home

back to the home page

about

about N2, our history
and experience

industries

information on the industries we serve

solutions

details of our solution portfolio

products

integrated critical network protection

contact

contact us for more
information

norman network protection

Norman Network Protection (NNP) is a new generation high performance security gateway to protect organizations infrastructure in real-time against malware attacks.

The NNP technology is very simple to implement. Connect the NNP machine to the LAN and start the NNP executable, and the entire LAN is protected. NNP is independent of network topology and other network units. It is also effectively transparent to all other entities in the network, which allow them to operate uninterrupted by NNP. This gives a great advantage compared to conventional proxy solutions where network entities may require configuration to enable the proxy.  

How NNP works

NNP is installed on a computer with three network interfaces and works as a blackbox performing real-time scans for malware in data traffic. One network interface is reserved for alerts and remote configuration, while the other two collect network packets for scanning from the network segments they are connected to.

In a pair of connected interfaces, one interface provides an upstream or “open” network connection, and the second the downstream or “protected” network connection. Both interfaces protect data streams from either direction. The network connections can be of any physical type that supports the TCP/IP protocol.

These are the NNP supported protocols:

• HTTP – normal web content traffic including web mail
• SMTP – incoming email traffic
• POP3 – outgoing email traffic
• RPC – remote procedure call traffic
• FTP – file transfer protocol
• TFTP – trivial file transfer protocol
• CIFS/SMB – common internet file system for MS Windows-based computers
• IRC - Internet Relay Chat, a chat system protocol

As each packet is received, it is sent to the appropriate protocol-scanning module. Each scanning module calls the scanning engine, which in turn requests portions of data from the packet or subsequent packets in the sequence. Alternatively, if Norman SandBox™ is enabled, the received packets are assembled in a virtual environment where the code’s behaviour is analyzed. If malicious code is detected it is blocked from travelling any further in the network. NNP then broadcasts an alert based on the configuration. NNP offers a variety of features to encompass operation and maintenance:

• Norman SandBox™ technology – enables NNP to detect new viruses before detection files are released, by analyzing in a virtual environment what the code does before it runs on a real machine.
• NIU signature update – Norman Internet Update can be configured to automatically update the virus scanning engine and signature files daily.
• Decompression – NNP can decompress packets representing files compressed in a number of different formats before scanning the content.
• Real-time configuration – NNP can be configured while running, there is no need to restart the application.
• Comprehensive alert system – alerts can be delivered as SNMP traps or SMTP (email messages) to interested parties.
• Suitable for a variety of network sizes and topologies.