Products

Bastion™ DeepSecure™

Bastion™

Assured Protection Bastion

Bastion is a messaging firewall that allows the exchange of e-mail between networks of differing security levels or with conflicting security policies. It is deployed where a security policy might otherwise preclude the direct connection of networks, as Bastion permits the controlled and accountable flow of messaging traffic.

Bastion operates as a stand-alone system providing a bi-directional messaging firewall for both X.400 and SMTP/MIME e-mail traffic.

Assured Protection - Bastion is aimed at organizations that require a Common Criteria EAL4 level of security and is based upon special evaluated software combined with Deep-Secure messaging products operating within the Trusted Solaris operating system (itself assured to Common Criteria EAL4), and is provided as a turnkey system utilizing Sun SPARC hardware.

Bastion is based upon the Trusted Solaris operating system (itself assured to Common Criteria EAL4) and is provided as a turnkey system utilizing Sun SPARC hardware.

Unlike many other firewall products Bastion does not only rely upon the assurance of its underlying operating system - but contains key assured functions implemented as trusted code.

In Operation - Messages that need to pass between networks connected by Bastion may only flow through the trusted processes of the application and labelled operating system. No other forms of communication are permitted between the networks thereby providing complete assurance of network separation.

Bastion also maintains separate channels for message flows between networks allowing different policies to be applied in each direction, to the extent that all message traffic may be restricted to one direction. A comprehensive audit trail of all message traffic is maintained.

Bastion offers a protected environment (or DMZ) into which modules are introduced to perform specific inspection and filtering of the e-mail traffic. Such modules may include virus scanning, content filtering, filtering based upon sensitivity labels or digital signature verification. The architecture of Bastion is such that these modules need not be subject to Common Criteria evaluation.

Key Features:

Certified Common Criteria EAL4 security solution
Overcomes network isolation
Meets stringent security policy requirements
Allows messaging between networks of differing sensitivity
Flexible architecture allowing plug-in filter modules
Supports X.400 or SMTP/MIME messaging protocols
Turnkey package simplicity
Supports X.525 DISP for synchronisation of Directory servers
Supports SNMP protocol commands for use within remotely monitored environments
Allows isolated networks to be connected to DMZ compartments

Downloads

View factsheet for this product

Bastion Security Target

Bastion EAL4 Certificate

Bastion Certification Report

Bastion Maintenance Report

Act Now

Request information