Centralized Security Management

The CSM Console

The most visible expression of Gateway Guardian's power and technology is in the new user interface, CSM. With a brand new visual look and layout, CSM is now cleaner, faster and has smarter organization, making it easier to get where you want to go, and do what you want to do. NetMaster has incorporated many of the qualities and characteristics of older versions of Inferno that users expect while adding advancements to benefit the expert and novice alike. Ease of use is factored into every feature and capability of CSM.

Application Framework and User Interface

CSM now ships with a complete runtime implementation of Java 2 Standard Edition (J2SE) from Sun Microsystems. CSM is built on Java's Swing architecture with a custom Liquid user interface to allow for cross platform administrative access and to create a familiar appearance of the application to the administrator regardless of where it runs. As such, most features of CSM are therefore platform independent and allow for the application to be run on popular operating systems such as Linux, Microsoft's Windows operating systems, Sun's Solaris and Apple's OSX.

In addition to this, a complete Application Programming Interface (API) allows NetMaster to expand functionality for its partners by writing new code in Java without having to extend the core application framework.

A prime example of this design is in the use of this API to develop every device and plugin currently shipping with CSM. By using the API ourselves, we ensure the greatest amount of stability and flexibility is provided in our entire code base by segmenting off the application into smaller, more defined components.

SafetyNet

Automatic updates and access to new security tools are available through NetMaster's improved SafetyNet system. As a raw 128-bit RSA encrypted SSL stream, the SafetyNet system provides a secure way to propagate new features, fixes and updates to those using the CSM tool. Customers can always keep up to date with the very latest software and firmware patches for NetMaster powered security devices, mitigating new digital threats at great savings in time and support costs. CSM delivers greater power and increased efficiency with constant updates of easier and faster ways to do things. CSM works harder so your customers dont have to.

Wizards

CSM now boosts the efficiency of creating secured access to critical networked resources with wizards that can simplify security policy creation. Wizards and templates can step a user through the entire process of setting up individual security policies to their requirements. Your customers can always get the best performance with the least effort through the intelligence built into CSM. For common firewall policies, partners can even extend the Firewall Wizard with custom templates.

Intelligence Engine

Gateway Guardian combines powerful network diagnostic utilities with custom analytical configuration tools to build an Intelligence Engine to aid in the configuration and deployment of policies on security appliances. CSM augments this by applying the engine's intelligence to the user interface to make the user experience easier and helps to minimize configuration errors when constructing policies for security appliances. From the initial auto-sensing configuration protocols that allow a user to set up a new device within minutes, to the network subnet calculation utility, CSM sets a new standard in centralized security management with unprecedented ease of use.

Device Interface

Via the CSM application framework API, direct access to the device interface is possible, allowing for new device types embedded with Gateway Guardian technology. Devices are created with an object-oriented programming framework that gives easy access to the exposed Wizards, Intelligence Engine, and other built-in utilities such as SafetyNet. With this, NetMaster can quickly design, develop and deploy new, specialized devices for our partners.

Plugin Interface

Similar to the object-oriented nature of the Device Interface, the Plugin Interface allows for the extension of new services within a device. A plugin created with this framework can acquire direct access to the intelligence of the CSM framework, including the Wizards and XML engine within a device. In this manner, NetMaster can quickly design, develop and deploy new specialized services for a device for our partners.

Monitoring Interface

CSM has a built-in SNMP manager that allows the application to quickly poll settings and statistics ranging from CPU/Memory stats and bandwidth throughput to connection tracking and traffic flow of clients. With its built in Event Trap Manager, custom SNMP Trap notifications can be designed to notify an administrator of certain signature patterns and alert on changes of the security posture of a device embedded with Gateway Guardian. The SNMP interface can also be grouped to get an overview of all the devices within CSM or within a grouping realm to provide a quick snap shot of the defensive posture of the network resources embedded with Gateway Guardian.

The monitoring interface also includes a web interface to allow for the viewing of configuration parameters, firmware updates and device statistics.

Logging Interface

The CSM architecture includes a built in syslog server that acts as a logging interface for any security devices which send remote syslog messages to a central server. This logging interface separates the device logs in a way to efficiently allow for querying of particular characteristics and provide an easy way to provide historical data forensics of events on any given security device. Provided in a flat-file format, these logs can be easily imported into a SQL server and used for more complex queries.

Currently these logs are exposed with rudimentary filtering, and will be exposed to more detailed queries and filters with Crystal Reports by the end of this year.

XML Configuration

CSM introduces an optimized implementation of an XML storage engine which provides a powerful mechanism for manipulating, enhancing and storing configuration characteristics for a security device embedded with Gateway Guardian. In larger, heterogeneous networks such as ISPs and MSPs where it may be desirable to make configuration changes via a separate interface such as a billing system or a web service, the exposed XML files allow for easy access to configuration parameters that can be manipulated with custom scripts. NetMaster can even provide assistance to partners in developing custom scripts in languages such as Perl and PHP to extend functionality outside of the CSM interface.

Resource Bundling

The CSM framework, and all interfaces, natively supports multiple languages and cultural conventions with Internationalization via localization and resource bundling. Localization is the process of adapting a program for use in a specific locale, where a locale is a geographic or political region that shares the same language and customs. Localization includes the translation of text such as GUI labels, error messages, and online help. It also includes the culture-specific formatting of data items such as monetary values, times, dates, and numbers. Through this, partners who wish to have CSM translated to other languages can do so.

Further to this, through resource bundling, it is possible for NetMaster to change the graphical appearance of many aspects of CSM to allow our partners to have their own brand and version of our product.

Secure Remote Management Communications

Secure communications from SafetyNet and to GGOS is provided through 128-bit RSA encrypted SSL streams. Through this, packages, configuration changes and requested instructions can be securely sent to the enforcement device from CSM, or can be manually applied by an experienced security technician. CSM can also use these streams to download existing configurations from devices embedded with Gateway Guardian and build, configure and manipulate settings on the local machine where CSM resides. This allows for the greatest flexibility in manipulating policies on and off of the security device quickly and efficiently.