Calyptix Security, a provider of network security and management tools for small and medium businesses, has unveiled a new release of its UTM firewall, AccessEnforcer, with more than 10 improvements to the device’s security, ease of use, and compliance with PCI DSS (Payment Card Industry Data Security Standard).
AccessEnforcer version 3.1.17 brings two enhancements designed to help IT providers and their clients more easily pass network scans for PCI DSS compliance:
- TLS v1.0 is now disabled by default on the AccessEnforcer web interface. Network administrators can enable this protocol if desired, but this is not advised if the network needs to maintain PCI DSS compliance.
- SHA256 is now the signature algorithm used for the default SSL certificate on the AccessEnforcer web interface. The previous default, SHA1, will be phased out by major web browsers by 2017.
The PCI Security Standards Council released an unscheduled update to the PCI DSS requirements on April 15. Effective immediately, PCI DSS version 3.1 forbids the use of SSL and TLS 1.0 encryption protocols to protect cardholder data.
“PCI DSS compliance is a growing concern for our reseller partners and their clients. The improvements we’ve made to AccessEnforcer will make it easier for small businesses to achieve and maintain PCI compliance on their networks. We will continue to improve our firewall and services to meet those needs,” says Ben Yarbrough, CEO, Calyptix Security.
The AccessEnforcer devices of Calyptix partners and customers will automatically update to version 3.1.17 in the coming weeks. All AccessEnforcers automatically update security rules and firmware as part of standard service. †
AccessEnforcer version 3.1.17 also brings several enhancements to the device’s VPN service:
- CalyptixVPN clients are now saved as part of the automatic configuration backup in AccessEnforcer, and they can be loaded to a new AccessEnforcer device as part of the configuration restore process.
- New CalyptixVPN Login Attempts page allows network administrators to better track remote users. Here they can see login attempts, logouts, and timeouts as well as the corresponding times and remote IP addresses.
- Unique 4096-bit Diffie Hellman groups are now used for key exchange in CalyptixVPN as well as the AccessEnforcer web interface. This security improvement is in response to reports that 1024-bit Diffie Hellman is vulnerable to attack by state-level actors. Diffie-Hellman is a popular cryptographic algorithm that is fundamental to many encryption protocols such as HTTPS and SSH.
To learn more about the†AccessEnforcer UTM firewall, visit http://www.calyptix.com/products/.
†