D-Link today announced the release of an Information Security Gateway, a new type of network security device designed to let the small to medium-sized enterprise (SME) effectively adapt to the rapid proliferation of instant messages (IM), peer-to-peer (P2P) and other streaming media applications which would consume most of bandwidth ( Internet Radio and Streaming Video) at the workplace environment. Code-named the DFL-M510, this D-Link device lets company employees enjoy the benefit of these applications at work while allowing businesses to manage their use to control their bandwidth consumption, prevent misuse of company resources and shield enterprises from security risks.
As businesses are almost universally connected to the Internet, IM applications such as MSN and Yahoo Messenger have become increasingly popular tools for real-time multi-party communication. Information search on the web and VoIP calls are among other examples of employees use of the Internet that involves extensive employment of IM and P2P applications. While these applications can bring benefits to businesses, misuse of resources can result, and company information and internal network become more exposed to risks.
To address this problem, most businesses today resort to firewalls to control Internet access and network traffic. Unfortunately, IM/P2P traffic is hard to detect, as it has learned to hide itself in the normal traffic, which is permitted by most company networks. That brings the headache to nowadays business networks cause their firewalls can!|t recognize those traffic . Firewalls, for example, typically look at specific TCP/UDP ports to determine the nature of the traffic. As a result, network administrators have no effective way to control and manage the flow of IM and P2P data, because their firewalls are unable to find out what is really hidden in the normal traffic.
The D-Link Information Security Gateway, on the other hand, examines the packet payloads to check for IM/P2P traffic, as such data can be more easily detected by looking at their patterns. Embedded with hundreds of varying patterns, the D-Link device can verify and manage most IM/P2P data found on the network today. D-Link said since they constantly upgrade their device with the newest patterns, it is capable of supporting all the latest versions of IM and P2P applications.
An optimal solution would be for enterprises to deploy in the same networks separate security devices with distinctive functions, each concentrating on its own specific task. Such implementation may best address two relating issues, namely the complete management of IM/P2P traffic and the maintenance of an acceptable level of network performance.
D-Link said their device is uniquely positioned to allow the small to medium-sized enterprise (SME), say, of about 150 on-line users, to manage IM/P2P applications. And they want to make a distinction between their device and a firewall. Some firewalls claim that they also could handle IM/P2P traffic, supporting far fewer IM/P2P applications, and tend to block users!| Internet traffic rather than allow an administrator to manage and control such flow. This "block all" policy can lead to a complete prohibition of IM/P2P usage, and companies stand to lose more than to gain from such policy.
Furthermore, the throughput of this kind of firewalls can drop dramatically when their IM/P2P checking function is enabled. This performance degradation is inevitable because these firewalls would have to look at the payload of every packet for specific pattern while executing other security tasks, consequently straining their CPU's resources. By supplementing the network with a device dedicated to IM/P2P management, overall network performance can be sustained. The D-Link device, with intensive use of advanced in-house Layer 7 ASIC chips, is specifically designed for hardware-based packet inspection that does not pose any bottleneck to the device's CPU.
The D-Link device enables an administrator to preset policies to selectively allow or disallow certain activities according to time and day, and locations. For example, instant messages can be allowed in the morning while file transfers are prohibited in the late afternoon when the company network traffic is normally heavy. Or, eMule, eDonkey and BT applications can be disallowed in a company network, because they typically consume scarce WAN bandwidth. In addition to the IM/P2P application management function, the D-Link device also provides a "Health Check" feature that permits an SME to detect malicious traffic, such as Trojan and Network Worms, which may inadvertently come from the internal network.
The D-Link device integrates easily with all industry-standard network infrastructures, including third-party devices. It can be installed in the "in-line" mode, that is to say, directly behind a firewall or DSL modem/router, without causing any change to the existing network architecture. It also implements a hardware bypass function that avoids single points of failure and maximizes network connection in the advent event of hardware crash.
About D-Link
D-Link is the global leader in connectivity for small, medium and large enterprise business networking. The Company is an award winning designer, developer, and manufacturer of networking, broadband, digital electronics, voice and data communications solutions for the digital home, Small Office/Home Office (SOHO), Small to Medium Business (SMB), and workgroup to enterprise environments. With millions of networking and connectivity products manufactured and shipped, D-Link is a dominant market participant and price/performance leader in the networking and communications market. D-Link has its headquarters at No. 289, Xinhu 3rd Road, Neihu, Taipei, Taiwan, Telephone 886-2-6600-0123, Fax 886-2-6600-9898, Internet dlink.com.tw.
|