Featured Products by
Check Point Software Technologies
Check Point VPN-1 SecureClient
The Challenge:
The rapid adoption of VPN technology has created a new extended enterprise in which more internal corporate network resources are being made externally accessible. Increasing numbers of Remote Access VPN clients connect to corporate networks using Internet access technologies such as cable modems and Digital Subscriber Lines (DSL). The lack of security in these broadband environments, as well as "always on" Internet connectivity, leaves individual machines open to intrusion, thereby putting at risk both the client and the network to which it is connected.
While most network security managers concentrate on protecting their networks against external attacks, recent studies confirm that the majority of threats originate inside an organization. Therefore security measures such as access control, encryption, and user authentication must also be deployed internally. Data on desktop machines must be protected against unsanctioned access. Sensitive client-server communications must be protected against eavesdropping by unauthorized users. And every client system, whether local or remote, opens up a potential door into the corporate network if configured in an insecure manner.
The Solution:
VPN-1 SecureClient extends Check Point™ Software Technologies' market-leading network security solutions by enforcing security on client machines. While VPN-1 SecuRemote™ provides standard VPN connectivity with client-side encryption and user authentication, VPN-1 SecureClient adds powerful client security features such as access control and security configuration control. VPN-1 SecureClient strengthens the security of the entire corporate network by ensuring that intruders — such as users on shared outside networks — cannot take advantage of an insecure remote client machine to hijack an existing VPN connection into the corporate network. VPN-1 SecureClient also provides the ability to automatically verify that users' machines across the extended enterprise are configured securely.
Product Features
- Encrypts communications from remote and local clients
- Provides personal firewall policies for PCs within enterprise networks
- Enforces secure configurations on client systems
Product Benefits
- Protects client-gateway and client-server communications against eavesdropping and data tampering
- Safeguards the entire network by enforcing access controls on all clients
Strengthens overall enterprise security by requiring that network clients be configured securely
Flexible Deployment
VPN-1 SecureClient provides secure connectivity for both Remote Access and Intranet VPN clients. The VPN-1 SecureClient software installs on any Windows 9x/NT PC and supports all IP-based network communications. For telecommuters and mobile workers using either dial-up or broadband Internet connections, VPN-1 SecureClient supports both dynamic and fixed IP addressing. When installed internally, VPN-1 SecureClient protects critical business communications between desktop clients and either VPN-1 SecureServer or VPN-1 Pro.
 VPN-1 SecureClient can be deployed to secure either LAN clients or Remote Access VPN users. |
Personal Firewall Capabilities
Personal Firewall Capabilities
VPN-1 SecureClient provides sophisticated security for end users of remote
access VPNs. Using the same patented Stateful Inspection technology in the
market-leading FireWall-1®, VPN-1 SecureClient firewall policies provide access
control based on the source, destination, and type of network traffic received
by or sent from the client system. Security rules may be defined for users or
groups of users, enabling organizations with different types of remote access
VPN users—such as salespeople and IT staff—to tailor client security policies to
their users’ varying needs. These policies not only protect the data on client
machines from unauthorized access, but also eliminate these users’ vulnerability
to attacks from fellow users on shared networks. Unauthorized access attempts
can either be logged locally or sent as alerts to the management station.
Policy provides access control based on the source, Destination, and type of network traffic.
Security for user or groups.
 VPN-1 SecureClient settings are defined as "Desktop Security" properties of the enterprise security policy. |
Security Configuration Control
Secure Configuration Verification
VPN-1 SecureClient strengthens enterprise security by ensuring client machines
cannot be configured in a way that circumvents the enterprise security policy.
Using Secure Configuration Verification (SCV), managers can specify SCV checks—a
set of conditions that define a securely configured client system, such as the
current version of anti-virus software or the proper operation of the personal
firewall policy. These security checks are performed regularly to ensure that
only securely configured systems are connected to the corporate VPN.
Policy-based Architecture
VPN-1 SecureClient uses a centralized Policy Server to protect network clients. First, the VPN-1 administrator defines the level of client security to be deployed across the enterprise. This management decision consists of two components: the Security Policy to be installed on client machines, and the required Security Configuration settings to be enforced. The enterprise-wide security policy is automatically downloaded from the Policy Server to all network clients. Users must then successfully authenticate themselves, and their machines must meet the security configuration requirements, in order to establish VPN connections.
Support for Industry Standard Protocols
VPN-1 SecureClient supports industry standard VPN protocols and algorithms for complete compatibility with VPN-1 security policies.
| Encryption Algorithm | Key Length |
| Triple DES* | 168-bit |
| DES | 56-bit |
| FWZ-1 | 48-bit |
| DES-40* | 40-bit |
| CAST-40* | 40-bit |
| User Authentication |
| X.509 Digital Certificates* |
| IKE Pre-shared secret* |
| RADIUS |
| TACACS/TACACS+ |
| Token-based (two factor) |
| Operating System Password |
| FireWall-1 Password |
| S/Key |
| Public Key Algorithms | Key Length |
| RSA | 512-1024* bit |
| Diffie-Hellman | 512-1024* bit |
| Key Management |
| IKE (ISAKMP/Oakley |
| FWZ |
| * Supported for IKE |
 VPN-1 SecureClient can inform the end user when the client machine does not meet the enterprise security requirements. |
Enterprise Security Integration
VPN-1 SecuRemote and VPN-1 SecureClient work seamlessly with Check Point’s market-leading VPN-1 enterprise security suite. It is easy to incorporate secure remote access as part of an overall security policy. And because VPN-1 clients establish VPN tunnels directly with the VPN-1 Pro, all elements of an enterprise security policy are strictly enforced, including access control, user authentication, and logging.
Specifications
Operating System Windows 95
Windows 98
Windows NT 4.0 (SP3 or SP4)
ME
2000
XPDisk Space 20 MB Memory 64 MB Network Adapters No known restriction Media CD-ROM and Web download
About Us | Professional Services | Featured Products | Products Solution / Business Partners |
Network Security Tidbits | Place an Order | Online Credit Application | Events & Seminars
Career Opportunities | Site Map
Network Systems Integration
Land-mail: 2245 First Street, Suite 202, Simi Valley, CA 93065
Phone 1-805-579-1030 - Fax 1-805-527-9243
e-Mail:
info@nsi-solutions.com