OPSEC Partners

Aviva HostShield™ by Aviva, Inc.

Product Version Certified: v1.0
Certified for use with: Check Point Next Generation

Product Description: Aviva HostShield™ is a leading-edge security software product that specifically protects TN3270 and TN5250 servers connected to the Internet or intranet. It is an unique Host Access Security solution to protect your corporate mainframe data from attacks or misuses.

The product provides real-time analysis and content filtering for TN protocols using two unique patent-pending features: TN Proxy Gateway and a TN Intrusion Detection System. If positioned strategically in a company's internal IP network, Aviva HostShieldTM combined with a corporate firewall can protect against malicious attacks from users both inside and outside a corporation's IP network.

Unique Patent-pending Features

• TN Proxy Gateway (Application level firewall) - provides real-time Telnet and TN protocol validation and filtering.
• TN Intrusion Detection System (IDS) - performs real-time analysis of Telnet and TN protocols using stateful inspection. When suspicious activity or a known intrusion is detected, Aviva HostShield triggers alarms, writes logs and instructs the firewall to perform actions such as dropping the connection. It provides off-line connection statistics as well.

Key Benefits

• An additional safeguard - reducing vulnerabilities and internal as well as external threats to your mainframe.
• Unique real-time intrusion detection and prevention system - for IBM Mainframe and AS/400 systems.
• Unique end-to-end encryption with protocol filtering - between client applications (PC-to-host, Web-to-host, or EAI) and the mainframe protecting the confidentiality and integrity of your corporate data.
• User confidentiality - with the use of specific encryption algorithms and cipher suites to access TN servers, ensures that users comply with security policies, imposing the use of specific SSL/TLS protocols cipher suites.
• Comprehensive logging capabilities - provides detailed intrusion attempt information including the identity of the intruder and the type of violation and activity.

Central management, monitoring, and auditing

• Non-intrusive - does not require software to be installed or configured on the mainframe, additional software is not required on the client computer
• Compatible with your current network - works with any client emulator or Web-based application and TN server.
• Flexible deployment - can run on the firewall server, or a separate server, allowing the firewall and the IDS to perform at an optimum level.
• Operating system independent technology - allowing compatibility with Microsoft Windows, Sun Solaris and RedHat Linux.

Aviva HostShield™ is closely integrated with Check Point VPN-1/Firewall-1 that manages classical attacks at the IP and TCP levels.

Aviva Hostshield™ is essentially a CVP (Content Vectoring Protocol) server. CheckPoint VPN-1/Firewall-1 intercepts traffic and forwards it to Hostshield's CVP server for detection of suspicious activities. When HostshieldTM detects such activities, it acts as a ELA (Event Log API) and SAM (Suspicious Activity Monitoring) client. Using ELA, Hostshield™ instructs CheckPoint VPN-1/Firewall-1 to log and issue appropriate alerts. Using SAM, Hostshield™ instructs CheckPoint VPN-1/Firewall-1 to block further access for the intruder.

• HostShield Datasheet PDF