking bootcamps, we share our knowledge of current IT risks and attack patterns, show effective reaction scenarios and provide instruction for the optimum use and administration of the genua solutions.
As a collaborative learning company, it is our mission to continuously improve and share our knowledge of IT Security with you. In our Knowledge Base we offer you articles, white papers, analyst reports, research results, videos and more in the field of IT security.