SmoothWall offers the following features to help health care agencies to control access to Protected Health Information (PHI) and prevent confidential data from leaving the organization without proper approval:

• Perimeter Firewall – Blocks threats at the boundary or gateway - before they enter your network.
• Stateful Packet Inspection - Keeps out invalid traffic by ensuring all packets are part of a legitimate sequence.
• IDS (Intrusion Detection System) - Logs and alerts administrators of intrusion attempts and gives, through reporting, an overall view of system attacks.
• Internal Firewall including DMZ, other zones &inter-zone bridges - Allows local networks to be segregated into physically independent zones – useful for separating confidential and routine services, controlling inter-zone access, the spread of viruses and quarantining wireless and public access networks. (Also integrates with User Authentication systems)
• Transparent Authentication (TA) and support for native server-side authentication features such as RADIUS and LDAP - SmoothWall solutions allow access to be controlled based on authenticated identity as opposed to assumed identity derived from a computer's IP address. Support for Microsoft Active Directory, Novell eDirectory, RADIUS and other LDAP systems. System administration is also simplified with support for transparent web filtering; which avoids the need to configure proxy settings for each user computer. The use of NTLM with password verification also provides seamless single sign-on without the need for users to log into the firewall or re-enter their credentials.
• Ident (Windows User Identification) can also be enforced so that any user that has not been identified from Ident information (ie their PC is not running an Ident client) will be not be allowed to browse the web.
• Outbound (egress) firewall filtering rules - control what external Internet services and ports users can access, based on port, protocol, AD group and source IP address.
• Policy-based web content filtering - Multiple filtering categories and rule sets can be used to allocate different access rights and restrictions to different groups of users with different privileges.

Secure connections for remote workers can be achieved via L2TP, IPSec and SSL VPNs. Information transferred follows strong encryption and decryption methods 3DES + AES Rijndael, Twofish, Blowfish and CAST encryption algorithms. A NAT Traversal (NAT-T) option allows for seamless VPN operation in a NAT environment.

• Port-agile firewall traffic blocking - detects & blocks file transfers and downloads (e.g. P2P traffic such as KaZaa, BitTorrent, etc)
• Blocking controls for MIME types, File extensions, download sizes, adverts, cookies & PICS ratings - help to stop the downloading of viruses and other malicious code from websites, as well as music and other copyrighted material. (Guardian can detect and remove in-page executable code from web pages, such as ActiveX controls, Java Applets, Javascript and Flash. Such executable code is not recognized by traditional anti-virus software, yet is often used to install spyware, viruses and other types of malware on user PCs.) Browser exploits and malicious URLs are also detected and blocked.
• Anti-Virus Scanning (Web & Email) - Files downloaded from web sites are not scanned by most anti-virus software, which provide email rather than web security. Guardian will anti-virus scan all such downloads, using either its inbuilt ClamAV engine or any ICAP compliant anti-virus engine running on an external system.
• Instant Messaging Application Control – IM applications can be logged, filtered, blocked or censored, with certain words or phrases set to trigger alerts. File transfers and attachments can also be logged or blocked and both local and remote users can be either blocked or exempt from control.

Email security can be achieved using SmoothZap (add-on module for SmoothWall products) which offers the following:

• Content analysis and Reputation Checking - using Mailshell's industry leading Spam Detection Network & Bayesian analysis.
• Bulk Mail and Phishing Detection – using a combination of Mailshell's definitions and in-built analytic engines.
• SMTP validity checking - Checks for malformed email (usually either spam or designed to attack mail server/client vulnerabilities).
• SMTP Mail Relay - Reconstructs and relays incoming and outgoing email to a protected email server located within a local network zone or DMZ
• Disclaimer Footers - Automatically append a disclaimer to every email. Different disclaimers can also be attached to outgoing emails from different domains.
• Attachment Removal – Allows dangerous or unwanted attachments to be discarded based on type (e.g.executable files, documents and multimedia files).
• Archiving - Automatically archive both incoming and outgoing email so that a record of all email can be maintained.
• Per-User Quarantine – Allows each individual email user to view and retrieve spam trapped email from their own secure quarantine mailbox on the SmoothWall.

• SMS/email incident alerts - For immediate response to urgent incidents related to all areas of system functionality.
• Comprehensive range of editable report templates - Users can create, customize and save their own report templates and utilize an extensive range of standard reports. (20+ including firewall and IDS log analysis, web access history and other analyses, server information, status of VPN tunnels, network usage, traffic & web cache). Reports can also be scheduled & automatically distributed in user-friendly formats such as Excel, CSV and pdf
• Real-time reporting - AJAX real-time logs & traffic graphs also allow instantaneous monitoring of web traffic and other network activity, with the option to filter by user name, group, category of web site, IP address or domain/URL substring.

URL Blocklists, Dynamic Content Analysis key-phrases and contextual analyses, browser exploit definitions, AV signatures and intrusion definition files are automatically updated on a daily basis. SmoothZap is updated every 5 minutes with the latest email fingerprints and detection rules.