A K12 Web Filter with a Built-in Firewall
Frontera, a K12 web filter, includes an integrated stateful firewall, providing robust network security that is managed through a simple web interface. This deep-packet inspection firewall filters both inbound and outbound traffic. Since it is an affirmative firewall, all traffic into and out of the network must be explicitly allowed by the System Administrator.
The school content filtering built into Frontera actively logs blocked attempts against the firewall. These logs are available to BASCOM's Technicians. The firewall also actively monitors, blocks, and logs invalid login attempts. If there are too many invalid login attempts, the computer is blocked from further login attempts for 60 seconds. Doing this prevents most brute force, script-based attacks from interfering with your network.
- For ease of network deployment, Frontera, a K12 web filter, provides numerous predefined firewall rules, allowing firewall settings to be defined with just a few clicks and keystrokes. Many common applications, such as Web servers, VNC, FTP, and H.323, are made available in the Predefined dropdown of the Add Firewall Rule page. With a single selection, the required rules for an entire application are added to a firewall.
- Within these predefined rules, BASCOM has defined VPN pass-through rules. This enables VPN connectivity without knowing the nuances of each port and protocol that's required to properly deploy it. Our VPN pass-through rules encompass popular VPN protocols, including IPSec, PPTP, and L2TP.
Locked Down by Default
- Frontera's firewall is completely locked down by default, restricting all communication in or out of your network. Improved management of a network and bandwidth are accomplished through explicit definitions that selectively permit access.
- Firewall rules can be enabled and disabled on demand, eliminating the need to constantly redefine infrequently-used rules.
- Frontera's firewall allows the definition of specific port forwards for applications that are not predefined.
Network Address Translation (IP Translation/Outbound)
- Frontera's firewall supports network address translation (NAT), further providing security and control over a network's resources.
Deep, Stateful Packet Inspection
- Frontera employs a stateful packet inspection (or SPI) firewall which actively tracks all inbound and outbound communication. This implementation is a quantum leap over traditional firewalls, leveraging today's available processing power to ease administration and security headaches. An initial connection is examined, and if allowed, is continually tracked by the firewall. Doing this provides two benefits. First, the firewall's rules are only referred to during the initial connection, which means that subsequent packets only need to be checked against the firewall's active connections and not against the rules, as the conversation has already been qualified. Finally, rogue, potentially malicious packets outside of the context of established, tracked connections are ignored—mitigating the risk of traditional firewall attacks. This powerful firewall tracking works equally well with connection oriented (TCP) and connectionless (UDP) protocols. In addition, Frontera deploys application-level filters at the packet level—utilizing deep packet inspection to dynamically detect and configure the firewall in response to the examined traffic.
Learn More About Frontera's School Content Filtering
Find out how using Frontera for school content filtering can keep students safe and learning productive. Fill out a contact form or call us today at 1.888.922.2726.