Furthermore, securing complex products is against all odds since the amount of vulnerabilities are proportional to the
complexity of the product.

Amaranten Firewalls are designed to be secure, from the ground up. Here’s how.

First of all, the firewall is not based on any traditional operating system, such as Microsoft Windows, Linux or NetBSD.
Not even a realtime operating system, like VxWorks or similar, is used.

On the contrary, Amaranten Firewalls consist of a minimal boot loader and a compact firewall core of several hundred
kilobytes in size, which constitutes the entire software needed for the operation of your complete firewall system.

This means that inherited security vulnerabilities from an underlying operating system are completely avoided, and that
the Amaranten Firewall, due to the compact size, is the most resilient product on the market.

The technology is based primarily on Stateful Inspection, the de-facto standard for firewalls today. To achieve the highest
protection possible, your Amaranten Firewall keeps states on all common IP protocols, including TCP, UDP and ICMP.

Every packet received by the firewall is subjected to several thorough consistency checks regarding header sizes, options,
fragmentation and flags. These tests provide protection against network layer DoS (Denial-of-Service) attacks as well as
OS fingerprinting or “firewalking”attempts.

Naturally, Amaranten Firewalls also support dynamic as well as static address and port translation.

To manage the complex security problems involved in the file transfer protocol (FTP), Amaranten Firewall includes a highly
customizable application layer gateway (proxy), which allows secure operation through fine tuning of which kind of data
channels are allowed, including on-the-fly conversion between active and passive mode data channels.