Is Your Router Capable of Mitigating the Risks of an Ever Evolving IT Threat Landscape?
Enterprise security breaches involving the compromise of large amounts of confidential customer data are becoming increasingly common. Compromised passwords can be changed but customers' trust is not easy to regain. It takes years to build a solid reputation, but only one security breach to destroy it.
How much security is really enough? This question haunts every organization, but is especially crucial for small to medium enterprises with limited security budgets. Similarly, home users wish to protect their families from the dangers of accessing harmful content on the Internet, but don't know where to start. Confidentiality, Integrity and Availability are the three pillars of IT security and Draytek provides a one-stop solution for your security dilemma.
Comprehensive VPN Support
VPNs are an essential component of network security, both Remote Dial-in VPNs for Teleworkers and Site-to-Site VPNs to connect remote branch offices to Enterprise Headquarters. Draytek Vigor routers provide multiple simultaneous VPN tunnels (IPSec, PPTP or L2TP protocols) for secure data exchange and communication. With a dedicated VPN Co-Processor, the hardware encryption of AES/DES/3DES and hardware key hash of SHA-1/MD5 are seamlessly handled, thus maintaining maximum router performance. This means our popular models are capable of supporting from 50 to 500 simultaneous VPNs with high IPSec throughput. SSL VPNs with X.509 Certificate-based authentication are also available for teleworker applications. SSL is supported by standard web browsers such as Chrome, IE etc. It's convenient for users of small offices and teleworkers who need to access internal applications, remote desktops, file servers of their enterprise without the necessity of installing a VPN client on individual PCs.
VPN Backup and Load-Balancing
In spite of the many advantages of using VPNs, many users are wary of them because of the single-point of failure they present, especially for inter-office connections. If there is only one VPN tunnel between the main office and a remote branch office, and if this VPN connection drops and cannot be restored immediately, you have to wait for hours or days until the network administrator manually creates another VPN connection. This severely impacts business operations and revenue.
With the DrayTek VPN Backup feature you can maintain a permanent connection between two sites. Once a VPN connection drops, an automatic backup VPN connection will be implemented. With VPN Load-Balance, you can have two VPN tunnels between sites combined into one VPN Trunk for greater capacity. The two individual VPN connections can utilize separate ISPs for redundancy.
Flexible Object-based Firewall
Every Draytek router is equipped with an incredibly robust and flexible object-based SPI firewall and optional integration with CYREN (Commtouch) GlobalView Filter, a world leader in Web Category Filtering. What does this mean for your network? It means, you can define objects based on source and destination IP addresses, ports, URL keywords etc to classify your network traffic and give you complete control over it. You can pass or block traffic based on URL filters, Web Category Filters, Time Schedules, QoS policies, User Roles and Application Filters. The DNS Filter ensures that even HTTPS websites can no longer slip through your security policies. APP Enforcement can filter applications such as Peer-to-Peer (P2P), Instant Messenger, Tunnel protocols, Remote Control protocols etc.
For example, you can have a rule that blocks employees from accessing Social Networking websites but allows Facebook only for a total time quota of one hour between 12PM to 2 PM; and yet another rule, to allow any user belonging to the Marketing Department group to always have access to Social Networking websites. Or a rule that allows your child access to online gaming websites only for a total of two hours in the evening and keeps them from accessing harmful content on the Internet at all times.
Denial of Service attacks are the most common threat to Network Availability. The DoS Defense feature in Draytek routers protects from a wide variety of such attacks. The router can detect when it is under attack and block based on a user configurable threshold and timeout settings. This ensures that resources are always available to legitimate users.
Draytek routers and access points support all the accepted wireless security standards such as WPA and WPA2 and the older 64/128 bits WEP standard for legacy devices. User authentication is via Temporal Key Integrity Protocol (TKIP) and Advanced Encryption
Standard (AES), one of the most secure encryption mechanisms today. Vigor routers and APs also support 802.1X for centralized wireless security management utilizing dynamic single-session, single-user encryption keys integrated with network log-on with the help of a RADIUS server.
This dramatically simplifies the administration and management of the network by eliminating the deficiencies of static key management, giving IT managers the confidence to deploy a secure enterprise-wide wireless solution for their users. Access control with MAC address stops unauthorized clients from accessing your wireless network. Also included is the ability to hide your SSID, Isolate Wi-Fi clients from wired LAN network and Isolate Wi-Fi users from each other.