IPCopper USC8032: Smart Firewall Features

With its combination of high-speed real-time packet processing, full packet capture and storage, and sophisticated rule sets with up to 10,000 rules, virtual data “buckets,” scheduling features, dynamic triggers and automated actions, the USC8032 presents itself as a nimble, high-performance networking device for smart firewalling and monitoring of your network. Unlike traditional firewalls, the USC8032 makes it possible to retain copies of both allowed and blocked packets separately, data that becomes invaluable when investigating network incidents and forensically reconstructing security events, such as breaches.

The USC8032’s smart firewall features include:

• Scheduling of alternate rule sets
• Retention of blocked packets (either headers or in full)
• Automated triggers and chained actions to send alerts, toggle rule sets and initiate packet recording (either headers or in full)
• Forensic packet capture
• Keyword signature detection
• Variable firewall rules for different network devices or applications

With the USC8032’s versatile structure of triggers and actions, it is possible to build a dynamically reactive firewall by switching to a different and/or more restrictive rule set based on a pre-set schedule. For example, alternate rule sets may be applied during office hours versus weekends and after hours, reflecting the lesser need for access to sensitive business systems when fewer or no personnel are present in the office. Admins can likewise automate triggered toggling between rule sets based on pre-defined parameters, allowing the implementation of a network lockdown or similarly restrictive access rules in the event of a network emergency.

The USC8032’s smart firewall features also include the ability to set automated notifications of network events, which may range from alerting for the appearance of a packet matching a certain description to a rise in the number or frequency of blocked packets to more sophisticated models of network conditions. With these alerts, admins can stay up to date with any troubling network events, making it possible to react at the first sign of trouble in the stream of packets.

The USC8032 supports both “allow all and block” and “block all and allow” firewall rule strategies. In the first case you start off with a rule that allows all packets and then add additional rules to identify the unwanted packets, while in the second case you first block all packets and then create separate rules to carve out the exceptions. Packets may be identified both by parameters such as IP address (source and destination), MAC address (source and destination), VLAN, VLAN2, port (source and destination), protocol and packet size and by the presence of a specified keyword / signature in the packet payload.

It is also possible to implement general packet block/allow rules for the whole network, and then create a subset of more or less restrictive rules for specific devices or applications. To do this you would create a virtual bucket and populate it with rules to identify the exceptions to the general network’s firewall rules and apply them to the MAC address or network IP address of the device(s) or app(s) for which you need differing firewall parameters.

Post-incident and as new threats emerge and evolve, more rule set combinations may be created to track them and contain them. With high-speed packet processing and up to ten thousand possible rules, the USC8032 can monitor a large number of threats at multigigabit speeds (please see the USC8032’s benchmark test results for more performance information).

Questions? Please feel free to contact us for more information about the USC8032.