“Security is not everything, but without security nothing is everything.” You could paraphrase this as a simplification of the basic requirement for external corporate communications. Because, if you decide to make your company net, and thereby all confidential data, accessible from the outside, the questions immediately arise regarding transmission and access security. Confidentiality, integrity and availability of information as well as information processing systems, must be guaranteed.
NCP gives you this security: Attacks on teleworkers and transmission paths are made impossible with encoding, VPN tunneling and strong authentication. Access to your company net can only occur after successful validation of all security parameters corresponding to centrally specified directives (security policy).
Security is not a freeze-frame and is not achieved by using a single measure. On the contrary, security is a permanent process that applies with correspondingly discriminating security mechanism. All security features must correspond to the latest state of technology and secure components of an integrated VPN solution, i.e. coordinated with one another and integrated with updates/upgrade concepts.
But data availability must also be secured. Because disturbances on transmission paths or system interruptions makes no communication possible. Therefore, corresponding provisions also need to be met in this area.
Proven Security – Made in Germany
The NCP Secure Communications VPN solution is an established brand. Well-known references verify this. An additional seal of approval is the application recommendation of BSI (Federal Office for Security in Information Technology) for the top-most officials in Project IVBB (Information Interconnections Bonn Berlin).
An NCP Secure Communications Solution does not have any hidden access opportunities.
With its voluntary agreement to exclusively produce security products with hidden access opportunities, NCP affords, as a member of the export initiative “IT Security Made in Germany (ITSMIG)”, an active contribution to strengthening the brand “Security – Made in Germany. NCP hereby underscores its claim to the development of communications software that may also be used for the highest security requirements. More about ITSMIG…
NCP Secure Communications – an overview of the most important integrated security features:
Dynamic Personal Firewall – Optimized for Remote Access
This personal firewall serves to protect terminal equipment against internet attacks, WLAN and LAN. It is a component of all NCP Secure Clients, therefore independent of the operating system and may be centrally administered (Enterprise Solution). PC protection takes place during system startup and automatically conforms to the prevailing remote access environment. The personal firewall not only protects from internet attacks, but also from attacks from the LAN. It can be configured for the user in such a way that it is neither subject to manipulation nor to deactivation. Inadvertent openings of backdoors, e.g. upon registering with a hotspot are thereby barred.
The personal firewall remains active as desired if the VPN service is deactivated.
An overview of the functional environment of the NCP Personal Firewall: - IP-Network Address Translation (IP-NAT)
- Stateful Packet Inspection
- Applications-independent filter rules
- Protocol, port and address-based filter rules
- Friendly net recognition
- Automatic hotspot recognition
- Connection-dependent filter rules
- Voluminous logging options
VPN tunneling on the basis of IPSec and SSL (Secure Socket Layer)
This VPN tunneling offers secure external enterprise communication in each remote-access environment, with and without VPN client software. Mobile employees can either be fully integrated in a centrally managed IPSec VPN communication (intranet) or through “clientless” company net connection. Which VPN technology also comes into operation: The central remote station – the hybrid NCP Secure Enterprise Server – governs both worlds simultaneously.
Data encoding (encryption)
So that your data remains confidential on the transport path, they must be encrypted. Encryption creates the basis for information confidentiality. Otherwise, secure data communication over a public network is unthinkable. The NCP Secure Communications software always supports the most up-to-date, performance-efficient algorithms and key lengths.
Strong authentication
In a VPN, it is no longer sufficient today to allow access to the company network through user-name and password. Both are easy for hackers to spy out. Therefore, NCP exclusively brings strong authentication processes into play.
NCP Secure Communications supports all strong authentication processes such as OTP Token (one-time password) and digital certificate in a PKI (public key infrastructure), as well as biometric technology. The so-called one-time passwords are generated dynamically, replacing the static passwords and immediately lose their validity after use. Digital certificates dispose over a still higher degree of protection and are universally applicable as well. You can apply it as software or on a Smart Card as an X.509 v3 certificate. When required, it can be collaborated with several trust centers/certification (CA’s) (multi CA-support).
Endpoint Security - Quarantine Zone
This performance feature works, such that all security-relevant parameters are checked for access onto the company network. In this way, it can handle such items as the status of the virus scanner, server information, certificate content or software status. Adherence to security directives is compulsory and may not be manipulated by the user.
In the case of an IPSec-VPN, this takes place in the so-called quarantine zone. The following possibilities exist here: - All security directives fulfilled:
- Access to the productive network
- If only one of the security parameters is not fulfilled, then the following can be defined:
- Final destination in the quarantine zone with limited server access for software update of the remote system
- Start external applications on the remote PC
Line Backup The line backup secures high accessibility for the target system, even during a disturbance of the transmission path (DSL connection). Disturbances or bottlenecks in the internet can never be ruled out. Connection breaks often lead to data loss and longer queue times until the error is fixed. Both are unpleasant for the VPN carrier and be associated with unanticipated higher costs (e.g. important data are untimely available. With the “line backup” feature, a disturbance is automatically switched over by a DSL or ISDN connection on an ISDN backup line (network administration is informed). The data connection persists, i.e. it can continue to work without new reporting (no session loss). After secondarily produced DSL functionality, it is automatically switched back to the higher value connection.
System Availability
The high-availability services of the Secure Enterprise Solution provides for the higher degree of availability of the Secure Enterprise Server with their backup and load-balancing mechanisms. The make certain that at any point in time – also in the even to a disturbance – all VPN tunnels are available to access the company network.
Additional information may be found here. (pdf) (Link: Downloads/Data Sheets/HA Services)
Data protection on the terminal equipment – cache protection (SSL VPN)
When using Internet Explorer as the web browser, all data on the teleworker’s place is automatically erased upon ending a session.
Enforced internet connection over company headquarters
In order to sustainably counter attacks from the internet, it can be centrally specified that the selection over a VPN tunnel to the company network and its security infrastructure must be followed.
|
