NCP Secure Enterprise Management Next Generation Network Access Technology

Similar documents
Data Sheet. NCP Secure Enterprise Management. Next Generation Network Access Technology

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

Data Sheet. NCP Secure Enterprise Client Windows. Next Generation Network Access Technology

ZyWALL OTPv2 Support Notes

Kaspersky Endpoint Security 10 for Windows. Deployment guide

7.1. Remote Access Connection

Support of Windows Server 2012 The NCP Secure Enterprise VPN Server supports the Windows Server 2012 (64 bit) operating system.

Cisco Secure Access Control Server 4.2 for Windows

Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

Data Sheet. NCP Secure Enterprise VPN Server. Next Generation Network Access Technology

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

Data Sheet. NCP Secure Enterprise VPN Server Next Generation Network Access Technology

Table of Contents. Cisco Cisco VPN Client FAQ

A CrossTec Corporation. Instructional Setup Guide. Activeworx Security Center Quick Install Guide

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

TABLE OF CONTENTS NETWORK SECURITY 2...1

To participate in the hands-on labs in this class, you need to bring a laptop computer with the following:

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Remote Access Clients for Windows

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

Cisco VPN Concentrator Implementation Guide

Request for Proposal MDM Offeror s Questions for RFP for Virtual Private Network Solution (VPN)

Cisco IP Communicator (Softphone) Compatibility

RSA AUTHENTICATION AGENTS FOR MICROSOFT WINDOWS

Case Study for Layer 3 Authentication and Encryption

NETWRIX EVENT LOG MANAGER

CITRIX 1Y0-A14 EXAM QUESTIONS & ANSWERS

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

KASPERSKY LAB. Kaspersky Administration Kit version 6.0. Administrator s manual

Proof of Concept Guide

Step-by-Step Guide for Setting Up VPN-based Remote Access in a

Windows Server 2003 default services

Technical Notes TN 1 - ETG FactoryCast Gateway TSX ETG 3021 / 3022 modules. How to Setup a GPRS Connection?

A Guide to New Features in Propalms OneGate 4.0

BlackBerry Enterprise Service 10 version 10.2 preinstallation and preupgrade checklist

How To Make A Network Secure For A Business

Cisco Which VPN Solution is Right for You?

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

vcloud Director User's Guide

Installing CaseMap Server User Guide

Lesson Plans Managing a Windows 2003 Network Infrastructure

Core Protection for Virtual Machines 1

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Getting Started - Client VPN

msuite5 & mdesign Installation Prerequisites

Quick Start Guide for Parallels Virtuozzo

EXAM Recertification for MCSE: Server Infrastructure. Buy Full Product.

Important. Please read this User s Manual carefully to familiarize yourself with safe and effective usage.

Defender EAP Agent Installation and Configuration Guide

Pearl Echo Installation Checklist

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

Introduction to Mobile Access Gateway Installation

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

BorderWare Firewall Server 7.1. Release Notes

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

RSA Digital Certificate Solution

VMware Virtual Desktop Infrastructure (VDI) - The Best Strategy for Managing Desktop Environments Mike Coleman, VMware (mcoleman@vmware.

RSA SecurID Ready Implementation Guide

BlackBerry Enterprise Server Express for Microsoft Exchange. Version: 5.0 Service Pack: 4. Upgrade Guide

Secure Friendly Net Detection Server. July 2006

Aradial Installation Guide

ClickShare Network Integration

Installing and Configuring vcenter Multi-Hypervisor Manager

Quick Setup Guide. 2 System requirements and licensing Kerio Technologies s.r.o. All rights reserved.

Planning and Implementing Windows Server 2008

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Netop Remote Control Security Server

Understanding the Cisco VPN Client

Check Point FW-1/VPN-1 NG/FP3

Quick Start Guide for VMware and Windows 7

Sage Grant Management System Requirements

Implementing a Microsoft Windows 2000 Network Infrastructure

Innominate mguard Version 6

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

Cisco ASA. Administrators

Malwarebytes Endpoint Security Quick Start Guide Version September 2015

Prerequisites Guide. Version 4.0, Rev. 1

How To Install Powerpoint 6 On A Windows Server With A Powerpoint 2.5 (Powerpoint) And Powerpoint On A Microsoft Powerpoint 4.5 Powerpoint (Powerpoints) And A Powerpoints 2

DigitalPersona Pro Enterprise

Introduction of Quidway SecPath 1000 Security Gateway

BlackBerry Enterprise Service 10. Version: Configuration Guide

Step-by-Step Configuration

StruxureWare Data Center Expert Release Notes

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

RELEASE NOTES. Release Notes. Introduction. Platform. Product/version/build: Remote Control ( ) ActiveX Guest 11.

FEATURE COMPARISON BETWEEN WINDOWS SERVER UPDATE SERVICES AND SHAVLIK HFNETCHKPRO

AV-006: Installing, Administering and Configuring Windows Server 2012

Pulse Secure Desktop Client

User's Manual. Intego Remote Management Console User's Manual Page 1

System requirements for MuseumPlus and emuseumplus

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2

Transcription:

Data Sheet NCP Secure Enterprise Management Next Generation Network Access Technology General description NCP Secure Enterprise Management is the central component of the NCP Next Generation Network Access Technology. As single point of administration it creates the requisite transparency for network administrators to centrally manage mobile / stationary teleworkstations, remote/local VPN gateways as well as high availability server. The NCP software tool offers all functionalities and automation mechanisms that are required for commissioning and operation of a remote access project. Fig1. NCP Secure Enterprise Management central component of holistic remote access VPN solution Highlights Network Access Control comprehensive end device protection and central check Minimization of effort for mass rollouts and operation of remote systems Central issuing and management of certificates Minimization of operating costs (TCO - Total Cost of Ownership) Consistent transparency for the administrator thanks to extensive system monitoring Risk of incorrect configurations and incorrect operation is minimized High-availability (backup) and avoidance of redundant data storage High scalability (planning security) Integration in existing VPN infrastructures (investment protection) Integrated RADIUS Server Page 1 of 9

Features NCP Secure Enterprise Management consists of the Management Server and the Management Console. The Management Server is a database-based system and it corresponds with virtually any database via ODBC (e.g. Oracle, MySQL, MS SQL, MS Access, MaxDB). The Management Console is used as front end to call user data or configurations, and to save certificates. All relevant information is stored in the database and is usually integrated in VPN operator's backup process. Multi-company support makes Secure Enterprise Management a natural choice for implementation at Managed Security Service Providers (MSSP), in so-called managed VPNs, or in remote access structures, where multiple companies jointly use one VPN platform (VPN sharing). Fig. 2: Overview central management functionalities In all of these cases administrators of legally autonomous companies must have the capability to manage their shared VPN. This is done by forming groups and using a convenient method of assigning rights. Administrators are created in such a manner that each has exclusive access to his area, in other words to the units that he is responsible for managing. The possibility of encroaching on data of other clients in their protected areas is excluded. The automatic update process enables the administrator to provision software updates centrally for all remote systems, which will be installed automatically the next time the connected to the VPN. If malfunctions occur during the transmission, then the previously existing software version, as well as the configuration, remain unaffected. The software is only updated after complete error-free transmission of all predefined files. All data are transmitted in a highly secure manner, (encrypted in the VPN tunnel). The update can also be done without a VPN connection, as long as the end device is within the corporate network. An integrated RADIUS server is used to store and manage all client link profiles. Page 2 of 9

The Software Update Service also organizes central distribution of all parameters that are relevant for remote access, such as: - Configurations (profiles) - Software (updates, upgrades) - Soft certificates (PKCS#12 files) as user or machine certificate - Issuer certificates (root certificates) - International phonebooks (e.g. GoRemote (previously GRIC, Infonet, Uunet, ipass, MCI, etc.) Optionally the Backup Management Server ensures high-availability of the Management Server, which always has the current data repository available through an integrated replication service. Fig.3 Components and functionalities of a managed VPN All relevant data can be input or transferred interactively via the NCP Management Console, or it can be input or transferred in script-driven processes; i.e. user data, license keys, provider passwords, can be transferred to the Management Server per remote system (= managed unit), e.g. for a rollout. The NCP Secure Enterprise Server, or a server supplied by any manufacturer (see the compatibility list at www.ncp-e.com) can be implemented as VPN gateway. Secure Enterprise Management can thus be integrated within any existing IT infrastructure and it enables operation even in complex VPN environments. Another essential feature of the Management Server is license administration of the managed units. All licenses are transferred into a pool and are automatically managed in accordance with specified guidelines Functional examples: - Transfer in a configuration per remote client or gateway - Take-back when an employee leaves a company - Message in the event that no more licenses are available. Page 3 of 9

Management Console The Management Console provides powerful plug-ins for configuration and management of the managed units: Client Configuration System Monitor Client Firewall Configuration Remote Server Configuration Network Access Control PKI enrollment RADIUS Client Configuration Plug-In This plug-in enables configuration and administration of NCP Secure Enterprise Clients. All relevant parameters are predefined and stored in templates. An overview of the specific features: - Assignment of licenses (serial numbers / activation key) - Assignment of authentication codes for first connections during the rollout - Creation and administration of user profiles - Individual menu items and configuration values can be set as not visible or not changeable for the user. - Automated configuration of the user profiles for central components (RADIUS, LDAP, SNMP) - Pre-setting the Personal Firewall; it cannot be manipulated by the remote user - Extensive logging (versions, time stamps for configuration changes, automatic upload of client log files ) - VPN profile presets - Configuration and software update in LAN without VPN tunnel - Update is dependent on media type (e.g. GPRS, UMTS, DSL, WLAN) System Monitor Plug-In This plug-in provides fast information about all important events within a VPN installation, in the form of bargraphs or line diagrams. The administator can use the system monitor as needed to call up current status information in real time, or to access previously saved data repositories of the remote access environment. Fig. 4: System Monitor graphical interface (single point of administration) Page 4 of 9

Displays: 1. Status information The following events can be displayed on a group basis: - System restarts - Administrator logons (e.g. successful, rejected) - Client update logons (e.g. successful, rejected) - Software downloads per package - RADIUS logons (e.g. successful, rejected) Ratio displays of two events is possible. 2. History Display of all events within a certain period: - Hour, last hour, or the last 2, 3, 4, 6, 12 or 24 hours - Day; the last 2 or 4 days - Week; the last week - Month; last month or month before last - Current day, current week, current month Page forward, page back in the respective period in the displayed diagram Colors and views of the diagrams can be freely selected. Client Firewall Configuration Plug-In The NCP Secure Client software has an integrated Personal Firewall, which can be managed centrally for the enterprise versions. The Client Firewall Configuration plug-in enables granular adjustment of firewall rules per teleworkstation. The following configuration parameters can be set: - Application-independent and connection-independent filter rules - Filter rules based on protocol, port and address - Specifications for detection of friendly networks (IP address network, network mask, IP address of the DHCP server, MAC address) - Logging settings - Central specification of the user s possibilities to access the firewall configuration. - FND configuration (Friendly Net Detection) Server Configuration Plug-In Use this Plug-in, in order to configure and manage NCP s central Secure Enterprise Server and NCP s Secure Enterprise High Availability Server. If you use a gateway of a third-party supplier and the plug-in, only the features of our non-managed system (web interface) are available to you. NCP Secure Enterprise Server The administrator creates templates which are the basis for individual VPN gateway configuration. You can pre-define or configure the following parameter groups: - Link profiles - SSL VPN - Network Access Control / Endpoint Security - Firewall filter rules - IKE- and IPsec policies - Routing information / static routes - Issuing of Certificates (Machine Certificates) - License and version management NCP Secure High Availability Server Page 5 of 9

The administrator creates templates which are the basis for individual HA Server configuration. You can pre-define or configure the following parameter groups: - Secure Server (in combination with HA) - Load factors (load balancing) - External monitoring rules - License and version management Remote Server Configuration Plug-In This plug-in enables configuration and administration of decentralized NCP Secure Enterprise Gateways. Analogous to the Client Configuration plug-in, general templates are created, which are used as the basis for individual VPN gateway configurations. In holistic remote access VPN solutions, the issue is managing individual teleworkstations, as well as geographically distributed VPN gateways. The following parameter groups can be predefined or configured: Link profiles IKE and IPsec policies Routing information Creating certificates (machine certificates) License and version management PKI Enrollment Plug-In This function module is the connecting link between a Public Key Infrastructure (PKI) and the remote access VPN environment. The PKI Enrollment plug-in functions as Registration Authority (RA) and manages the creation as well as the administration of electronic certificates (X.509 v3) in conjunction with different Certification Authorities (CA). Supported CAs: T-Telesec NetPass, Microsoft, NCP Demo CA, others (e.g. RSA Keon) are possible via CMP (Certificate Management Protocol) A generated certificate can optionally be stored as soft certificate (PKCS#12) or on hardware, e.g. smart card or USB token (PKCS#12). The NCP Demo CA that ships with the product can be used to simulate a PKI during the test phase, however it is not intended for productive implementation. Conversion to an external CA is problem-free. The most important functionalities: Creation of certificates (also bulk mode) Extension of certificates (PKCS#7) Blocking certificates Distributing certificates (also multi client certificates) via the NCP Secure Management Server Creating the user configuration via LDAP in the directory service Creating a PAC (Personal Authentication Code) letter for the initial connection (initialization, licensing) Network Access Control Plug-In (endpoint security) Use this plug-in to define all security-relevant parameters that must be checked prior to an access to the corporate network. Compliance with the specified security policies is mandatory and cannot be bypassed or manipulated by the user. The system can check for the following client parameters: Operating system information e.g. version, hot fix status Secure Enterprise Client software version Services information File information Status of a virus scanner Contents of certain registry values Contents of certificates (user and hardware certificate) Page 6 of 9

Deviations from the target specifications are logged and can trigger different messages or actions, such as: Message display on the client Outputting a message in the monitor log Sending a message to the Management Server Sending a message to a Syslog server Release of all firewall rules or of a certain firewall rule VPN connection disconnect RADIUS Plug-In The RADIUS interface is optionally available for configuration of managed units (users) in the central VPN gateway. This plug-in is used to manage the integrated RADIUS server and it is responsible for the following functions: - Automatic creation of RADIUS accounts via the client and remote server configuration plug-ins - Support of PAP/CHAP requests - Capture of accounting data - Blocking users if there are repeated incorrect logon attempts - Management of multiple RADIUS configurations of various gateways - RSA Authentication Manager proxy functionality Optionally: Redundancy through backup RADIUS servers Advantage: Existing RADIUS servers can be combined, i.e. they can be replaced in an economical manner. Page 7 of 9

Technical data: Functionalities / available plug-ins: Automatic Update, Client Firewall Configuration, Client Configuration, Endpoint Policy Enforcement, Lizenzmanagement, PKI, RADIUS, Remote Server Configuration, Server Configuration, Skript and System Monitor. Version-version prerequisites for managed units: - Secure Enterprise Client as of V 8.x - Secure Enterprise Gateway as of V 7.x Scope of delivery: Management Server Management Console (with all available plug-in's) (Database system is not included in the scope of delivery) Options: - Managed Units - Secure Enterprise Management Server Backup System requirements: Operating systems: Management Server: 32-bit: Windows 2003 Server, Windows 2003 R2, Windows Server 2008 Linux kernel 2.6 as of version 2.6.16 (distributions on request) 64-bit: Windows Server 2008, Windows Server 2008 R2 Linux kernel 2.6 as of version 2.6.16 (distributions on request) Management Console: Windows XP, Windows Vista, Windows 7 Additional information for Management Server: - 512 MB RAM - CPU at least Pentium III-800 MHz (depending on the number of managed units) With RADIUS plug-in: Pentium IV-1.5 GHz - Hard disk: At least 50 MB free disk capacity plus disk capacity for log files and app. 20 MB per software package Supported databases: Oracle as of version 9.0 MySQL version 4.x, 5.0, 5.1 Microsoft SQL Server 2000-2008 Supported Certification Authorities Microsoft Certificate Services: - As "standalone CA : As of Windows 2000 Server - As integrated CA in the domane : As of Windows 2000 (certificate templates cannot be adapted) As of Windows 2003 Enterprise Server Supported virus scanners: Page 8 of 9

Under Windows 7, Windows Vista, Windows XP SP2 all virus scanners can be queried that supply their status to the Security Center via WMI (Windows Management Instrumentation) or NAC (Network Admission Control). Supported RFC's and drafts: RFC 2138 Remote Authentication Dial In User Service (RADIUS) RFC 2139 RADIUS Accounting RFC 2433 Microsoft CHAP RFC 2759 Microsoft CHAP V2 RFC 2548 Microsoft Vendor-specific RADIUS Attributes RFC 3579 RADIUS Support For Extensible Authentication Protocol (EAP) RFC 2716 PPP EAP TLS Authentication Protocol RFC 2246 The TLS Protocol RFC 2284 PPP Extensible Authentication Protocol (EAP) RFC 2716 Certificate Management Protocol RFC 2511 Certificate Request Message Format Draft-ietf-pkix-cmp-transport-protocols-04.txt Transport Protocols for CMP Draft-ietf-pkix-rfc2511bis-05.txt Certificate Request Message Format (CRMF) Page 9 of 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information