Search:
 
Military & Defense Security:
>> Military & Defense Security
> EAL4 Network Separation
> EAL4 Boundary Protection
> Military Messaging Architecture
>> Enquiry Form

ACT NOW!
>> REQUEST AN EVALUATION
>> FACTSHEETS
>> WHITEPAPERS

How to Buy:
Find out how to purchase Clearswift's products & services. >> CLICK HERE

Quick Links:

 


Search the site:

MEMBERS CENTER

Contact Clearswift

Legal Information

Feedback Form

Site Map

 

Bastion™

Bastion is a messaging firewall that allows the exchange of email between networks of differing security levels or conflicting security policies. Thus where a security policy might otherwise preclude the direct connection of networks, Bastion permits the controlled and accountable flow of messaging traffic.

Bastion operates as a stand-alone system providing a bi-directional messaging firewall for both X.400 and SMTP/MIME email traffic.

Assured Protection
 Bastion is aimed at markets that require a CC EAL4 level of security and is based upon special evaluated software combined with standard Clearswift messaging products operating within the Trusted Solaris operating system.

Bastion is based upon the Trusted Solaris operating system (itself assured to CC EAL4) and is provided as a turnkey system utilizing Sun SPARC hardware.

Unlike many other firewall products, Bastion does not just rely upon the assurance of its underlying operating system, but actually contains key assured functions implemented as trusted code. Bastion has been developed in association with the UK Defense Evaluation and Research Agency and QinetiQ.

In Operation
Messages that need to pass between the networks connected by Bastion may only flow through the trusted processes of the application and labeled operating system. No other forms of communication are permitted between the networks, thus providing assurance of network separation.

Bastion maintains separate channels for message flow between networks allowing different policies to be applied in each direction, to the extent that all message traffic can be blocked in one direction. An audit trail of all message traffic is maintained.

Bastion offers a protected environment (or DMZ) into which modules can be introduced to perform specific inspection and filtering of the e-mail traffic. Such modules may include virus scanning, content filtering, filtering based upon sensitivity labels or digital signature verification. The architecture of Bastion is such that these modules need not be subject to ITSEC evaluation.
Print iconLanguages: English | Deutsch | Japanese
Login
© 2008 Clearswift Limited. All rights reserved.
Contact | Legal Info | Support Website Terms | Privacy Policy | Site Map