Personal Firewall

There are many different scenarios and authorization levels for accessing company resources from external locations: Home offices, external networks (visiting customers and partners), public hotspots and just about anywhere in the world with an internet connection. NCP Secure Clients solve this challenge in a simple and secure way. The integrated personal firewall works has many helpful features which improve endpoint security without the user having to do anything.

• Friendly Net Detection – is a device connected to a public, unknown network or is it in a friendly, known network? The firewall rules and VPN connection are controlled automatically by the client depending on the type of network.
• Hot Spot Login – eliminates the risk of establishing an insecure connection to a hotspot provider. Unlike other VPN clients, the NCP client starts a hardened web browser for logging on to hotspots securely.
• Home Zone Function – the NCP Client's firewall is automatically configured so that users can use local network devices such as printers, but Internet access is only allowed through the VPN connection via the central company firewall for a high level of security which does not have an impact on end users.

Endpoint policy enforcement

Endpoint Security or Network Access/Admission Control (NAC) checks that NCP Secure Enterprise Clients comply with security policies before granting access to the company network. This may include checking the status of virus scanners, service information, certificate contents or software versions. Compliance with the security policy is mandatory and cannot be manipulated by the user. Devices which do not comply with the security policy are added to the quarantine zone. From this point there are several options:

• If the security requirements are met
  • the device is granted access to the production network
• If the device does not comply with the security policy:
  • It may remain in the quarantine zone with limited server access for obtaining software updates
  • External applications may be started on the remote PC
  • The connection may be terminated

Multi-factor authentication

Even in a VPN today it is no longer sufficient to allow access to the company network via user name and password. Intercepting credentials is an easy task for hackers. This is why only strong authentication methods are used in the NCP VPN solution: integrated Advanced Authentication, OTP (One Time Password) tokens , elliptical curves (ECC) and digital certificates in a PKI (Public Key Infrastructure) as well as biometric technologies.

One-time passwords are generated dynamically and replace static passwords while losing their validity immediately after use. Digital certificates have an even higher degree of protection and can also be used universally. They can be file-based or smartcard-based X.509 v3 certificates. If required, several trust centers or certification authorities (CAs) may be used.