User Tools

Site Tools



ICS CUBE is multifunctional network solution equiped with a set of over 80 functions sufficient for keeping network operations safe and sound for a typical enterprise.

Being a universal Internet gateway ICS CUBE is built on top of FreeBSD operating system. ICS CUBE supersedes typical Unified Threat Management solutions by providing full set of corporate network security services, elaborate traffic and user accounting, access control, mail, proxy, file, jabber and Voice over IP servers all sharing common control, reporting and configuration. ICS CUBE acts as a smart router, plugged between your corporate nertwork and the Internet, leaving you network safe, controlling traffic and enforcing your corporate use and security policy.

Key functions of ICS CUBE

Universal internet gatewaySupports of multiple Internet connection types: Ethernet, Wi-Fi, 3G, PPTP, PPPoE, L2TP. Supports VLANs and DMZ. Works with several ISP at once, supports PPPoE/PPTP VPN for corporate users, tunnels traffic via GRE/IPIP VPN tunnels with IPsek PSK encryption as well as OpenVPN. Supports terminal clients. Routes IP traffic. Provides DNS, DHCP.
Access controlUser authentication by IP address, MAC, login/password pair, terminal server user authentication. Authentication via Active Directory, via local software agent, via VPN connections (PPPoE, PPTP) and pre-paid cards. Full Windows network integration. Layer 7 filtering, content filtering, traffic categorization by SkyDNS, Kaspersky Webfilter, https filtering.
Network securityNetwork firewall. Built-in antiviruses selection of Kaspersky and ClamAV. Incoming and outgoing traffic inspection. ICQ interception, Network address and port translation (NATPT), DMZ support. Network intrusion prevention system (NIDS/NIPS), raid-1 support for increased system stability.
Communication and network supportProxy server, mail server with SPAM filters, DNS, DHCP, Web, FTP, IPsec encryption, multiple remote office secure interconnection via encrypted tunnels.
Traffic accounting and network visibilityTraffic and access accountng by user, user groups, address groups, network interfaces, sites and URLs, files, protocols, MIME-types, timestamp, traffic source. Netflow parsing to obtain traffic statistics from external routers (Cisco, Juniper and more).
Easy controlAll components are easily controlled via web-based protected interface. ICS CUBE keeps track of all links between its components and hides complexity from the user. Administering of any number if ICS CUBEs in remote offices can be done from single interface.
File and web serversFile storage with HTTP/FTP access. Windows network neighborhood (CIFS/SMB) access. File storage uses reliable ZFS file system with RAID 0/1 support and fault tolerance. Fully functional web server with PHP support and MySQL database with unlimited number of web sites deployed. DNS server included.
Proxy serverAllows to obtain precise web usage statistics, allow/deny specific users to specific web sites and URLs within sites. Traffic and channel utilization optimized by 10-30%.
Voice over IPAllows to put up fully functional corporate IP telephony gateway with IVR, incoming and outgoing call filtering and forwarding, reporting. Support of SIP and IAX protocols.

Operation principle

ICS CUBE densely integrates precisely-chosen set of solutions on a single platform. It also contains storage for all configuration data, traffic statistics, reports, users, rules, etc. ICS CUBE logically unites all components of the system from operational and control point of view. ICS CUBE is designed to address all needs of a typical corporate network connected to the Internet. ICS CUBE turns a general computer into powerful Internet router and gateway supporting all corporate communications. ICS CUBE middleware makes all its components operate in concert, minimizing configuration effort to virtually zero, keeping your network operation secure, manageable and visible from convenient graphical interface.

ICS CUBE is typically installed at an x86 (32 or 64bit) computer with two or more network interfaces. Part of these interfaces is designated as external and connects to ISP equipment, the others are internal and link to corporate network (office LAN switch with connection to other client’s computers in the simplest topology).

ICS CUBE can support much more complex topologies, including DMZ, virtual LANs, tunnels between remote offices, multiple ISPs, complex switching and routing in corporate network, etc.

Every corporate user should be configured at ICS CUBE (or imported from domain controller). Every user is assigned a portion of network resources, addresses and authentication scheme. Various authentication schemes can be used simultaneously. Users can be managed individually or collectively as user groups. IP addresses can be configured statically or delegated via built in DHCP service or by means of automatically configured tunnels with PPTP or PPPoE. Every user can be associated with resource quotas – for resource consumption, e-mail addresses, etc. Special rights, like administrator of a particular group can also be delegated to a user.

about50.txt · Last modified: 2020/07/01 11:15 by zog