Data Sheet. NCP Secure Enterprise Management. General description. Highlights



Similar documents
NCP Secure Enterprise Management Next Generation Network Access Technology

Data Sheet. NCP Secure Enterprise Management. Next Generation Network Access Technology

NCP Secure Enterprise Management Next Generation Network Access Technology

NCP Secure Enterprise Management for Windows OS. New Features version 1.03 to 2.05

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Kaspersky Endpoint Security 10 for Windows. Deployment guide

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

Data Sheet. NCP Secure Enterprise Client Windows. Next Generation Network Access Technology

ZyWALL OTPv2 Support Notes

Cisco Secure Access Control Server 4.2 for Windows

Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab

7.1. Remote Access Connection

A CrossTec Corporation. Instructional Setup Guide. Activeworx Security Center Quick Install Guide

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Table of Contents. Cisco Cisco VPN Client FAQ

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

TABLE OF CONTENTS NETWORK SECURITY 2...1

KASPERSKY LAB. Kaspersky Administration Kit version 6.0. Administrator s manual

Support of Windows Server 2012 The NCP Secure Enterprise VPN Server supports the Windows Server 2012 (64 bit) operating system.

Data Sheet. NCP Secure Enterprise VPN Server. Next Generation Network Access Technology

Step-by-Step Guide for Setting Up VPN-based Remote Access in a

Data Sheet. NCP Secure Enterprise VPN Server Next Generation Network Access Technology

To participate in the hands-on labs in this class, you need to bring a laptop computer with the following:

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

CITRIX 1Y0-A14 EXAM QUESTIONS & ANSWERS

Core Protection for Virtual Machines 1

Pearl Echo Installation Checklist

Cisco VPN Concentrator Implementation Guide

Case Study for Layer 3 Authentication and Encryption

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Getting Started - Client VPN

Technical Notes TN 1 - ETG FactoryCast Gateway TSX ETG 3021 / 3022 modules. How to Setup a GPRS Connection?

Step-by-Step Configuration

A Guide to New Features in Propalms OneGate 4.0

RSA SecurID Ready Implementation Guide

AV-006: Installing, Administering and Configuring Windows Server 2012

Secure Friendly Net Detection Server. July 2006

Lesson Plans Managing a Windows 2003 Network Infrastructure

Quick Setup Guide. 2 System requirements and licensing Kerio Technologies s.r.o. All rights reserved.

Cisco Which VPN Solution is Right for You?

Cisco IP Communicator (Softphone) Compatibility

Important. Please read this User s Manual carefully to familiarize yourself with safe and effective usage.

Planning and Implementing Windows Server 2008

How To Set Up Safetica Insight 9 (Safetica) For A Safetrica Management Service (Sms) For An Ipad Or Ipad (Smb) (Sbc) (For A Safetaica) (

EXAM Recertification for MCSE: Server Infrastructure. Buy Full Product.

RSA AUTHENTICATION AGENTS FOR MICROSOFT WINDOWS

Proof of Concept Guide

70-417: Upgrading Your Skills to MCSA Windows Server 2012

Request for Proposal MDM Offeror s Questions for RFP for Virtual Private Network Solution (VPN)

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

AVG 8.5 Anti-Virus Network Edition

ClickShare Network Integration

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

Installing CaseMap Server User Guide

Defender EAP Agent Installation and Configuration Guide

MCSA Security + Certification Program

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Windows Server 2003 default services

Quick Start Guide for Parallels Virtuozzo

Automatic Hotspot Logon

How To Make A Network Secure For A Business

Quick Start Guide for VMware and Windows 7

NETWRIX EVENT LOG MANAGER

QUICK START GUIDE FOR CORE AND SELECT SECURITY CENTER 10 ENDPOINT SECURITY 10

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

Netop Remote Control Security Server

Windows 7, Enterprise Desktop Support Technician

Innominate mguard Version 6

Upgrade to Webtrends Analytics 8.7: Best Practices

NETASQ MIGRATING FROM V8 TO V9

Dlink DFL 800/1600 series: Using the built-in MS L2TP/IPSEC VPN client with certificates

msuite5 & mdesign Installation Prerequisites

Check Point FW-1/VPN-1 NG/FP3

Implementing Microsoft Security Networks Course No. MS2823 h 5 Days

This section provides a summary of using network location profiles to identify network connection types. Details include:

Sage Grant Management System Requirements

Software Operations Manual

Remote Access Clients for Windows

Release Notes for Websense Security v7.2

User's Manual. Intego Remote Management Console User's Manual Page 1

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2

CITRIX 1Y0-A17 EXAM QUESTIONS & ANSWERS

Introduction to Mobile Access Gateway Installation

BlackBerry Enterprise Service 10 version 10.2 preinstallation and preupgrade checklist

1. New Features and Enhancements in Service Release 9.31 Build 104

Minimum Software and Hardware Requirements

vcloud Director User's Guide

Implementing a Microsoft Windows 2000 Network Infrastructure

MCSA Objectives. Exam : TS:Exchange Server 2007, Configuring

Cisco ASA. Administrators

Software. Quidview 56 CAMS 57. XLog NTAS 58

Training Name Installing and Configuring Windows Server 2012

A guide to CLARiSUITE TM network solutions

BorderWare Firewall Server 7.1. Release Notes

Aradial Installation Guide

Transcription:

Data Sheet NCP Secure Enterprise Management General description NCP Secure Enterprise Management is the central component of the NCP Next Generation Network Access technology with integrated RADIUS server and certificate management. As single point of administration it creates the requisite transparency for network administrators to centrally manage mobile and stationary teleworkstations, as well as remote VPN gateways (such as those in branch office networks). The NCP software tool offers all functionalities and automation mechanisms that are required for commissioning and operation of a remote access project. Highlights Fig 1: NCP Secure Enterprise Management central component of holistic remote access VPN solution Network Access Control comprehensive end device protection and central check Minimization of effort for mass rollouts and operation of remote systems Central issuing and management of certificates Minimization of operating costs (TCO - Total Cost of Ownership) Consistent transparency for the administrator thanks to extensive system monitoring Risk of incorrect configurations and incorrect operation is minimized High-availability (backup) and avoidance of redundant data storage High scalability (planning security) Integration in existing VPN infrastructures (investment protection) Integrated RADIUS Server Page 1 of 8

Features NCP Secure Enterprise Management consists of the Management Server and the Management Console. The Management Server is a database-based system and it corresponds with virtually any database via ODBC (e.g. Oracle, MySQL, MS SQL, MS Access, MaxDB). The Management Console is used as front end to call user data or configurations, and to save certificates. All relevant information is stored in the database and is usually integrated in VPN operator's backup process. Multi-company support makes Secure Enterprise Management a natural choice for implementation at Managed Security Service Providers (MSSP), in so-called managed VPNs, or in remote access structures, where multiple companies jointly use one VPN platform (VPN sharing). Fig. 2: Overview central management functionalities In all of these cases administrators of legally autonomous companies must have the capability to manage their shared VPN. This is done by forming groups and using a convenient method of assigning rights. Administrators are created in such a manner that each has exclusive access to his area, in other words to the units that he is responsible for managing. The possibility of encroaching on data of other clients in their protected areas is excluded. The automatic update process enables the administrator to provision software updates centrally for all remote systems, which will be installed automatically the next time the connected to the VPN. If malfunctions occur during the transmission, then the previously existing software version, as well as the configuration, remain unaffected. The software is only updated after complete error-free transmission of all predefined files. All data are transmitted in a highly secure manner, (encrypted in the VPN tunnel). The update can also be done without a VPN connection, as long as the end device is within the corporate network. An integrated RADIUS server is used to store and manage all client link profiles. Page 2 of 8

The Software Update Service also organizes central distribution of all parameters that are relevant for remote access, such as: - Configurations (profiles) - Software (updates, upgrades) - Soft certificates (PKCS#12 files) as user or machine certificate - Issuer certificates (root certificates) - International phonebooks (e.g. GoRemote (previously GRIC, Infonet, Uunet, ipass, MCI, etc.) Optionally the Backup Management Server ensures high-availability of the Management Server, which always has the current data repository available through an integrated replication service. Fig.3 Components and functionalities of a managed VPN All relevant data can be input or transferred interactively via the NCP Management Console, or it can be input or transferred in script-driven processes; i.e. user data, license keys, provider passwords, can be transferred to the Management Server per remote system (= managed unit), e.g. for a rollout. The NCP Secure Enterprise Server, or a server supplied by any manufacturer (see the compatibility list at www.ncp-e.com) can be implemented as VPN gateway. Secure Enterprise Management can thus be integrated within any existing IT infrastructure and it enables operation even in complex VPN environments. Another essential feature of the Management Server is license administration of the managed units. All licenses are transferred into a pool and are automatically managed in accordance with specified guidelines Functional examples: - Transfer in a configuration per remote client or gateway - Take-back when an employee leaves a company - Message in the event that no more licenses are available. Page 3 of 8

Management Console The Management Console provides powerful plug-ins for configuration and management of the managed units: Client Configuration System Monitor Client Firewall Configuration Remote Server Configuration Network Access Control PKI enrollment RADIUS Client Configuration Plug-In This plug-in enables configuration and administration of NCP Secure Enterprise Clients. All relevant parameters are predefined and stored in templates. An overview of the specific features: - Assignment of licenses (serial numbers / activation key) - Assignment of authentication codes for first connections during the rollout - Creation and administration of user profiles - Individual menu items and configuration values can be set as not visible or not changeable for the user. - Automated configuration of the user profiles for central components (RADIUS, LDAP, SNMP) - Pre-setting the Personal Firewall; it cannot be manipulated by the remote user - Extensive logging (versions, time stamps for configuration changes, automatic upload of client log files ) - VPN profile presets - Configuration and software update in LAN without VPN tunnel - Update is dependent on media type (e.g. GPRS, UMTS, DSL, WLAN) System Monitor Plug-In This plug-in provides fast information about all important events within a VPN installation, in the form of bargraphs or line diagrams. The administator can use the system monitor as needed to call up current status information in real time, or to access previously saved data repositories of the remote access environment. Fig. 4: System Monitor graphical interface Page 4 of 8

Displays: 1. Status information The following events can be displayed on a group basis: - System restarts - Administrator logons (e.g. successful, rejected) - Client update logons (e.g. successful, rejected) - Software downloads per package - RADIUS logons (e.g. successful, rejected) Ratio displays of two events is possible. 2. History Display of all events within a certain period: - Hour, last hour, or the last 2, 3, 4, 6, 12 or 24 hours - Day; the last 2 or 4 days - Week; the last week - Month; last month or month before last - Current day, current week, current month Page forward, page back in the respective period in the displayed diagram Colors and views of the diagrams can be freely selected. Client Firewall Configuration Plug-In The NCP Secure Client software has an integrated Personal Firewall, which can be managed centrally for the enterprise versions. The Client Firewall Configuration plug-in enables granular adjustment of firewall rules per teleworkstation. The following configuration parameters can be set: - Application-independent and connection-independent filter rules - Filter rules based on protocol, port and address - Specifications for detection of friendly networks (IP address network, network mask, IP address of the DHCP server, MAC address) - Logging settings - Central specification of the user s possibilities to access the firewall configuration. - FND configuration (Friendly Net Detection) Remote Server Configuration Plug-In This plug-in enables configuration and administration of decentralized NCP Secure Enterprise Gateways. Analogous to the Client Configuration plug-in, general templates are created, which are used as the basis for individual VPN gateway configurations. In holistic remote access VPN solutions, the issue is managing individual teleworkstations, as well as geographically distributed VPN gateways. The following parameter groups can be predefined or configured: Link profiles IKE and IPsec policies Routing information Creating certificates (machine certificates) License and version management Page 5 of 8

PKI Enrollment Plug-In This function module is the connecting link between a Public Key Infrastructure (PKI) and the remote access VPN environment. The PKI Enrollment plug-in functions as Registration Authority (RA) and manages the creation as well as the administration of electronic certificates (X.509 v3) in conjunction with different Certification Authorities (CA). Supported CAs: T-Telesec NetPass, Microsoft, NCP Demo CA, others (e.g. RSA Keon) are possible via CMP (Certificate Management Protocol) A generated certificate can optionally be stored as soft certificate (PKCS#12) or on hardware, e.g. smart card or USB token (PKCS#12). The NCP Demo CA that ships with the product can be used to simulate a PKI during the test phase, however it is not intended for productive implementation. Conversion to an external CA is problem-free. The most important functionalities: Creation of certificates (also bulk mode) Extension of certificates (PKCS#7) Blocking certificates Distributing certificates (also multi client certificates) via the NCP Secure Management Server Creating the user configuration via LDAP in the directory service Creating a PAC (Personal Authentication Code) letter for the initial connection (initialization, licensing) Network Access Control Plug-In (endpoint security) Use this plug-in to define all security-relevant parameters that must be checked prior to an access to the corporate network. Compliance with the specified security policies is mandatory and cannot be bypassed or manipulated by the user. The system can check for the following client parameters: Operating system information e.g. version, hot fix status Secure Enterprise Client software version Services information File information Status of a virus scanner Contents of certain registry values Contents of certificates (user and hardware certificate) Deviations from the target specifications are logged and can trigger different messages or actions, such as: Message display on the client Outputting a message in the monitor log Sending a message to the Management Server Sending a message to a Syslog server Release of all firewall rules or of a certain firewall rule VPN connection disconnect Page 6 of 8

RADIUS Plug-In The RADIUS interface is optionally available for configuration of managed units (users) in the central VPN gateway. This plug-in is used to manage the integrated RADIUS server and it is responsible for the following functions: - Automatic creation of RADIUS accounts via the client and remote server configuration plug-ins - Support of PAP/CHAP requests - Capture of accounting data - Blocking users if there are repeated incorrect logon attempts - Management of multiple RADIUS configurations of various gateways - RSA Authentication Manager proxy functionality Optionally: Redundancy through backup RADIUS servers Advantage: Existing RADIUS servers can be combined, i.e. they can be replaced in an economical manner. Technical data: Current version: V 2.02 Supported functionalities / available plug-ins: Automatic Update, Client Firewall Configuration, Client Configuration, Endpoint Policy Enforcement, Lizenzmanagement, PKI, RADIUS, Remote Server Configuration, Server Configuration, Skript and System Monitor. Version-version prerequisites for managed units: - Secure Enterprise Client as of V 8.x - Secure Enterprise Gateway as of V 7.x Scope of delivery: Management Server Management Console (with all available plug-in's) (Database system is not included in the scope of delivery) Options: - Managed Units - Secure Enterprise Management Server Backup System requirements: Operating systems: Management Server: Windows 2000, XP, Vista, 2003 Server, Linux Management Console: Windows 2000, XP, Vista, 2003 Additional information for Management Servers: 512 MB RAM CPU at least Pentium III-800 MHz (depending on the number of managed units) With RADIUS plug-in: Pentium IV-1.5 GHz Hard disk: At least 50 MB free disk capacity plus disk capacity for log files and app. 20 MB per software package Page 7 of 8

Supported databases: Oracle as of version 9.0 MySQL version 4.x, 5.0, 5.1 Microsoft SQL Server 2000-2008 Supported Certification Authorities Microsoft Certificate Services: - As "standalone CA : As of Windows 2000 Server - As integrated CA in the domane : As of Windows 2000 (certificate templates cannot be adapted) As of Windows 2003 Enterprise Server Supported virus scanners: - Under Windows XP SP2 all virus scanners can be queried that supply their status to the Security Center via WMI (Windows Management Instrumentation) or NAC (Network Admission Control). - The following are supported under all Windows operating systems: H+B Antivirus : Product version and version of the virus definition file can be determined MCAfee : Product version and version of the virus definition file can be determined Supported RFC's and drafts: RFC 2138 Remote Authentication Dial In User Service (RADIUS) RFC 2139 RADIUS Accounting RFC 2433 Microsoft CHAP RFC 2759 Microsoft CHAP V2 RFC 2548 Microsoft Vendor-specific RADIUS Attributes RFC 3579 RADIUS Support For Extensible Authentication Protocol (EAP) RFC 2716 PPP EAP TLS Authentication Protocol RFC 2246 The TLS Protocol RFC 2284 PPP Extensible Authentication Protocol (EAP) RFC 2716 Certificate Management Protocol RFC 2511 Certificate Request Message Format Draft-ietf-pkix-cmp-transport-protocols-04.txt Transport Protocols for CMP Draft-ietf-pkix-rfc2511bis-05.txt Certificate Request Message Format (CRMF) Page 8 of 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information