 |
 VPN
Solutions
User features
ViPNet
Specification
 ViPNet software
Why
ViPNet (10 Reasons)
DOWNLOAD
FREE VPN DEMO
Documentation:
Brochures
Data Sheets
White papers
Case Studies
User guides
Security terms:
Encryption
Personal Firewall
Remote access
Security Policy
VPN
VPN Client
>> more >>
|
|
VPN solutions
ViPNet software
|
| |
|
ViPNet Administrator
includes the following software modules:
Network
Control Center
Key
Center
Network Control Center (NCC),
designed to configure and manage a VPN. The
NCC has the following functions:
 specified
network nodes, defines users and connections allowed
between users, compiles address book and user rights
databases for different network nodes and the Key
Center (KC);
defines standard security policies for each specific
node and the powers of users/ local administrators
with respect to modifying those policies;
enables a secured automated delivery (with acknowledged
receipt) to deployed network nodes of newly-compiled
or modified directories, user rights databases and
key-related information generated at the KC (e.g.,
symmetric keys, user certificates, lists of revoked
certificates, root certificates for the KCs on other
ViPNet-equipped networks, etc.);
acts promptly when key-related information on a
network site has been compromised;
automatically updates the ViPNet software on remote
locations;
remote access to event logs of ViPNet Client and
ViPNet Coordinator.
Key Center (KC)
generates
and subsequently updates initial keys and passwords
for network objects and users. Key data sets can
be delivered to VPN users via floppy disks, smart-cards,
touch memory, e-tokens and other means;
issues
X.509 digital certificates for authentication of
different network objects, including outside users.
To install the ViPNet Administrator software the
user needs an IBM PC with Windows 95/98/Me/2000/XP
operating system and at least 100 Mb free disk space.
The PC characteristics are determined by network
dimensions.
ViPNet Manager - is administrative software which helps you create and manage the ViPNet network structure and all necessary connections. Furthermore it is possible to create the distributed key sets and assign user passwords for different Coordinators and Clients. The "Creating a ViPNet" wizard is included in the module and it guides a ViPNet administrator through the set up process step by step. ViPNet Manager provides remote sending key sets to ViPNet nodes at changes (adding, removing nodes, changing associations, etc.) in the ViPNet network structure. In addition, Manager provides remote software upgrades for ViPNet nodes and a configuration backup.
ViPNet Coordinator
- a multifunctional module that can be used, depending
on a setup, as a:
IP-address
Server
- to provide real-time information about the status
of the VPN objects and their current IP-addresses;
Proxy
Server
- to handle "secure connections", e.g., to enable
the operation of secured computers within the VPN
on behalf of a single workstation;
Tunneling
Server
- to tunnel (encrypt) the traffic going
between unsecured computers/servers on the LAN to
the rest of the VPN (including mobile and remote
users) over public communications channels. In the
case of mobile and remote VPN users, the Tunneling
Server acts as a server providing access to LAN
resources;
Firewall
- to filter the traffic by specified
parameters (ports, protocols, address ranges, types
of services/applications) in accordance with prescribed
privacy policy. In using the Firewall, you can specify
individual filter rules for each available network
interface;
"Open
Internet" Server
- to filter and tunnel (isolate) untrusted
traffic coming to a secured LAN computer from the
external network, and virtually isolate this computer
during its external communication session from other
VPN objects;
Secure
Mail Server
- to support routing of secured mail
packages and control messages;
To install and run the ViPNet Coordinator software,
one needs an IBM PC with Windows 2000/XP or Linux or Solaris
operating system and at least 100 Mb free disk space.
The PC characteristics should be determined by the
network dimensions and the capacity of communications
channels.
The ViPNet
Client software that can be deployed on a workstation
to provide the following two main services:
Personal Firewall - a
reliable protection of a user's computer/server
against both outside and LAN-borne attacks, including
the ability to:
filter
the traffic by specified parameters ("white"
and "black" lists of parties seeking connection,
ports, protocols, server/application types);
make
a VPN user invisible to external parties (the "stealth"
capability);
detect
intruders using the built-in IDS system;
monitor
network activity of applications;
detect
and block launching of malicious "spooks".
TCP/IP Traffic Encryption Device
enables the protection (confidentiality, authenticity
and integrity) of any traffic (generated by applications/
control systems or OS traffic) going between any
VPN objects, like workstations, information servers,
application servers, networked machines or nodes.
ViPNet Client consists
of a network-level engine that enables traffic encryption
and/or filtering, and the ViPNet Client Monitor
software. The latter defines whether a user may
or may not, depending on the level of authority
delegated by the NCC, administer the local security
rules and provides a number of services including
secured chats and conferences, as well as the possibility
to call-in and securely use external programs and
applications. The high processing power of the encryption
driver enables a realtime protection of voice/video
traffic carried over TCP/IP networks.
ViPNet Client can be
installed on a workstation (mobile, remote or local)
or a server (such as database-, file, Web-, FTP,
SMTP, SQL servers, or any others) to secure their
operation. Also, it conducts traffic filtering and
SQL authentification and provides the COM interface
used for referring to cryptographic functions required
by Web applications and the low-level interface
needed to refer to the crypto-core functions.
Supplementary modules:
ViPNet
Client Business Mail - a native mail
client designed to operate within a VPN. It supports
the digital signature functions and the automated
processing of e-documents in accordance with prescribed
rules and procedures;
ViPNet
Client Safe Disk this modernized module
of a ViPNet Safe Disk standalone version operates
as part of ViPNet Client blocking any unauthorized
access to the secret disks of your computer (within
the VPN) while you connect over the external network
infrastructure.
To install and run the ViPNet Client software,
one needs an IBM PC with Windows 95/98/ME/2000/XP or Linux
operating system, with a modem or netcard and at
least 20 Mb free disk space.
Key benefits of ViPNet technology
System-oriented benefits:
As
software, ViPNet is a
versatile tool that can be deployed and used at
a low cost. Its introduction does not require any
dedicated standalone hardware. The ViPNet
components can be installed on your existing workstations,
Web-servers, file-servers, etc without sacrificing
any performance.
With
ViPNet, there is no need
to readjust the network equipment, change the topology,
routing structure and the established internal addresses
for different segments and remote sites on the existing
network, as it has the ability to assign a unique
virtual address to each VPN object.
ViPNet
enables encapsulation of all types of IP data into
a single UDP-format (as recommended by IETF). This
allows the ViPNet components
to be used together with existing 3rd party proxy-servers
and firewalls.
Using
a set of IP address servers (part of the ViPNet
Coordinator component)
ViPNet can, unlike other VPN technologies,
fully support the activities involved in the dynamic
IP address assignment, including the automated adjustments
for remote users who communicate without knowing
a priori each other's IP address.
ViPNet
integrates VPN solutions with a system of distributed
personal firewalls (the ViPNet Client component)
and gateway's firewalls (ViPNet Coordinator component).
This integration is managed from a single Network
Control Center (ViPNet Administrator component),
the result being a streamlined, optimized and efficient
network security control.
The
ViPNet technology allows
the software versions, access rights directories
and VPN workstation keys to be safely updated from
remote locations. This reduces the need for modernization
and re-configuration of your network, and cuts down
its maintenance costs.
Client-oriented benefits:
A
combination of a personal firewall and cryptography
makes the encrypted traffic really safe in comparison
with cryptography embedded in application software
used on a PC unprotected by a firewall, and therefore
remaining exposed to Internet attacks seeking to
obtain secret cryptographic keys. ViPNet implements
original "Boomerang" data security technology
(the "stealth" capability), which enables
a user's computer to become invisible to hackers
from outside world.
The
ViPNet engine operates at the IP packet level before
such packets have been transferred to a standard
TCP/IP stack, therefore, it has the ability to control
all IP traffic coming in and going out of the network
and secure any application, leaving the habitual
operating procedures unchanged. This allows the
ViPNet data protection solution to be introduced
in your company without disrupting the established
business processes.
The
implementation of a point-to-point encryption of
the IP traffic between workgroup members for all
online applications (audio/video conferencing, secure
Web-browsing, etc.) without any intermediary servers
involved does not require any shared system resource
to support various client transactions. As a result,
the integral performance achieved with this software-based
security solution is comparable to that attained
with hardware-based solutions.
ViPNet
Client, the client-facing part of the ViPNet technology,
represents a unique synthesis of broad functionality,
clearness and easiness-to-use of available services.
As a matter of fact, ViPNet Client does not require
any adjustments to be made by the user. This feature
is particularly valuable for supporting mobile and
remote members of the VPN workgroup, unable to get
assistance from the system administrator.
|
|
|
|
