News

Direct Access vs. Real VPN

The death of VPN?!

Cloud VPN Solution by NCP

NCP Provides Extensive IPsec / SSL Security Without the Management Headaches

VPN Client for Apple's Lion

NCP engineering’s IPsec VPN Client Now Compatible with Apple’s OS X Lion

Hybrid VPN Technology

NCP Secure Enterprise VPN Server for IPsec and SSL

Secure networking of branch offices Part 3

Central Management
A central VPN management system is required for effective networking of branch offices. Even if there are only a few branch offices, the time and money that has to be spent on local network administration is out of proportion. With M2M, such kind of administration this is hardly possible.

Central management automates management of remote / branch office VPN gateways. The more VPN relevant systems the central management contains, the simpler and more manageable the network becomes for administrators. Apart from configuration and software update management the following tasks should be included into the management software, too: management of digital software or hardware certificate (CA) rollout, an LDAP console for identity and rights management as well as security monitoring of the end-devices (Network Access Control / Endpoint Security).

A VPN system secures all data transfers in an encrypted tunnel. However, sealing of the communication has to take place as early as Internet dial up, which is the most frequent point of vantage of hacker attacks. The core problem is how the branch offices authenticate towards the central gateway. One possibility for authentication are pre-shared keys, another is the use of certificates. For security reasons certificates are the better option, because they can be adapted. This means old certificates can be locked and new ones can be issued.   Certificate handling has to be organized; i.e. if one certificate expires, the VPN management should offer automatisms that request and issue new certificates.

News about "VPN Client for Android"

The recently announce Android 4.0 "Ice Cream Sandwich" includes a new API for controlling the internal core VPN functionality. NCP will now concentrate on using this interface to develop an NCP Secure Client that provides NCP specific benefits such as:

• compatibility to the numerous VPN gateways on the market
• connection to the NCP Secure Enterprise Management
• VPN Path Finder Technology, and
• Seamless Roaming.

Ice Cream Sandwich is due for release in December 2011 and will be available for Smartphones and Tablets. An initial version of the NCP Secure Client based on Android 4.0 "Ice Cream Sandwich" is planned to be available during Q1/2012.

Until now, manufacturer specific restrictions meant that, with current Android based devices (< version 4.0), an NCP Secure Client could not be procured via the normal Android market and then installed on such a device. The NCP Secure Client currently available for Android requires a "rooted" device or, in special cases, a specially tailored Android kernel.

This latest version of Android software means that with Android systems based on version 4.0 or later, this restriction is now a thing of the past and that the new NCP Secure Clients will be installable in exactly the same way as every other Android-market application.

For more information please send an Email to android-vpn@ncp-e.com 

NCP Finalist at SC Magazine Award

NCP's managed Remote Access VPN Solution is finalist of the category "Best IPsec/SSL VPN"

Remote Access VPN "Out of the Cloud"

"Mobile teleworking via the Internet" in the network of the German federal state of North Rhine Westphalia

Misconceptions Part 7: Firewall settings may remain the same everywhere

Common VPN Solutions:
Different remote access environments demand different firewall rules. This means that the firewall rules have to be set manually. From the point of security, this provides high risks.

NCP's solution:
The administrator is the person to set the rules. The user cannot bypass the company's security policy by accidentally or deliberately changing the security settings!

Misconceptions Part 6: Client less SSL VPN is easy to manage

Some years ago SSL VPN was introduced into the market with the promise to be easy to manage because it is clientless. At the same time, it was promised that it would meet all requirements for communication. Time proved that this promise could not be kept. Various white papers compare SSL and IPsec and clearly favor the SSL solution. The striking argument is that no VPN client has to be installed at the end device. However, put into practice, both tunneling protocols have their advantages and thus their right to exist in parallel. This means, that a holistic VPN solution should feature both technologies.

Video "The truth about IPsec and SSL"