|
|
 |
|
Astaro
Secure Client for VPN Networks
A
Virtual Private Network (VPN) allows organizations
to use the Internet for communication with
mobile employees and remote offices at a low
cost while maintaining excellent security.
The
Astaro Secure Client ensures the highest levels
of security for VPN conncections.
It provides strong user authentication and
end-to-end encryption so that mobile workers,
home workers, and remote offices can communicate
securely over the Internet with a central
VPN gateway.
|
Additional
Resources:
|
 |
An
integrated stateful packet inspection
firewall protects the user's computer
as soon as it is started, even if the VPN conncetion
is not established. Automated Hot-Spot
detection dynamically opens only those
ports needed for Hot-Spot-Logon.
The
Astaro Secure Client also includes an
integrated dialer to simplify operations
and improve the security of the remote systems.
The
Astaro Secure Client is easy to install
with a configuration wizard and offers a user-friendly
access to the VPN with either an automatic
or manual dialing mode. |
Advanced
Features
The
Astaro Secure Client offers an impressive feature
set, including:
- IPSec,
Internet Key Exchange (IKE), Main Mode
- NAT-Traversal
for passing Network Address Translation (NAT)
devices
- Virtual
IP address support
- Perfect
Forward Secrecy (PFS)
- An
API for controlling the client with internally-developed
applications
- Compatibility
with Astaro Security Gateway appliances and software
and other IPSec-compliant VPN gateways
- Configuration
files generated on Astaro's VPN gateways can be
imported directly into the client
Strong
Authentication
The
Astaro Secure Client works with a number of strong
authentication methods to prevent unauthorized users
from gaining access to the corporate network:
| •
Pre-Shared Key (PSK) |
•
Smart Cards |
| •
X.509v.3 certificates |
•
USB Tokens |
| •
PKCS#11 |
•
Biometric devices |
| •
PKCS#12 |
|
Advanced
Encryption
You
can choose from a variety of advanced cryptographic
methods including:
| •
AES (128/192/256 Bit) |
•
RSA (1024-4096 Bit) |
| •
3DES, DES |
•
Diffie-Hellman groups 1, 2, 5 |
| •
Blowfish |
•
SHA-1, MD5 |
Personal
Firewall
A
stateful personal firewall and application dependent
filtering rules prevent hackers from taking control
of the remote system and causing damage or creating
a "backdoor" into the organization's central
network (denial of split tunneling).
The
personal firewall provides the following capabilities:
- stateful
packet filtering based on IP address, port number
and MAC address
- Application
control: bind packet filter rules to specific applications
- Automatic
recognition of connected location ("friendly
networks")
- Protection
against ARP spoofing
- Detailed
Logging of Firewall activity
- Seamless
integration with VPN client
Integrated
Dialer
By
providing an integrated dialer and line management,
the client
makes it easy to connect to central offices and
manage the
connections. Features include:
- International
dial-in
- Dialer
Protection - preventing Trojan dialers and spyware
from dialing
out to unknown telephone numbers
- Multiple
remote subnets for the same connection definition
- Specification
of connection-specific DNS and WINS servers
- Failover
to an alternative gateway
- Prevention
of misconfiguration by users
Network
Topologies
By
supporting a wide variety of communications technologies,
the client can be used in any networking environment:
| •
LAN/Ethernet |
•
ISDN (channel bundling) |
| •
Wireless LAN (WLAN) |
•
Modem |
| •
DSL, PPPoE, PPPoA |
•
GPRS, UMTS |
|
|
|
