¶ Cyber Gateway Architecture and Features
Exium’s Cyber Gateway (CGW) is a soft-only solution to address the Zero-Trust Secure Private Access (SPA) and Firewall replacement (or overlay) use cases:
- For Zero-Trust Secure Private Access (SPA), check out our single-interface CGW deployment.
- For Firewall replacement (or overlay) including Zero-Trust Secure Private Access (SPA) use case, we recommend a dual LAN/WAN interface CGW deployment.
The dual LAN/WAN interface Cyber Gateway Software Architecture and Modules are summarized in the Figure below.
¶ Cyber Gateway Architecture and Features
Exium’s Cyber Gateway (CGW) is a soft-only solution to address the Zero-Trust Secure Private Access (SPA) and Firewall replacement (or overlay) use cases:
The table below describes the role of each module or feature supported by the cyber gateway. The items in “green” are generally available (GA) today. The items in “red” are hardening and tamper-proofing the cyber gateway itself and not the features offered to end users. The items in “black” are optional or coming soon.
| Category | Module |
Description |
|---|---|---|
| Network Security | IPSec/ GRE tunnel | A dual fully encrypted tunnel comprising Internet Protocol Security (IPSec) and GRE (Generic Routing Encapsulation) secures traffic to and from your private applications. |
| Network Security | DHCP Server | Cyber gateway comes with a built-in DHCP Server(s) that automatically provides and assigns IP addresses, default gateways and other network parameters to client devices. |
| Network Security | LAN Firewall | Software-based Firewall that inspects incoming and outgoing traffic using a set of security rules to identify and block threats, as well as prevent unauthorized access to the local network. |
| Network Security | IDS/ IPS | The intrusion detection system (IDS) and intrusion prevention system (IPS), built on the Suricata engine, scans for suspicious traffic on your network and provides Comprehensive Network Visibility. |
| Network Security | Network Segmentation using VLANs | A virtual LAN (VLAN) is a logical overlay network that groups together a subset of devices that share a physical LAN, isolating the traffic for each group. |
| Network Security | Inter VLAN Routing | Each VLAN maps to unique zone and Inter VLAN Routing provides access to other segments of the network which are isolated with different VLAN IDs. |
| Network Security | Port forwarding | Port forwarding, or port mapping, allows remote servers and devices on the internet to access the devices that are within your private local-area network (LAN) and vice versa. |
| Zero Trust Access | NAC | Network access control (NAC), also known as network admission control, restricts unauthorized users and devices from gaining access to your private network. |
| Vulnerability analysis | LAN Vulnerability scan | Vulnerability scan, based on WebMap, provides a tool for visualizing Nmap scan results. It parses the scans you made with Nmap and loads everything into a web-based dashboard. |
| Web Security | DNS server | The Domain Name System (DNS) built in the cyber gateway provides fast and secure response to DNS queries as well as DNS and Web security. |
| Web Security | Web Proxy | Web proxy leverages the Squid engine, which is a fully-featured HTTP proxy and caching system for web security and user experience enhancement. |
| Administration | Webmin | Provides a web-based interface for system administration of the Cyber Gateway |
| Management | Cloud Shell | Provides a browser-based shell experience for SSH into the cyber gateway VM or box. |
| SD-WAN | Securing Sites | Secure Mesh connectivity between locations |
| SD-WAN | WAN aggregation | SD-WAN uses path selection, WAN aggregation across two or more ISPs, near real-time performance monitoring, and dynamic routing to improve network performance. |
| SD-WAN | Service-aware routing | SD-WAN Application-Aware Routing lets you run applications over specific WAN connections and fail over based on SLA classes. |
| Device Security | Anti-Virus | The cyber gateway software is protected by the ClamAV® antivirus engine for detecting trojans, viruses, malware & other malicious threats. |
| Device Security | EDR | The cyber gateway software is further secured by the Wazuh Endpoint Detection and Response (EDR) engine for threat prevention, detection, and response. |
| Device tamper-proofing | Secure boot | Secures the cyber gateway at the firmware level by using Unified Extensible Firmware Interface (UEFI) Secure boot, which is a verification mechanism for ensuring that code launched by firmware is trusted. |
| Device tamper-proofing | AppArmor | AppArmor proactively protects the cyber gateway operating system (Linux Ubuntu) and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing both known and unknown application flaws from being exploited. |
Cyber Gateway Architecture and Features