VPN Solutions
SECURITY SOFTWARE
A new approach to VPN solution
INFOTECS VPN solutions under the ViPNet brand have many technologic
dis-tinguishing features, which set them apart from the classic VPN products. That is why ViPNet is a good alternative to the SSL and IPSec standards concerning financial and security aspects.
ViPNet brand means both security and quality. In addition it has its own Key
management, which is based on combination of symmetric keys (preshared keys) infrastructure and PKI. Both processes are implemented simultaneously,
which mutually offsets the disadvantages of one technology with the advan-tages of the other.
ViPNet is a pure software solution. This circumstance allows integration of
ViPNet in different network structures, which are based on the Internet Protocol (IP). It is not necessary to adjust network structure to ViPNet VPN or interrupt the network functioning process during the VPN implementation.
In SMEs ViPNet can be used as a major and only security measure for network
protection, since it includes all known security services. In the large enterprises,
where usually corresponding security mechanisms are used, ViPNet can become an additional virtual layer of security system. It works independently from other security mechanisms such as the proprietary security tools of the operating system (user name and password) and does not interfere with other software or hardware solutions (Firewalls, Routers, Proxys etc.) which were implemented previously.
ViPNet technology supports all types of Internet connections or Internet provid-ers, putting Client-to-Client connections on the first place. It provides very
flexible VPN scenarios for the mobile users, and allows separating highly secured sections inside the one single local network.
Besides the VPN functionality, the end user receives additional security mecha-nisms such as an Integrated Firewall for the local sensible data protection,
because the security of the private network is determined by the security of its components - devices on which Client or Server software runs. The software is very easy to install and it does not require any intimate knowledge from the user’s side. The ViPNet driver processes the entire TCP/IP traffic and blocks it in
case of necessity. Software has preconfigured security settings, which exclude the dangerous mistakes while software setup. The integrated communication applications make the day to day work more secure and the user in each
ViPNet: Custom-build solution for every situation
Encrypted communication via Internet Unique Client-to-Client Technology Protected e-Business
Mobility instrument for your workers
VPN Client with integrated Firewall and IDS-Sys-tem
Safe access to Company’s resources (CRM, CMS, ERP, Intranet etc.)
No investments in expensive hardware
Easy and quick adjustment to existing network structure
Spam free and digitally signed correspondence Protected IP-telephony, chat, videoconference Unlimited scalability
Unique technology which provides much more security than any other VPN solution
No high-priced management
Outstanding price/capacity correlation
AT A GLANCE:
ViPNet CUSTOM
is a flagship of the Infotecs Company. It is a configu-rable system, which can be customized to meet every end user’s requirements. With ViPNet CUSTOM, you get all you need for setting up a VPN with unlimited scalability for fulfilling e-business tasks with a single CA (Certification Authority). This solution suits best large public and commercial organizations.
It includes the following software modules:
ViPNet Administrator, ViPNet Coordinator, ViPNet Client
ViPNet TUNNEL
is designed for making protected connections between offices or LANs. The product is used when there is no necessity of access control inside each of the LANs, which are included in the VPN. It corresponds the „clas-sic“ Tunnel solutions.
It includes the following software modules: ViPNet Manager, ViPNet Coordinator
ViPNet MVS
(Managed ViPNet Service) — VPN on loan, rent-a-VPN: it is a business model for all IT Service Provid-ers including ISPs and ASPs. This service allows end users to enjoy for the reasonable price what only large enterprises with intensive capital investments can afford.
ViPNet OFFICE
is our VPN solution for small and medium size en-terprises (SME): this software package is used for building a VPN structure of any scope uncompli-cated and very fast without sacrificing any network performance.
It includes the following software modules:
ViPNet Manager, ViPNet Coordinator, ViPNet Client
All the VPN solutions offered by Infotecs Company can be configured and customized according to each end user’s needs and requirements. If a will to extend the existing network structure emerges (to increase the num-ber of Servers, Clients or IP-Tunnels) it can be easily done with ViPNet product licensing procedure.
ViPNet Client
is end-user software, which includes the following services: data flow encryption, personal firewall, control over applications’ network activity, secure mail-client, encrypted chat, file exchange, etc. ViPNet Client should be installed on each VPN participant’s workstation. Single installation is enough for the automatic network environment recognition and se-curity settings definition making it possible to fulfill the installation of ViPNet Client by in-experienced user without an intimate knowledge of network administration. Each ViPNet Client is provided with a clear user-friendly interface to communicate and exchange data with other VPN members. It doesn’t matter whether a user is actively exploiting the com-munication features of ViPNet Client or if he runs the software in a background mode, the traffic, computer and the user’s data will still be strongly protected. After the installation of ViPNet Client the VPN user can make no further changes however his data will be trans-mitted via protected channel.
ViPNet OFFICE
The main concept of ViPNet OFFICE is a distant but completely secure information exchange between two endpoints (for example, between two VPN-Clients also located inside the same LAN, or between a mo-bile notebook and server, or between Gateways located in different LANs, etc.). This security is provided on the very low network level, which is impossible to accomplish with SSL, while IPSec is very com-plicated and expensive in case of a client-to-client interaction so the most VPN vendors do not provide this opportunity.
Each ViPNet OFFICE package includes the three software modules: ViPNet Manager, ViPNet Coordinator and ViPNet Client. The installa-tion of ViPNet software module links the computer to ViPNet VPN.
ViPNet Manager
is a software utility, which enables you to create and configure the ViPNet VPN logical structure (to assign the necessary amount of Coordinators and Clients and define the relationship between them). This module also serves the key sets and passwords gen-eration for the installation of ViPNet Coordinators and Clients and their proper functioning. ViPNet Manager contains the “Build ViPNet VPN” wizard. It guides you through the building process of ViPNet network structure gradually. With this wiz-ard, you can establish a highly secure network even without an intimate knowledge of network administration.
ViPNet Coordinator
acts as a VPN Gateway and has various functions such as being an IP Address-, Proxy-, Tunnel-Server, a corporate firewall or Mail-Server for the integrated ViPNet Mail system. A computer with ViPNet Coordinator installed on it is a communication center of the ViPNet VPN, which ensures its functionality. A ViPNet network needs at least one ViPNet Coor-dinator. It can be installed on Mail-, Web-, File-, DB-Server etc., as well as on a regular workstation. It is recommended to install it on a computer, which has a static IP address or DNS name, which could be reached by all the other network nodes. All the network nodes regularly send their relevant IP information to the Coordinator, which in turn distributes information between all the network nodes in VPN. That ensures all VPN participants es-tablish client-to-client connections and communicate directly.
ViPNet FileExchange
(Protected data exchange)
FileExchange is a program designed for quick, simple and safe data exchange without cover letters between ViPNet users. Thanks to that feature, any data file can be easily sent from any location on the PC. Right mouse button click on a necessary file and “send file to ViPNet user” menu-item becomes available
FileExchange as well as Business Mail are integrated in Windows context menu. Thanks to this feature, sending data from any location on your PC is im-mensely simple.
Integrated E-Business Applications
ViPNet Client:
In contrast to other well-known VPN solutions ViPNet has integrated E-Business applications.
ViPNet Business Mail
(Protected mail client)
To send an e-mail to another ViPNet user you do not need to undergo special training. ViPNet Busi-ness Mail is configured as a classic mail client. You can also observe the status of your correspondence (sent/delivered/read). Your mail will automatically be encrypted and decrypted for you and signed with your digital signature. Each letter is numbered to ease e-mail search.
ViPNet Chat
(Protected instant messaging, “Chat”)
Thanks to this tool, you will stop using any other chat or con-ference with your colleagues and clients forever from a security standpoint. ViPNet Chat is used for exchanging instant short messages between ViPNet users. It is comparable to all the well known Instant Messaging Programs such as Yahoo! Messenger, ICQ, AOL Messenger, but unlike all them, the message exchange is transmitted via secure channels.
ViPNet MVS as a client-connecting instrument:
ViPNet technology gave a completely new meaning to such notion as „VPN Outsourcing: you don’t only provide your clients with a perfect security service, but you also receive an instrument for establishing a long lasting collaboration with them.
Not every organization can afford a detached IT department. High-qualified security specialists are rare and highly paid. To help your cli-ents not digressing from their primary business, you can volunteer to fulfill the task of protecting their computer information.
ViPNet technology makes the VPN solutions developed by Infotecs Company a perfect instrument for VPN-Outsourcing. MVS – Man-aged ViPNet Service – is the name of the service, which gives you the following benefits:
Customized development, implementation and centralized manag-ing of several enterprises’ VPN networks of any scope
Reasonable monthly payments for your clients instead of upfront high capital investments in proprietary VPN network and permanent-ly running payments for it administration
You receive a price attractive security service to bind your clients with a long lasting collaboration
Classic VPN-Outsourcing assumes that VPN-Gateways are always situated on the client side and are managed from there. The VPN connections between clients’ PCs are established only via these Gate-ways, which should obligatory have static IP address or DNS name. Thanks to ViPNet technology VPN gateway are not obliged to be lo-cated on the client side – VPN gateway (ViPNet Coordinator) can be situated on the provider side and fulfill a function of IP address resolv-ing for the ViPNet Clients from there. ViPNet Clients can be installed on regular workstations as well as on servers, which are not obliged to have static IP addresses by the way. Client PCs can be located any-where and still communicate via protected channel directly.
VPN on loan, rent-a-VPN
Small and medium size enterprises. Enterprises with no opportunity to build a full VPN infrastructure because of budget or personal reasons.
Enterprises which wish to cut down their expenses.
Enterprises which want to execute information security legal regulations.
Enterprises, which still fear the Internet because
of the security concerns.
ViPNet DISCguise
ViPNet DISCguise is a small footprint utility, which allows data stored on a machine’s hard disk to be kept completely secure. The program is simple to install and occupies less than 2Mb of disk space. A Windows Explorer style interface is used to select either individual files or a direc-tory structure to encrypt. Files and folders are protected with a strong encryption algorithm (256 bit AES) using a combination of a unique user key and the password entered at time of encryption. The overall encryp-tion strength is a funcencryp-tion of the password selected by the user at time of encryption.
Another application area of ViPNet DISCguise is the ability to encrypt files/folders for a safe e-mail transmission. It makes ViPNet DISCguise a pretty good alternative to PGP solutions.
Encryption software for local data
ViPNet Safe Disk
ViPNet Safe Disk stores your sensible data in a virtual folders protected by strong encryption. These folders are displayed as ordinary logical disks and the data stored in them is recognized as if it is another disk volume.
ViPNet Safe Disk provides an encryption in the
real time mode („on-the-fly“) for your Note-book or your desktop PC. In the working pro-cess, the system is creating files so-called “con-tainers”, whose size is specified by user. These containers are displayed as ordinary logical disks in Windows and are recognized by Windows Ex-plorer. Password authentication is performed once on the entire volume. Once access has been granted to the volume, users can create, read, write, drag, drop and copy files to and from the volume just as if it were another hard drive. All information that the user stores on the disks is kept encrypted. When read, the information is being automatically decrypted, when saved-encrypted. This process is completely transpar-ent to a PC user.
VIPNET SAFE DISK FEATURES
AT A GLANCE:
256 bit strong AES encryption Supports external authentication devices — USB Flash Disk, Smart-Card, iKey
«Panic mode» – fast hiding of containers with sensible data
«Violent panic mode» – extreme measure of protection: all container protection keys are deleted and the information, kept in all containers, is lost forever
Integrated data deletion utility — guarantees that your data will never be restored
ViPNet Safe Disk Mobile:
This program solves the problem of information security on the PDA.
The data is stored encrypted and password-protected even when your device is switched off or in “stand by” mode. The solution has the same principle of operation as ViPNet Safe Disk - once the system is turned on, con-tainers are recognized as another storage cards.
Current
VPN Standard Proprietary key management system: SIMULTANEOUS usage of symmetric keys (preshared keys) infrastructure and PKI Encryption algorithms AES, GOST, 3DES and DES
Key length Secure symmetric key und private key IKE Diffie-Hellman – 256 bit; public key IKE Diffie-Hellman – 1024 bit
Certificates Proprietary CA (Certification Authority) for the distribution and management of X.509 certificates (included in ViPNet CUSTOM package)
Authentication Is based on symmetric keys system under the protection of crypto filtering. Immediate connection establishment after the request of VPN user in his VPN Client
The time required for establishing connection between two VPN objects
None — there is no authentication session; it guarantees no disturbance in network services functioning or in LAN in general.
VPN connection types All existent VPN connection types: Server-to-Server
Client-to-Server Client-to-Client Maximal number of simultaneous connections on one
VPN host supported unlimited
NAT Traversal Works over Firewalls, Router and other NAT devices. – UDP Encapsulation (a free definable UDP port) – UDP Keepalive
Access control / Integrated Firewall – centralized connections management of the entire VPN
– cryptographic filtering by means of symmetric keys and one session IDs – Packet filter (IP address, protocol, port, service)
– Application control – IDS
Preconfigured security settings ViPNet Client and Coordinator are set by default in one of the five security levels so called „Stealth“ mode
Administration – Centralized generation and management of VPN structure – Remote keys update
– Remote software update
– Connection protocol (local and remote) etc.
Clustering / Fail-safe operation Yes, Coordinator clustering with failover function for Linux, for Windows in progress
Operating Systems supported Windows Me/2000/XP/2003 Server/Vista;
Linux, Solaris (Sparc) – only for ViPNet Client and Coordinator. PCs with other Operating Systems can be tunneled through ViPNet Coordinator
PC Hardware Standard PC with
– min. CPU Pentium II 400MHz – min. 128 MB RAM
– CD-ROM drive
– Minimum free disk space: 50 MB
Network LAN: 10/100 Mbps Ethernet, Gigabit-Ethernet, WiFi WAN: xDSL, ISDN, Analog, GPRS/UMTS etc.
ViPNet VPN Specification
Infotecs GmbH
Internet Sercurity Software Hebbelstr. 41
D-14469 Potsdam Tel. +49 331 8170376 Fax:+49 331 8170377
E-Mail: [email protected]
More information about ViPNet products you can find on www.infotecs.biz
