1. How vulnerable am I to intruders?

Because the Internet is an open system, every unprotected computer attached to the Internet is vulnerable to attacks, viruses, unauthorized scans and intrusions. The best way to minimize the risk of attack is to proactively deploy an effective security architecture.

2. When an attack occurs, what is your response time?

Immediately - Our selected tools were chosen for their ability to immediately block attacks. Our Security Operations Center (SOC) engineers are able to back-trace attackers of events as they occur in real-time. Our SOC personnel receive detailed event information within 0-10 minutes depending on Internet and network latency. Alert signals are characterized into one of three (3) threat levels based on severity. Level 2 and 3 threats are elevated for immediate action based on the customer's Service Level Agreement (SLA). Our Security Operations Center analysts initiate a stipulated escalation and event-mitigation procedure, leading to joint resolution with the clients designated personnel. The resolution process is managed through the use of our continuous customer contact management strategy, which gives our SOC analysts and your IT security personnel a contemporaneous update of event and mitigation efforts in real-time.

3. I already have a firewall. What more can you offer me?

Our expert security operations center personnel interpret alerts and events, and work with your personnel to ensure your system is not compromised. In October 2000, Microsoft discovered that an attacker had penetrated its corporate network weeks before, and might have viewed or even altered the source code for some of their products. Administrators discovered this breach when they noticed twenty new accounts being created on a server. Then they went back through their network's audit logs and pieced together how the attacker got in and what he did. If someone had been monitoring those audit logs--automatically generated by the firewalls, servers, routers, etc.--in real time, the attacker could have been detected and repelled at the point of entry.

A firewall is like the fence around a schoolyard, protecting the network. It has gates or ports that are open to allow valid traffic into the network. These ports are the means by which unauthorized access can occur. Mana Security offers a complete and comprehensive suite of security products designed to protect your network behind the firewall, including firewall management, anti-virus, intrusion detection and web content/e-mail filtering. Similar to a home security service, we back our security solution with 24x7x365 monitoring of traffic through and within your network. Our expert security operations center personnel interpret alerts and events, and work with your personnel to ensure your system is not compromised.

4. What platforms does your service support?

We provide security products that currently support for Microsoft Windows 2000, Windows NT, Windows 98, and Windows 95. Our security products also support UNIX and Linux platforms. We also have Sentry units that can be installed on any segment of your Ethernet network.

5. Why can't I just buy the products myself? Why do I need you?

You can buy the security appliances and value-added services (like anti-virus and content filtering) on your own. However, the advantage of using Mana Security’s services is that we spend significant time choosing products based on their effectiveness, integrating those products into your network that can be managed or monitored in real-time, and negotiating with our suppliers to ensure the lowest resell or subscription pricing. Again, our primary value is the ability to monitor the agents globally, in real-time, on a 24x7x365 basis, and to deploy our expert network security analysts to work with you to mitigate and resolve any unauthorized attempts to access your systems.

6. What makes an Internet security appliance secure?

The Internet security appliances Mana Security selects use stateful packet inspection to determine if a data packet is allowed through the firewall to the private LAN. Mana Security’s seleted products support Network Address Translation (NAT), which translates multiple IP addresses on the private LAN to one public address that is sent out to the Internet. This adds a level of security since the address of a PC connected to the private LAN is never transmitted on the Internet. Mana Security’s selected Internet security appliances are also pre-configured to automatically detect and thwart Denial of Service (DoS) attacks such as Ping of Death, SYN Flood, LAND Attack, IP Spoofing, etc.

7. What is stateful packet inspection?

Stateful packet inspection is generally regarded as a "state of the art" firewall technology. With stateful packet inspection, your Internet security appliances make security decisions based on the origination of Internet sessions. Our vendor’s products will allow data coming from the Internet only if it's part of a session that was initiated by one of the users on the secure Local Area Network (LAN), but will block all communications that are initiated from the Internet.

8. Why don't Internet security appliances use packet filtering as their firewalling mechanism?

Traditional packet filtering is too difficult to effectively and safely implement. Packet filters are prone to being compromised using IP spoofing, which involves altering an IP packet so the firewall thinks the packet has an internal, rather than external, source address and therefore grants it network access. Some protocols, such as FTP and DNS, can't be safely passed through packet filters because they require opening "holes" in the firewall which compromises security. Mana Security’s selected Internet security appliances use stateful packet inspection to determine if a data packet is allowed through the firewall to the private LAN. By default, all data that is in response to sessions initiated by users within the private LAN are allowed and all other traffic is blocked.

9. Why don't Internet security appliances use a proxy as their firewalling mechanism?

Application-Level Proxy Servers, protect the network by examining the application layers. Unfortunately, this upper level examination requires a great deal of processing power and often leads to an unacceptable performance penalty. Each application type, such as HTTP, FTP, SMTP or POP3, requires the installation and configuration of a different application proxy, making support for new applications a problem. Also, this approach requires the user to reconfigure their network settings to support the proxy. Finally, application proxies track only the application state, not packet or connection state, which may introduce security vulnerabilities.

10. What is a Denial of Service attack, and how does a firewall protect the network?

The goal of a Denial of Service (DoS) Attack is not to steal information, but to disable a device or network so users no longer have access to network resources. For example, "TearDrop", a DoS hacker tool, which is widely available on the Internet, allows users to remotely crash any unprotected Windows computer on the Internet. Most types of Internet attacks try to exploit the weaknesses in the TCP stacks of the operating systems of host machines. Mana Security’s selected Internet security appliances protect against the following types of DoS attacks:

· SYN Flooding
· Ping of Death
· LAND attacks
· Smurf attacks
· IP Spoofing
· TearDrop
· Bonk/Boink/Nestea
· Sub-Seven