tiny

TINY FIREWALL MANAGEMENT SERVER

Whether you are a corporate security administrator or a service provider Tiny Firewall 5.0 Management Server will provide you with the state of the art management capabilities.

Built o­n the Enterprise Java Beans (J2EE) technology TFMS provides robust and extendible platform for firewall management.

Please visit TFMS Resource Page for more information.

Winpro features

Remote Administration
WinRoute Administration provides the configuration and settings needed on the WinRoute Engine. WinRoute Administration is a separate application (wradmin.exe) that may be activated from any computer with a TCP/IP connection to the computer running the WinRoute Engine. Access to the Engine is secured by strong encryption and password protection.

Logging
WinRoute provides an administrator with ultimate control over the traffic flowing through the computer it is running on. The Administrator may benefit from analyzing the flow of TCP, UDP, ICMP, ARP packets, DNS requests, driver information and more. All operations include the Time Stamp feature.

NAT Router
WinRoute includes the best implementation of NAT technology available today. It is designed to provide users with the ultimate in routing capability and network protection. The NAT driver, written exclusively for WinRoute, offers a security solution comparable to more expensive products at substantially less cost.

Advanced NAT
The advanced routing features of WinRoute’s NAT allows for the easy integration of a LAN into the corporate WAN while keeping the option available for separate Internet access.

Hosting Servers Behind WinRoute
Port Mapping technology allows users to decide how they want to divert IP packets passing through any interface operated by WinRoute. With WinRoute, users can set packets coming to a specific port to be forwarded to a specific internal computer. This allows them to run a web server or mail server, VPN server or other services securely behind the firewall.

Firewall Security
WinRoute gives users a comparable level of firewall capability found in far more expensive solutions through a combination of its NAT architecture and the ability to operate on a low level. This allows WinRoute to capture both incoming and outgoing packets, which makes it unbreakable. Anti-spoofing is an add-on to WinRoute’s packet filtering for futher protection of the LAN against attacks where the intruder falsifies source IP addresses.

Simple Network Configuration
A DHCP server and DNS forwarder are included in WinRoute Pro to simplify network administration so that no client side configuration is required. WinRoute’s DHCP server may easily replace the DHCP server included in Windows NT.

Mail Server
WinRoute’s Mail server, complete with SMTP/POP3 compatibility, virtually unlimited aliasing opportunities and automatic mail sorting, is extremely versatile. Users can have one or more email addresses and can effectively work in groups (i.e. sales, support, etc.) and each group can be assigned to more users. All these features are available regardless of the type of Internet connection being used.

HTTP Cache
WinRoute’s architecture includes an innovative Cache engine. Unlike proxy servers with caching functionality, WinRoute’s cache stores passing data in one file of pre-defined length; instead of using a simple file for each object. This significantly saves the disc space occupied by the cache, especially in FAT16 environments (mostly Windows 95).

manual v4.0 r313.htm

Sending Email to the Internet

You may use WinRoute as your SMTP server for outgoing mail. WinRoute uses relay SMTP server of your ISP to send email out instead of using MX records. In other words – all outgoing email will be sent through the other mail server that you enter (usually the Mail Server of your ISP). The same rules may be applied to your email clients – WinRoute Mail Server may be their relay SMTP server.

To set the relay SMTP server for outgoing mail:

  • Go to menu Settings=>Mail Server
  • Enter the outgoing mail server of your ISP into Relay SMTP Server field

Authentication

Some ISPs do authentication of email coming through in order to avoid spamming. Then you have to provide your ISP with sufficient information.

1. Go to Mail Server->Advanced tab window

2. Enter desired host name into the Internet host name field. Usually this is the name of the computer connected to the Internet, e.g. host.isp.com.

VPN

VIRTUAL PRIVATE NETWORKING

WinRoute Pro 4.1 supports IPSEC in so called “Tunnel mode”. The “Tunnel mode” should support any IPSEC client that will allow for the transport IP address to be changed. IPSec is security encryption protocol used for secure communication between two computers.

Amazingly, it is possible to connect the local network that uses NAT to a remote network using WinRoute Pro and Novell BorderManager VPN Client. This configuration allows any computer on the local network to access the resources on the remote network when the VPN tunnel has been established on the router computer. No remote network configuration is required. This is made possible by the architecture of the WinRoute Pro. Because it works on the IPSEC level, address translation occurs before the packet is routed to the virtual network adapter. Therefore the packets sent to the VPN server have the real source IP address. On the way back the packets received from virtual network adapter pass through the address translation layer and are routed to the correct computer on the local network.

WinRoute allows a very cost effective way of creating your own WAN between branch offices connected to the Internet via PPTP.

CMDS Samples

As each node pulls the users security profile from the Central Command Server, the node continues to report all activity being performed. The DSE can be installed on other servers within the LAN to allow for reporting of all activity and access to those servers.

CMDS features

Architecture
CMDS technology is a new approach to network security. Traditional firewalls reside on a gateway computer where all traffic must pass through a central point so it can be monitored and filtered.

In large, high traffic networks, more of a burden is placed on the gateway, especially if proxy technology is used because the gateway is required to perform additional filtering up to the application layer of the Open Systems Interconnection model.

Tiny Software has taken firewall technology to the next step by distributing NDIS and TDI level security across the entire network. A Desktop Security Engine (DSE) is represented as a node and is placed on every machine in the network. Each DSE contains a particular security policy, which it receives from a central command server that maintains an active database of all security profiles.

The beauty of CMDS technology is that it compliments the existing network firewall. Network traffic is reduced to permitted data flows so the existing network firewall handles less responsibility.

Through this kind of distributed firewall system CMDS technology is able to incorporate the following key features:

Multi-layer security protection (NDIS & TDI)
Since the DSE resides on each computer in the network, it communicates directly with the operating system and negotiates what applications are even allowed to transmit and/or receive data.

MD5 Signature Support
As the DSE mandates what applications can bind for communication, it can also check for an MD5 digital signature for permitted applications. This ensures that Trojan horse applications cannot gain access by using the name of a permitted application.

Stateful filtering based on SRC/DST IP address, port & application :
The DSE maintains a record of all sent packets and can therefore compare incoming packets to the record table to determine if they were requested. Additionally, the DSE can restrict applications to certain ports or destination IP addresses.

Remote access to logs and statistics
The DSE contains a separate statistic view that displays all active sessions and includes the status, port, remote IP, application or service and the time associated with each session. Logs may be viewed from the statistics view or sent directly to a syslog server for analysis and reporting.

Suspicious activity monitoring and Intrusion detection :
The Tiny DSE contains a highly configurable reporting mechanism that can report specific intrusion attempts, or any other type of communication deemed suspicious, to a syslog server or to the CMDS server through an SSL connection.

Centralized network policy management
Each DSE can be configured remotely through a secured administration console or, for simplicity, may receive a predefined profile directly from the CMDS server through an SSL connection. This means that the CMDS server can dictate security across the Internet to authenticate mobile users to ensure that corporate data taken outside the network remains secured.

Download

Download Center

Try a fully-functional WinRoute Pro or WinRoute Lite.
(English) Build 24 Dec. 1, 2000
(1.2MB including help file with pictures), Win 9x, ME, 2000 & NT.
WinRoute Pro meets ICSA firewall certification criteria !
Download Now !
(English) Build 24 (full version) Dec. 1, 2000
(490K), Win 9x, ME, 2000 & NT.
Internet sharing for home and small office size networks with basic requirements for fast connectivity.
Download Now !
(English) Build 8 Jan. 29, 2001 (1333KB), Win 9x, ME, 2000 & NT.
Represents smart, easy-to-use personal security technology that fully protects personal computers against hackers. Built on ICSA certified security technology, it is also an integral part in Tiny Software’s new Centrally Managed Desktop Security (CMDS) system selected by the US Air Force for its approximately 500,000 desktop computers.
Download Now ! FREE for home users. Business and institutional customers are encouraged to download this software for evaluation purposes. Click here for pricing information

NOTE
WinRoute, when expired, blocks IP traffic if running. You need to stop WinRoute after expiration. When you purchase the license, you do NOT need to install the software again. Simply enter the license number into WinRoute and it will automatically lift the 30-day restriction. All configuration settings will remain.
Un-installation is NOT necessary!

UPDATE
We strongly recommend installing the latest copy of WinRoute from our download site as we post improvements including new protocols and minor features (BUILDS) continuously. Customers might want to periodically check for newer “builds” and installing them on top of old ones. All configuration setting will remain.

Try Before You Buy!
Tiny Software offers a 30 day trial of its products in the hopes that all customers will evaluate the software before making a purchasing decision. For this reason, we maintain a strict no-refund policy.

pwall

Tiny Personal Firewall represents smart, easy-to-use personal security technology that fully protects personal computers against hackers. Built on ICSA-certified security technology, it is also an integral part of The Tiny Software Centrally Managed Desktop Security (CMDS) system selected by the US Air Force for its approximately 500,000 desktop computers.

Available FREE for home use. Business and institutional customers are encouraged to download this software for evaluation purposes.
Click here for pricing information

NOTE: Tiny Personal Firewall will not function properly if it is installed on a computer using WinRoute or Microsoft Internet Connection Sharing.

Read what our CNET users have to say!

Compatible with Windows® 9x, ME, 2000 and NT4.0.

 

CMDS

CMDS is a revolutionary technology solution that simply adds a low level firewall, called the Desktop Security Engine (DSE), to each client computer, called nodes, within a given network. It is this simple integration of the DSE that enables the CMDS to come alive. By deploying CMDS, each node running DSE reports all activity to a Central Command Center Server. It is within this Central Command Server that user authentication and intrusion detection features of CMDS are administered and executed.

In addition to the DSE on the node, there is an Administration Utility. Also invisible to the user, the Administration Utility allows for the network administrator to remotely manage the DSE residing on that node. Both the DSE and Administration Utility are package together in a small application. This application, consisting of its two components, performs bi-directional network traffic monitoring and access control. This application is a version of Tiny Personal Firewall version 2 catered for this system

More Details

Managed Security

C M D S

CMDS is a revolutionary technology solution that simply adds a low level firewall, called the Desktop Security Engine (DSE), to each client computer, called nodes, within a given network. It is this simple integration of the DSE that enables the CMDS to come alive. By deploying CMDS, each node running DSE reports all activity to a Central Command Center Server. It is within this Central Command Server that user authentication and intrusion detection features of CMDS are administered and executed.

Firewalls, such as WinRoute Pro, provide security to a private LAN. CMDS takes this security to new heights by complimenting the currently installed firewall base and moving the security opportunities towards each node within the LAN.

At a bird’s-eye-glance, CMDS is a very simple architecture to understand. Within a LAN, there are numerous client workstations that are centrally connected to systems such as file servers, mail servers, and most importantly, the Internet. The clients are all protected from the outside world by a firewall at the gateway entrance from the Internet. They are not however protected from one another.

CMDS gives network administrators the ability to not only provide intrusion detection within the network between nodes and servers, but provides detailed logging for productivity analysis occurring on the node. By having the DSE on each node reporting to the Central Command Server, all actions occurring in relation to the user profile logged on that node is collected for proper usage in evaluating the user’s productivity and intent within the network. All reporting software on the node is entirely invisible to the end user of the node.

In addition to the DSE on the node, there is a Desktop Administration Utility (DAU). Also invisible to the user, the DAU allows for the network administrator to remotely manage the DSE residing on that node. Both the DSE and DAU are package together in a small application called the Desktop Security Agent (DSA). The DSA, consisting of its two components, performs bi-directional network traffic monitoring and access control. DSA is a version of Tiny Personal Firewall Version 2 catered for this system.

How Does It Work?

When an end user logs onto a node within the network, they activate their personal security profile. As the user proceeds to perform certain actions on that node, all action requests are sent to the Central Command Server that authenticates the request according to the personal security profile. For example, Tom will try to access files from the Accounting Server. Since Tom’s personal security profile does not include rights to this server, he will be denied and according to the configuration desires of the network administrator, the following may occur: An alert will be sent to the administrator or Tom’s supervisor, or maybe Tom’s node will immediately log him off and he will be unable to log back on until the administrator gives him that right. Another example will be the Internet access of certain web sites or just in-depth logging of all Tom’s network and Internet ventures.

The CMDS system allows for several reporting features in the Central Command Server to be activated per profile/node. These include: URL, File, Network Traffic, Email, Log-in/out and Productivity.

Good For Nodes, What About Servers?

CMDS is not only designed to report from the node installation within the network, but the server level as well. With slight modifications to the Desktop Security Agent, the servers within a network will contain an alternative application called the Server Security Agent, or SSA, and report to the Central Command Server all of its executed actions and will have server level security profiles.

Tiny Software is actively pursuing CMDS with is introduction of Tiny Personal Firewall version 2 with Remote Administration. Together with its industry partners, Tiny Software is extending network security to within.