CMDS technology is a new approach to network security. Traditional firewalls reside on a gateway computer where all traffic must pass through a central point so it can be monitored and filtered.
In large, high traffic networks, more of a burden is placed on the gateway, especially if proxy technology is used because the gateway is required to perform additional filtering up to the application layer of the Open Systems Interconnection model.
Tiny Software has taken firewall technology to the next step by distributing NDIS and TDI level security across the entire network. A Desktop Security Engine (DSE) is represented as a node and is placed on every machine in the network. Each DSE contains a particular security policy, which it receives from a central command server that maintains an active database of all security profiles.
The beauty of CMDS technology is that it compliments the existing network firewall. Network traffic is reduced to permitted data flows so the existing network firewall handles less responsibility.
Through this kind of distributed firewall system CMDS technology is able to incorporate the following key features:
Multi-layer security protection (NDIS & TDI)
Since the DSE resides on each computer in the network, it communicates directly with the operating system and negotiates what applications are even allowed to transmit and/or receive data.
MD5 Signature Support
As the DSE mandates what applications can bind for communication, it can also check for an MD5 digital signature for permitted applications. This ensures that Trojan horse applications cannot gain access by using the name of a permitted application.
Stateful filtering based on SRC/DST IP address, port & application :
The DSE maintains a record of all sent packets and can therefore compare incoming packets to the record table to determine if they were requested. Additionally, the DSE can restrict applications to certain ports or destination IP addresses.
Remote access to logs and statistics
The DSE contains a separate statistic view that displays all active sessions and includes the status, port, remote IP, application or service and the time associated with each session. Logs may be viewed from the statistics view or sent directly to a syslog server for analysis and reporting.
Suspicious activity monitoring and Intrusion detection :
The Tiny DSE contains a highly configurable reporting mechanism that can report specific intrusion attempts, or any other type of communication deemed suspicious, to a syslog server or to the CMDS server through an SSL connection.
Centralized network policy management
Each DSE can be configured remotely through a secured administration console or, for simplicity, may receive a predefined profile directly from the CMDS server through an SSL connection. This means that the CMDS server can dictate security across the Internet to authenticate mobile users to ensure that corporate data taken outside the network remains secured.