Active Net Steward (ANS) is a radical approach to network security. Comprising both client and server components it polices both incoming and outgoing traffic. Because it combines these functions, it provides the capabilities of a traditional network firewall together with the ability to regulate outgoing traffic. This makes it particularly suitable as a 'Parental Control' vehicle, especially when combined with a web-aware service such as Surf Control'.

With ANS you can :

• Have firewall level protection on all clients and servers.
• Police individual incoming and outgoing connections from each device.
• Control all TCP/IP ports on each device.
• Monitor network traffic in real time and raise alarms against set conditions.
• Control net access (including user web surfing).
• Implement policy centrally, in real time across the whole network.
• Have the necessary audit and forensic evidence to back up policy.
• Have a last line of defence to protect against perimeter defence breaches.

SystemSoft worked on the client implementation of ANS and provided ongoing support and enhancement services to ensure the product continued to offer front- and back- line protection despite the dynamic nature of PC-internet communications architectures.

A significant upgrade was the addition of client-server connections via TCP. Using TCP (rather than the previous restriction to UDP) provided additional integrity and facilitates operation in wide-area contexts where the path between the client and the server might include NAT-ing routers, gateways and perimeter firewalls.

The upgrade comprises extension of the UDP-supporting kernel-mode TDI client to accommodate primitives required to initiate and accept connection-based communications such as TCP. Extensive testing verified successful manual and automatic adjustment of the connection mechanism according to dynamic link establishment scenarios, including wired-, dialup- and wireless-based configurations.