한국정보통신 로고

sub visual sub visual sub visual sub visual sub visual sub visual sub visual sub visual sub visual sub visual

Integrated Security System

제품

AhnLab TrusGuard

No.1 Partner of Integrated Security

The best Integrated Security System to protect network environment

Powerful Combination of high-performance firewall/VPN technology and high-quality security

AhnLab Trusguard is the integrated security system to provide various security features, including Firewall, IPS, VPN and Anti-Virus/Spam. Especially, it has the unique guard technology against DDos attacks. It is configured to efficiently and safely access to the internal system from outside, via IPsec/SSL VPN.
AhnLab Trusguard is equipped with diversified product lineups from low-end models like 31A, 22000 to products of data center class, and can be selectively used according to the size of the company. Trusguard 22000, designed the network security equipment of maximum 100G scale, provides the most powerful performance with the high-performance dedicated hardware based on multi-core and the own software structure optimized to it.
Feature Feature Description
Firewall * Stateful Packet Inspection method
* Black &White list Filters
* Guarantee constant and independent performance, regardless of the number of policies or sessions
* Support multiple NAT features : Static/ Dynamic NAT, Excluded NAT, NAT Traversal
* Qos based on IP/Port/ Firewall Policy (Quality of Service)
* Intuitive configuration and easy management features based on Object
* Schedule-based policy configuration (one-off, daily, weekly, monthly, yearly, specific period)
* Availability Guarantee : Active-Active, Active-Standby HA (with/without L4 switch)
* Provide various authentication methods
- ID/password-based authentication
- External certification server linkage & user authentication based on certification
* Provide various authentication methods (H.323/ SIP)
* Policy validation check feature
* Session Shaping Support
IPS * Packet flow-based detection & blocking against network attacks/malicious codes
* Signature-based Intrusion prevention : Maintenance of about 5,000~6,000s signatures
* Daily regular update support
* Behavior-based intrusion prevention
* Supported by the own specialized attack response signature (ASEC)
* Provide user-defined rules/ signatures feature
* Available for different IPS policies by network zone
* Application Control/Bot Prevention feature
* Provide ‘Zero-Day’ Attack Protection, via 3-step defense system
Anti-Virus * Detect & block file-based Virus/Malware (via the embedded AhnLab V3 engine)
* Threats: Virus, Trojan, Worm, Spyware, Adware, Phishing, Spam, Malicious site,
and etc. based on File
* E-mail Virus Outbreak Prevention (Outbreak Prevention)
* Support Protocol: HTTP, SMTP, POP3, FTP Support
* Scan Compressed File (Max 5 times) and file extensions
* Supported by around the clock monitoring & analysis & emergency response service at ASEC
* Full-time updating via CDN (Contents Delivery Network)
Anti-Spam/
Web Filtering
*Spam Mail Blocking : Scan SMTP, POP3
* Detect & block Spam with Global Anti-Spam Engine
* Detect & block Spam with RBL (Real-time Black List)
* Block Spam based on user-defined keywords (including wildcard, regular support)
* Support allow-mail List (based sending IP address / E-mail adress)
* Spam Mail storage feature : certain mail account transfer & storage
* Website filtering, malicious site DB linkage
* Harmful websites DB linkage
DDoS
Protection
* Dedicated defense engine for DDos attacks
* TCP/UDP/ICMP Flooding Prevention
* Prevent HTTP vulnerability attacks
* Prevent other attacks (Confuse TCP/UDP/ICMP Flooding Attack Prevention)
IPSec VPN * Manual Key, IKE, IKEv2 Support
* Include encryption algorithms for 3DES, AES(128.192.256), SEED and ARIA
* Include authentication algorithms for SHA 1, SHA 2(256.384.512) and HAS 160
* Hub & Spoke/ Star/ Mesh topology
* Center VPN Duplex, Branch offices multiline support
* NAT Traversal Support/ Dead Peer Detection/Replay attack Protection
* Firewall/ IPS interlocking 
SSL VPN  * Gateway - to - Client VPN
* Reinforced End-point Security Function
NAC * Interlock with management system APC of Anti-Virus Solution, V3 and control network access
- Internet Access Control for computers that have not installed APC Agent and have a guide to go to the installation page
- Network quarantine for malware-infected PC and forced remediation via APC Agent
IPv6  * IPv4/IPv6 Dual Stack Support
- IPv4/IPv6-enabled simultaneous processing
* IPv6 Networking/Routing/ Packet Filtering Support
- IPv6 Static/ Dynamic Routing
- IPv6Translation
- IPv6 Stateful Inspection-based Packet Filtering
- IPv6 Log collection & analysis 
Monitoring  * Provide real-time log data & various analysis graphs related to system/network/firewall/IPS/
Anti-Spam in Trusguard equipment
* Provide Internal/External Trusguard Manager & TrusAnalyzer
Combination of trustful Network Security Technology & Contents Security Technology
* Network Security Technology verified in over 3,000 sites and accumulated over 10 years experience
Response Know-how & DB for malignant code (Worm/Virus) accumulated for over 20 years

High Performance Maintenance
 * Stable Network Operation with the most powerful performance support based on High Performance Multi-core Platform and Architecture Design optimized to it
Suitable to High Performance Firewall/VPN Support and IPS Multiple Function Performance

Application Control(Application Control)
* Provide features of access& activity control, including more than 300 P2P/IM/Web Hard

Bot Prevention
* Provide Bot/Malware’s Internal Flow & Running Control features
Access control to sites distributing Bot/Malware, communication control with C&C Server

Enhanced VPN Network Configuration for security threat response between Headquarter-Branch offices or PC-Office
* Provide a safe communication method via public network with IPSec VPN as a basic function
* Ensure powerful malware spread prevention environment interlocking with Firewall/IPS on VPN Traffic
* Headquarter Security Reinforcement by providing IPS/Anti-Virus/Anti-MalSite features
Support flexible VPN Network Configuration with concurrent IPSec VPN & SSL VPN support

Dedicated Defense Engine for DDos Attacks
* Effectively block DDos attacks via the detection/blocking mechanism detailed by steps
TCP Flooding Attack, UDP Flooding Attack, ICMP Flooding Attack

Provide NAC features interlocking with End-point Security Solution
* Perform quarantine and forced remediation for infected computers, interlocking with the central management solution APC(AhnLab Policy Center) of V3
* Block Internet access to computers that do not install AhnLab APC Agent on use of Internet access control
* Advise to apply the patch by guiding to the page to install AhnLab APC Agent for blocked systems
Malignant traffic selective block & V3 real-time automatic update

Provide Integration Setting/Monitoring/Reporting features utilizing AhnLab TrusGuard Manager & Log Server
* Provide various features to effectively manage/control a plurality of security equipments through AhnLab TrusGuard Manager & Log Server

Emergency Response Ability via the global response organization, ASEC
* Full-time ASEC (AhnLab Security Emergency Center)’s Security Experts
* Signatures regular update 3 times a day, and Emergency Update in emergency

High-performance Network Environment Establishment
* Stably receive network traffic drastically increasing, with support of the most powerful performance in class optimized to high-performance multi-core

Securing network stability
* Possible to establish network environment free from outside security threats
Protect network resources from unknown network attacks with provision of 3-step blocking method

Complete Support for IPv6 Network Environment
 * Complete response to address resource switch with IPv6 support of level applicable to actual network

TCO(Total Cost Operation) Saving Effect
* Save cost necessary for adopting security solution for each point, such as Firewall, IPS, Anti-Virus
 Reduce difficulties of operating different security solutions & Save human resource cost

Improve Task Productivity & Network Efficiency
* Remove unnecessary traffic, such as spam blocking, P2P/Messenger Control, malignant site access control
 Network cost cuts by traffic optimized

Establish VPN Network with reinforced security threat response
* Security reinforcement of VPN traffic at the spot flowing to Headquarter via VPN
 Infected PC quarantine and remediation interlocked with V3 central management solution, APC(AhnLab Policy Center)

Between Headquarter /Branch offices Security Reinforcement
* Enhanced blocking for attacks/malignant codes flowed to Headquarter with provision of IPS/Anti-Virus/Anti-MalSite feature
For SMB/Mid-sized Firm & Branch Offices
Division TrusGuard 31A TrusGuard 50A TrusGuard 70A TrusGuard 100A TrusGuard 400A
CPU 1 Core 1 Core 2 Core 2 Core 2 Core
RAM 1GB 2GB 2GB 4GB 4GB
CF 1GB 2GB 2GB 2GB 4GB
HDD  - - - 500GB 1TB
Interface 10/100/1000
Switch x 4
10/100/1000
Base-T x 2
10/100/1000
Base-T x 6
10/100/1000
Base-T x 6
10/100/1000
Base-T x 6
10/100/1000
Base-T x 6
1G Base-X x 4
Firewall Performance
(Max)
1G 1.5G 2G 4G 6G
IPS Performance (Max) - 700M 1G 1.5G 2.5G
VPN Tunnel 1,000 1,000 2,000 5,000 10,000
Concurrent 200,000 300,000 500,000 1,000,000 2,000,000
Session

* TrusGuard 31A Model provides Firewall/IPSec VPN feature only


For Enterprise/Data Center Headquarter
Division TrusGuard
500A
TrusGuard
1000P
TrusGuard
5000
TrusGuard
10000P
TrusGuard
22000
CPU 4 Core 6 Core 8 Core 12 Core 16 Core
RAM 8GB 8GB 16GB 16GB 24GB
CF 4GB 2GB 4GB 2GB 4GB
HDD 1TB 2TB 2TB 2TB 2TB
Interface(Basic)       10/100/1000
Base-T x 6
1G Base-X x 6     
10/100/1000
Base-T x 6
1G Base-X x 8     
10/100/1000
Base-T x 10
1G Base-X x 4
10G Base-X x
10/100/1000
Base-T x 14
1G Base-X x 8
10G Base-X x
10/100/1000
Base-T x 10
1G Base-X x 4
10G Base-X x 4
(10G x 2 port card 2)
Interface(Option)        - Exchange with existing cards
(provide up to 2 slots)
10/100/1000
Base-T x 8  
Exchange with existing cards
(provide up to 3 slots)
1G Base-X x 8
10G Base-X x 2
10G Base-X x 4 
Exchange with existing cards
(provide up to 3 slots)
10G Base-X x 2
10G Base-X x 4  
install additional cards
(provide up to 7 slots)
1G Base-X x 8
10G Base-X x 2
10G Base-X x 4  
Firewall Performance 8G 12G 30G 50G 100G
(Max)
IPS performance (Max) 3G 5G 10G 20G 20G
VPN Tunnel 12,000 20,000 20,000 40,000 40,000

한국정보시스템 로고

22, Gukhoe-daero 70-gil, Yeongdeungpo-gu, Seoul(150-871 Geumgang Bldg. 8F, Yeouido-gu)  TEL : +82-2-2162-1000  FAX : +82-2-2162-1009
Branch Address : 66,210 Dunsanjung-ro, Seo-gu, Daejeon  Branch Tel : +82-42-485-0788  Branch Fax : +82-42-485-0784
www.kis.co.kr  CEO : Won Bae Jeon   Main Businessman registered number: 107-88-02893  Branch Businessman registered number : 314-85-51763
Copyright (C) 2014 KIS All Right Reserved.