Almost all infrastructure security must include firewalling and access control as critical layers of defense. Unfortunately, cloud environments today provide wildly different capabilities for these essential needs. Some public cloud providers offer rudimentary network access controls, but these are often statically defined and are not portable across various providers.
Virtual servers running in private clouds require fine-grained access control as well. In the large, flat network model of private clouds, applications and services need to be grouped and firewalled for internal access control. Internal segmentation (physical or virtual) helps, but is hard to keep current with the dynamic nature of applications built to run on infrastructure-as-a-service clouds.
Halo offers automated, dynamic, fine-grained firewall management, two-factor authentication, and account management to complete access control for all of your cloud servers, no matter where they are running. Policies are enforced automatically when new servers are launched, and reconfiguration of host-based controls happens dynamically to ensure seamless communication between servers, the resources they need access to, and the users that need to log into them.
Halo firewall management enables users to centrally build, deploy and manage host-based firewall policies across public, private and hybrid cloud environments. From a simple web-based interface, system administrators can build Linux or Windows firewall policies and assign them to groups of servers.
When servers are cloned or burst dynamically, the Halo Daemon communicates with the Halo Grid to automatically update the firewall policies on all affected servers. Server migrations and network changes are seamlessly handled as the Halo Grid detects changes and updates policies cloud-wide. This assures that your policies are consistently and correctly applied.
This design makes system administrators' lives easier by automating and centralizing management of dozens, hundreds or even thousands of host-based firewall instances. The Halo Grid is aware of all servers and their IP addresses in the network in real time, so changing a rule using Halo automatically and transparently updates all the host-based firewalls that you would otherwise have to touch individually.
Halo dynamic host firewalls provide part of the tight network access control to your servers that is required. What is needed in addition is strong, secure authentication for administrative access to those servers.
Halo GhostPorts two-factor authentication is the most secure way to control access to administrative and other network services on cloud servers without the need for any additional infrastructure. GhostPorts uses dynamic, time-based host firewall rules with two-factor authentication to provide tight access control to network services and reduce the attack surface area of deployed servers.
Mobile phone Or USB token authentication
GhostPorts gives you the choice to have your users unlock their cloud servers either from their mobile phones or using YubiKeys, robust USB devices without batteries or serviceable parts. Both options generate a one-time password that will authenticate the user and open an application port for a specific time period, and only for that user. After a configurable amount of time, the open ports automatically close again.
Consolidate server account management across your cloud
Auditing system account activity on your servers can be a cumbersome task, particularly in dynamic cloud computing environments. Halo Server Account Management makes this task much easier, by providing you with a single online management console where you can monitor your servers in public, private and hybrid cloud environments.
Review all accounts from one location. Sort the account list by different criteria to identify and compare accounts with the same operating system. Review all root-level accounts and the last time they remotely accessed your server. The convenient user interface makes it easy for you to identify accounts that should have been removed, such as the accounts of employees who have left the company.
Unique cloud security capabilities
- Totally automate firewall rule changes for even fine-grained access control for your cloud resources
- Define policy assignment by server group, with automatic updates as group members change
- Transparently manage cloud-bursting, server cloning, migrations, and offline server image protection
- Convenient, two-factor authentication using SMS to a mobile phone or a YubiKey USB device; no additional infrastructure or server software required
- Completely portable among different cloud and server environments
Halo’s security benefits
- Real-time visibility of server firewall, policy, and network configuration status
- Continuous verification of local firewall policies to detect, alert, and correct any tampering
- View and report on consolidated server access across environments
- Enable secure access by remote employees, no matter how mobile they are or where cloud servers are hosted
- Fulfills compliance requirements for many security standards (PCI, HIPAA, FISMA, and others)