Upload
eric-brennan
View
248
Download
4
Tags:
Embed Size (px)
Citation preview
ViPNtViPNt
ViPNet Product PresentationViPNet Product PresentationInfotecs GmbH 2008
ViPNet Product PresentationViPNet Product PresentationInfotecs GmbH 2008
Initial situation: your company uses an internal network (LAN) with various domestic locations and others abroad. The field service is running around with laptops. Homeworkers connect regularly to the HQ through the Internet. Requirement: everybody associated with the company has to communicate in a secure and cost effective environment over the internet with practically no restrictions.
you need to communicate by email with your colleagues in confidence that nobody can read, manipulate or destroy your correspondence.
you are traveling a lot on business. This means you want to connect through your laptop to your company network from every possible location – whether it is from the hotel, internet cafe, car, train or plane or elsewhere – as if you were sitting in your office room.......
Ideal would be… Ideal would be… 11
In reality this means a lot more:
Your own and the sensitive data of your clients are invisible to hackers.
Even within the company unauthorized persons could never compromise your communication – including the system administrator.
Ideal would be… 2Ideal would be… 2
Access to the company‘s internal website, CRM-system etc. is secure and simple.
„Chatting“(Instant Messaging) ist not outlawed by your company – actually it is welcomed as an every-day communication tool because it is efficient, easy to handle and safe.
You do not have scruples communicating sensitive information using email, chat, telephone or video over the internet. You know that NOBODY has insight into this sensitive information apart from the intended recipient.
No SPAM !
The usual situationThe usual situation
If you do not dispose of a simple solution including VPN and firewall your reality when communicating over the internet comes
down to this:
Any person who has access to a PC within your company network can – with the help of small utilities which you can easily get for free from the Internet – spy on your files, hack passwords, manipulate or steal financial data etc. - this threat is INSIDE your organization!
When you surf the internet specialists can do the same from the outside – this threat is OUTSIDE your organization.
Your PC or the whole network resembles a house with open doors and windows.
authentication: ensuring that communication takes place only between the intended and identified sender and recipient
The solution: a VPN with additional functionsThe solution: a VPN with additional functions
VPN is an acronym for "Virtual Private Network„. A VPN enables the VPN-users to communicate sensitive information to
each other in a secure and encrypted manner.
Every VPN must fulfill the following basic security requirements:
confidentiality: protection against unauthorised access to data
integrity: protection against data modification and manipulation
availability and access: data is available and accessible to authorized persons only as required
Organizations wanting to use the internet for cost saving reasons and for an increase in flexibility in communication as an alternative to dedicated communication lines.
Organizations with different locations, branches, international presence, field service, home workers etc.
Organizations and user groups with a demand for confidential communication (keywords: industrial espionage, company management, contracts, quotations, concepts, patients and client data and others).
Organizations having to comply with IT-security legislation.
Organizations which to the present day have not considered using the internet for security reasons.
Who needs a VPN-solution ? Who needs a VPN-solution ? 11
Companies in need of a verifiable, simple and secure access to their own ressources (CRM, ERP, internal websites etc.) using the internet.
ViPNet-VPN can also be used to enhance client loyalty.
ViPNet-VPN offers companies a tool for providing business models as an ASP.
The private user is not the classic VPN-client but is often connected to the company (mostly relatives or other people close to the company.)
Who needs a VPN-solution ? 2Who needs a VPN-solution ? 2
VipNet is a software based VPN-solution WITH ADDED VALUE FEATURES
reaching far beyond the classic VPN.
ViPNet is integrated into the existing network environment. No additional hardware, i.e. PC,
routers etc. have to be added.
What is ViPNet ? What is ViPNet ? 11
which differs from classic VPN-solutions by the following key points:
ViPNet-VPN is a software based VPN
client-to-client connectivity
integrated communication applications
unlimited scalability ease of implementation in existing
network environments
localizations
flexible pricing
cross-platform support
What is ViPNet? 2What is ViPNet? 2
ViPNet modules 1ViPNet modules 1
ViPNet consists of 3 software modules:
ViPNet modules ViPNet modules 11
ViPNet ClientEnd-user software
ViPNet modules functions:
ViPNet CoordinatorSoftware for server or corporate gateway
ViPNet Manager / AdministratorAdministrative software
installed on every VPN-user’s PC, enables transparent client-to-client or client-to-site connections for any user’s application programs, secures user’s data. Enables real time total protection of IP traffic
VPN-gateway with integrated corporate firewall, which also operates as an IP-address server within the VPN, as well as a Mail, Proxy and Tunnel server for secured connections
configures and manages the VPN, remote software and key’s upgrades
ViPNet modulesViPNet modules 22
Internet
Encrypted IP traffic
HEAD OFFICEBRANCH OFFICE
Mobile UserMobile User
VPNGateway
VPNGateway
Non-encrypted IP traffic
Classic VPNClassic VPN
Internet
Encrypted IP traffic
HEAD OFFICEBRANCH OFFICE
Mobile UserMobile User
InternetRouterInternet
Router
ViPNet Technology =Server-to-Server Client-to-Server
Client-to-Client traffic encryption
+
ViPNet VPNViPNet VPN
ViPNet Client
Personal Firewall Network traffic
encryption device A reliable protection of a user’s computer/server against both outside and LAN-borne attacks, including the ability to:
• filter the traffic by specified parameters (“white” and “black” lists of parties seeking connection, ports, protocols, user’s application
• make a VPN user invisible to external parties (the “stealth” feature)
• detect intruders using the built-in IDS system
• detect and block launching of malicious “spooks”.
Enables the protection (confidentiality, authenticity and integrity) of any traffic (generated by applications/control systems or OS traffic) going between any VPN objects, like workstations, information servers, application servers, networked machines or other nodes.
ViPNet ViPNet ClientClient
End user Software
IP-address resolution server within the VPN
VPN Proxy server
Tunnel
Firewall
NAT traversal
Internet lock/access server
Secure mail server
ViPNet ViPNet CoordinatorCoordinator
ViPNet CoordinatorCommunication Server that can be used as:
ViPNet ManagementViPNet Management
ViPNet Administrator
ViPNet Manager
Is a light version of ViPNet Administrator.
Does not require any intimate knowledge of network administration.
The "Creating a ViPNet" wizard is included in the module.
Perfect for small and medium networks creation.
Includes the following software modules: ∙Network Control Center ∙Key Center
Integrated certificate authority (CA)
Perfect for large networks creation
Network Control Center (NCC)
specifies VPN nodes, defines users and connections allowed between users, compiles address book and user rights databases for different VPN nodes
based on the company requirements, NCC defines corporate security policies for each specific VPN node and the powers of users/ local administrators with respect to modifying those policies locally
enables a secured automated delivery (with acknowledged receipt) to deployed network nodes of newly-compiled or modified, user rights databases and key-related information generated at the Key Center (e.g., symmetric keys, user certificates, lists of revoked certificates, etc.)
automatically updates ViPNet software on remote locations; remote access to event logs of ViPNet Client and ViPNet Coordinator
Network Control Center Network Control Center (NCC)(NCC)
Key Center (KC)
generates and subsequently updates initial key sets and passwords for network objects and users. The password can be stored on smart-cards, touch memory, e-tokens and other media
issues X.509 digital certificates for authentication of different network objects, including outside users
Key Center (KC)Key Center (KC)
infotecsinfotecs
ViPNet is offered in 3 packages:
For connecting any number of LANs and mobile users over ViPNet VPN. Contains all functions for design and administration of a VPN with unlimited scalability. ViPNet Administrator contains
proprietary certificate authority. Target group:Target group: Large enterprises, ASPs and ISPs
For connecting any number of LANs and mobile users over ViPNet VPN. Contains preconfigured security settings. ViPNet Manager contains “Creating a ViPNet” wizard.Target group:Target group: small and medium enterprises.
For tunneling IP/network traffic between remote offices or LANs. ViPNet Tunnel is used when no administrator access to the LANs is required. Target group:Target group: VPN-users of any size requiring a pure VPN tunnel solution between office networks.
ViPNet packages ViPNet packages 11
ViPNet packages 2ViPNet packages 2
ViPNet Packet Administrator Manager Coordinator Client IP Tunnel
ViPNet CUSTOM ∞ ∞ ∞
ViPNet OFFICE DemoViPNet TUNNEL Demo
2 2 2
ViPNet OFFICELight
2 2 2
ViPNet OFFICE Standard
2 10 8
ViPNet TUNNELStandard
2 1* 20
* ViPNet TUNNEL package consists of one ViPNet Client in order to set up a ViPNet Manager administrative workstation.
** ViPNet OFFICE and ViPNet TUNNEL can be extended further from the Standard Packet
5 technical reasons „Why ViPNet?“ ViPNet additionally focuses on client-to-client connections. As most competitors
manufacturing VPN-solutions offer only server-to-server or client-to-server connections, they rarely offer solutions, which take into account the threat from inside LANs.
The unique and over many years proven ViPNet technology allows VPN connections through corporate or local firewalls and proxy using NAT and NAPT.
ViPNet uses strong 256-bit encryption based on a proprietary combination of symmetric and asymmetric key exchange procedures. Supports 4 encryption algorithms – AES, GOST, 3DES and DES.
Every ViPNet module, which connects with the Internet, communicates through the integrated personal firewall and IDS.
Cross-platform support for MS Windows, Linux and Sun. The ViPNet Client runs on Windows or Linux and can communicate with ViPNet installed on a Windows, Linux or Sun workstation/server.
5 technical reasons to choose 5 technical reasons to choose ViPNetViPNet
5 commercial reasons „Why ViPNet?“
In contrast to classic VPN-solutions ViPNet provides value added features, which extend it into being an additional communication management tool by using integrated secure communication applications and other functions.
Additional security features like digital signatures, personal firewall, internet connection lock, Watch Dog and protection during the boot process turn the classic VPN into a ViPNet-fortress, which protects your data and communication from hackers, espionage, virus attacks and internal or global threats.
Easy configuration, a user friendly interface, which is partly integrated into the Windows interface, makes every-day work with the ViPNet-VPN a comfortable and understandable task without having to be an IT-specialist or security guru.
As ViPNet is a pure software solution the implementation of the VPN does not require any hardware extensions or restructuring of the network resulting in no additional costs or interruptions of the workflow.
Flexible price structure due to the possibility of adapting the ViPNet software configuration to the specific need of the customer.
5 commercial reasons to choose 5 commercial reasons to choose ViPNetViPNet
The advantages of these measures are obvious:
during and after the boot process of the PC no network attacks are possible, as ViPNet has an integrated firewall with IDS
network login is completely secured by the VPN, which itself is totally transparent for all network applications
One of the important characteristics of the ViPNet-software module is the full control over the traffic being exercised already during the boot process.
This control is possible due to the interaction of the ViPNet-Module with all drivers of the network adapters. The ViPNet login process takes place BEFORE the Windows-login, including initialisation of the keys
Boot Boot protectionprotection
Network Adapter Driver
ViPNet Driver
Internet Protocol (IP)Internet Protocol (IP)
TCP UDP
SSL
FTP SMTP IPTelephony
tool bar with the most important applications
configuration and administration
list of ViPNet users and their traffic rules
(users which are online are highlighted)
ViPNet Client ViPNet Client MonitorMonitor
Security Security levelslevels
The integrated personal firewall of the ViPNet Client offers 5 security levels. Security level 1 allows only ViPNet-VPN traffic.
Security level 3 is the default mode („Boomerang mode“) filtering all IP-adresses, ports and protocols.
Settings enable the ViPNet user to easily integrate the client software into an existing network structure. This characteristic is especially important for the mobile user who has to connect to the own VPN-network from different network environments and through third-party firewalls, proxies and connection devices (like DSL modem, etc).
SettingSettingss
Web-Link
Business-Mail
File Exchange
Conference
Chat (IM)
Communication Communication toolstools
ViPNet user secure applications
Send button
List of chat participants
Field to enter messages
Here you can add users to the chat or organize a chat conference.
These attributes confirm the status of the message :
S=Sent, D=Delivered, R=Read
All messages of the current session
ViPNet Chat / Instant ViPNet Chat / Instant MessagingMessaging
All current sessions
Address book
These attributes confirm whether a message has been delivered and/or read. S=Sent, E=Encrypted, R=Read
Every message is numbered to facilitate search options.
Inbox and Outbox as in every classic email client.
All messages are encrypted. After decryption you can read the contents here.
ViPNet Business ViPNet Business MailMail
File Exchange and Business-Mail are integrated into the context menu. With a convenient right click on to any document files are easily sent to the recipient.
In the File Exchange window the ViPNet-User can determine recipients, organize received files and check the status of sent files.
ViPNet File ViPNet File ExchangeExchange
Unauthorized persons without a ViPNet Client or valid keys cannot access this address. The web server stays invisible.
If on a ViPNet Client or a Coordinator a Web-Server is installed the ViPNet-Users benefit from a completely secure portal which is accessible only to authorized users. CRM- and ERP-systems, databases and intranet pages can be accessed from any ViPNet-PC in a secure fashion.
Web Web LinkLink