PrivaWall
PrivaWallTM: Hi-end e-mail security server with an easy to use rule-based encryption/decryption options, symmetric and PKI key book management and built-in Content Filtering and anti-virus protection.
English
Supported Technologies
Windows XP/2000/NT
Click on a technology to view similar products within this category.
Pricing
Users (# of seats), Server
sales@aliroo.com
972-9-7677732
Additional Product Information
E-MAIL SECURITY AND PRIVAWALL, 1. INTRODUCTION, Many organizations develop security policies and procedures to ensure that communication of sensitive business information is adequately protected. E-mail encryption is rapidly being recognized as an essential measure needed to augment firewall protection and access control., Data encryption is a traditional means used to protect the privacy of information. Many products are available to perform data encryption at the desktop. The biggest drawback of these products relates to the security policy of the organization. While a security policy can be established which mandates the use of e-mail encryption, it is impractical to enforce such a policy using simple desktop encryption., 2. PRIVAWALL OVERVIEW, PrivaWall is an e-mail security server that automatically applies rule-based encryption to any e-mail or attached files sent by the organization, operating in a Windows NT Server environment. , The PrivaWall Server operates in conjunction with an Enterprise Firewall and an E-mail Server. When operating with PrivaWall, the Firewall is configured to redirect SMTP traffic to PrivaWall. PrivaWall enforces email security policy by applying encryption rules stored in the PrivaWall Rule Base to the email traffic. The PrivaWall system comprises three major subsystems as follows:, 2.1 PrivaWall Policy Enforcement, This function manages policy enforcement decisions in real time for each email message routed from the Firewall. Policy enforcement decisions are made using rules stored in the PrivaWall Rule Base. These rules specify the actions to be taken on the messages. SMTP traffic can be caught according to recipient and or sender e-mail address rules. Actions which may be taken include encrypt, fail, disregard etc., 2.2 PrivaWall Security Administration, This is a set of administrative tools accessible through the PrivaWall Rule Manager used to configure and manage the PrivaWall system. The administration functions fall into three major groups including:, The policy management functions within the PrivaWall Rule Manager are performed using the graphical Policy Editor for managing the PrivaWall rule base. The policy checker identifies any inconsistency by rule number allowing the administrator to easily correct problems in the policy. The Rule Manager also incorporates an E-mail Simulator to support testing of a new rule. The PrivaWall Key Management is handled using three functions within the PrivaWall Rule Manager, namely: the Certificates management function, the LDAP Servers function and the PrivaWall Keybook Manager. For systems requiring higher security, the Keybook Manager supports smart card keybooks in order to avoid storing keys on the computer., 2.2 PrivaWall Security Administration (continued) , PrivaWall User Management supports administration of e-mail. The E-mail Addresses function allows for adding, editing, and importing of user E-mail addresses. The User Groups function allows the administrator to define groups of users to which specific PrivaWall rules can be applied within PrivaWall policies. The Rule Manager User Management function and the PrivaWall License Manager provide tools to manage PrivaWall user licenses and to prioritize e-mail security processing., 2.3 PrivaWall Monitoring, The Log Viewer supports viewing of PrivaWall log messages either historically or as they are being generated. The CVP Server Status module provides real-time status of the FireWall-1 CVP (Content Vectoring Protocol) server or SMTP server including transmission rates and current message processing statistics., 3 PRIVAWALL FEATURES, 3.1 Rule-Based Policy Enforcement, The enterprise may selectively determine levels of encryption, keys or certificates as well as routing to be used for any sender, recipient, subject matter or attachment., Rules can be added, edited and deleted independently of each other., Any list of clients can be served by the system - PrivaWall does not have to be a total system in the organization., The privacy of users in their personal or private correspondence can be respected., The policy can check itself automatically for logical errors., In contrast to the flexibility of the rule base, the policy, once defined and proofed can be tightly enforced within the organization., 3.2 S/MIME Protocol Security, PrivaWall can use the practical standard protocol of S/MIME encryption making the message readable by most Email servers and clients. Most Email servers and email clients can automatically decrypt S/MIME thus creating a fully automatic yet secure path from sending to receiving client., One can choose between the automatic S/MIME encryption and the end-to-end strong content encryption , 3.3 Cryptographic Engines and Key Lengths, PrivaWall offers the choice between symmetric (shared secret key) and asymmetric (public/private key) encryption engines Symmetric engines are more economic in message length and require less intensive computation than public/private algorithms of equal strength. Since symmetric key schemes require sharing of a secret, they are most useful in situations where a trusted relationship already exists between sender and recipient (e.g. internal organization mail). Symmetric keys can also be more efficient when there are , 3.3 Cryptographic Engines and Key Lengths (continued), multiple recipients. Public/private keys are useful in situations where either a trusted relationship does not exist between two parties or the relationship is such that securely managing a shared secret key is impractical. PrivaWall encrypts automatically to recipients email with each recipient's public key. , PrivaWall offers a variety of encryption engines and a range of possible key lengths, from the internationally allowable 40 bit key through Triple-DES, 192 bit key and RSA 1024 bit key. If you are using PrivaWall outside of the USA or Canada, please make sure you know the legal key length according to local regulations., 3.4 SMTP Compatibility, PrivaWall is designed to support SMTP (Simple Mail Transfer Protocol) and is compatible with SMTP Mail Servers. , 3.5 PrivaSuite Client Support, PrivaWall is fully compatible with Aliroo's PrivaSuite (desktop-based document encryption software). Documents can be encrypted in PrivaWall and decrypted in PrivaSuite. The PrivaSuite methods of encryption which are implemented in PrivaWall include:, ?h The ability to encrypt the body text and leave the attachments "clear"., ?h The ability to leave the body text "clear" and encrypt the attachments (for easy key-word search when the body is an administrative notice and the real information is in the attachments)., ?h The ability to recognize a partially encrypted message and pass it without further encryption., ?h The ability to over-encrypt a message that has been partially or fully encrypted by an employee with a formal engine and formal key of the organization., ?h The ability to encrypt with a symmetric engine., ?h The ability to encrypt with a public/private engine., ?h The ability to add a key-clue to the encrypted message in order to randomize the keys for higher security., Compatibility between PrivaWall and PrivaSuite allows for a large variety of security scenarios , 3.6 Firewall Compatibility, PrivaWall is designed to support the FireWall-1 system of Check Point. The firewall recognizes information packets that belong to SMTP messages and directs them to PrivaWall. PrivaWall parses the messages, compares the messages to the policy and modifies the messages according to the rules. The messages are then converted back to SMTP format and returned to the firewall where they are directed to the Email server., 3.7 Encryption Rule Management, A key feature of PrivaWall is encryption rule management is the IF or Condition part and the THEN or Action part, The "if" part specifies the condition for which a rule applies. The "then" part specifies the action to be taken with the message if the rule applies. The actions which may be taken are divided into two groups namely, main actions and secondary actions., The main action can be one of the following: Hands Off, Fail Message to All, Fail Message to Caught Recipient, Encrypt and No Main Action. The secondary actions are Log, Archive and Add a Note. The detailed meaning of each is explained in the following chapters., With regard to each action the rules are applied based on an assigned priority from highest to low. They are evaluated using ternary logic resulting in a value of either "yes", "no" or "pass". "Pass" means that the decision on the action is delegated to the next rule in order of priority. This structure guarantees that PrivaWall always resolves conflicts between rules in a predictable and consistent way., 3.8 Keybook Management, PrivaWall has two alternative key management strategies: , 1. A built in symmetric keybook system common to PrivaWall and PrivaSuite;, 2. Standard S/MIME encryption protocol that applies the recipient"s certificates as a source for the encryption keys., The encryption keys used by PrivaWall can either be specified directly (by pointing at a specific key in a specific keybook) or specified indirectly (by asking the keybook manager to find the best key for the given group recipients). , The keybook management of PrivaWall enables the security administrator to securely create, allocate, update, qualify and distribute symmetric keys to the clients throughout the organization and to correspondents outside the organization., The keybook can be viewed as a key database which stores the following fields for each key:, Key Description, Key Value, Key clue, Encryption Engine, and Email Address., 3.9 Service Monitoring, PrivaWall creates a detailed log file of its important actions. By using off-line functions the administrator can review the actions previously taken by PrivaWall to determine whether the system needs tuning. By using on-line functions the administrator can take immediate action on log messages that require intervention. The administrator may also update Keybooks and Email Address of the recipient with an existing key, or instruct the sender to go through the proper procedure of creating a new key. , The Log Viewer can be used in remote locations with log messages transmitted from PrivaWall as standard email messages. The Log Viewer can also be used to monitor multiple copies of PrivaWall., 3.10 E-Mail Simulation, PrivaWall includes a simulation tool used for policy verification. Using this tool, Email messages can be simulated and "sent" to the system. The outcome of the simulated message is displayed allowing the administrator to confirm the system behaves as expected., The administrator can save simulated messages and try them again whenever a keybook or a policy is significantly changed. For example:, ?h How a message is encrypted by the system., ?h How a message is split into several messages when there is no common key to all recipients., ?h How a message is split differently for "maximum security" and for "minimum load"., ?h How notes are added to the message., ?h How messages are failed and the sender is notified when there is no proper key for encryption., The simulator can be used both in demonstration mode (PrivaWall running on a client computer) and in operational mode (PrivaWall running on a server). , 3.11 Archiving, PrivaWall includes an Email archive system. It is often important that an organization maintains an official central archive of important Emails that may be needed for business, legal or historical purposes. The comprehensive rule base can be used to determine if a message should be archived., The archive is represented by an IP address. The messages are sent to the archive as Email messages, encrypted prior to archival and specification of the engine and keys which will be used., 4 COMPANION PRIVASUITE CLIENT SOFTWARE, PrivaSuite is a desktop encryption product used to encrypt e-mail, files and faxes using the same key management scheme as PrivaWall. PrivaSuite is a built-in component of PrivaWall and is used to decrypt messages at the client workstation computer and to encrypt messages at the desktop when writer-to-reader security is required., PrivaSuite is available as a decryption-only client free of charge. An organization running PrivaWall can freely distribute copies of the decryption-only software version to any of its external corespondents to be used to decrypt messages that are encrypted by PrivaWall.