Powerful Policy Generator

Many security products exist that favor limited configurability in return for ease of use. We chose to simplify the process of defining the security policy, while retaining the ability for experienced administrators to add rules directly to the IP-filter subsystem.

The IP-filter subsystem is the main instrument used to enforce security. It allows or denies network traffic according to a security policy specific for your network environment. The default policy is to allow nothing after which, based on a policy of least privileges, you add the network services that are actually needed.

Privileges, with regard to the type and direction of the IP traffic, are set between logical separations or zones. A zone may in- or exclude any number of hosts and networks, allowing a very flexible way to separate networked resources into logical units. Common network services have been predefined for your convenience. This simple, yet powerful abstraction greatly simplifies even the most complex security policies.

1-8-2011 - X/OS has moved!

X/OS has moved to a new office, but stays at the Amsterdam Science Park.