Connectra Web Security Gateway - Check Pointremote endpoint provides strong authentication like...

4
1 puresecurity PRODUCT DESCRIPTION Connectra is a complete Web Security Gateway that unifies SSL VPN access with comprehensive endpoint security and integrated intrusion prevention. PRODUCT FEATURES n Secure SSL VPN remote access n Comprehensive endpoint security n Integrated intrusion prevention n Appliance or software platforms PRODUCT BENEFITS n Delivers Web-based secure remote access for an extensive range of enterprise applications n Shields information from malicious spyware and malware on remote endpoints n Defends the integrity of internal infrastructure from worms and attacks n Provides standalone or full SmartCenter central management n Protects against new threats through SmartDefense Services Connectra Web Security Gateway Web connectivity with unmatched security YOUR CHALLENGE Access to information is critical to modern businesses, and, increasingly, employees and business partners need to access it anytime from virtually anywhere. Sharing timely information increases your business competitiveness, partnership effectiveness, and employee productivity. And sharing this informa- tion requires a solution that is universally available and easy to use—even for the lay user. In addition to enabling ubiquitous access, the confidentiality and integrity of this information is even more important in today’s information-driven economy. Yet the explosion of spyware, like keystroke loggers and Trojan horses, threat- ens the confidentiality and integrity of information shared with remote users. Bottom line, you need to provide easy access to information from anywhere while ensuring that your enterprise IT resources retain their security everywhere. OUR SOLUTION Connectra is a complete Web Security Gateway that provides SSL VPN access and comprehensive endpoint and integrated intrusion prevention security in a single, unified solution. By combining SSL VPN connectivity and security in one solution, organizations can effectively deploy SSL VPNs safely and securely to a diverse set of users while ensuring the confidentiality and integrity of information that is critical to business success. And Connectra is supported by SmartDefense Services, which protect against new threats by providing real-time defense updates and configuration advisories. The NGX platform delivers a unified security architecture for Check Point. The Connectra Web portal allows remote users to view email, browse Web links, run client/server applications, and access Web applications and shared files from the convenience of a Web browser.

Transcript of Connectra Web Security Gateway - Check Pointremote endpoint provides strong authentication like...

Page 1: Connectra Web Security Gateway - Check Pointremote endpoint provides strong authentication like token-based authentication and has current antivirus software installed and running.

1

puresecurity

Product descriPtionConnectra™ is a complete Web Security Gateway that unifies SSL VPN access with comprehensive endpoint security and integrated intrusion prevention.

Product featuresn Secure SSL VPN remote access

n Comprehensive endpoint security

n Integrated intrusion prevention

n Appliance or software platforms

Product benefitsn Delivers Web-based secure

remote access for an extensive range of enterprise applications

n Shields information from malicious spyware and malware on remote endpoints

n Defends the integrity of internal infrastructure from worms and attacks

n Provides standalone or full SmartCenter™ central management

n Protects against new threats through SmartDefense™ Services

Connectra Web Security GatewayWeb connectivity with unmatched security

Your ChallengeAccess to information is critical to modern businesses, and, increasingly, employees and business partners need to access it anytime from virtually anywhere. Sharing timely information increases your business competitiveness, partnership effectiveness, and employee productivity. And sharing this informa-tion requires a solution that is universally available and easy to use—even for the lay user.

In addition to enabling ubiquitous access, the confidentiality and integrity of this information is even more important in today’s information-driven economy. Yet the explosion of spyware, like keystroke loggers and Trojan horses, threat-ens the confidentiality and integrity of information shared with remote users.

Bottom line, you need to provide easy access to information from anywhere while ensuring that your enterprise IT resources retain their security everywhere.

our SoluTIonConnectra™ is a complete Web Security Gateway that provides SSL VPN access and comprehensive endpoint and integrated intrusion prevention security in a single, unified solution. By combining SSL VPN connectivity and security in one solution, organizations can effectively deploy SSL VPNs safely and securely to a diverse set of users while ensuring the confidentiality and integrity of information that is critical to business success. And Connectra is supported by SmartDefense™ Services, which protect against new threats by providing real-time defense updates and configuration advisories.

The NGX platform delivers a unified security architecture for Check Point.

The Connectra Web portal allows remote users to view email, browse Web links, run client/server applications, and access Web applications and shared files from the convenience of a Web browser.

Page 2: Connectra Web Security Gateway - Check Pointremote endpoint provides strong authentication like token-based authentication and has current antivirus software installed and running.

2

Connectra Web Security Gateway

Connectra with Integrity Secure Workspace, shown here, gives users a completely isolated desktop which gives them a confidential place to access information even when on a guest machine.

secure Web-based connectiVitYConnectra is a Web Security Gateway that enables remote users to access corporate resources. It provides both Web-based and network-level access through the SSL encryption delivered in most Internet browsers. Through an integrated Connectra Web portal, users can access Web applications, Web-based resources, shared files, and email. For extra flexibility, administrators can customize the design of the Connectra Web portal, including support for multiple languages.

For non-Web, client/server applications, Connectra provides secure network-level access over the Web with SSL Network Extender™. Included with Connectra, SSL Network Extender is a browser plug-in that tunnels traffic from endpoint applications over SSL. It supports any IP-based application, including ICMP, TCP, and UDP, without requiring complex configuration to support each application. SSL Network Extender can even work on remote PCs without requiring administrator privileges.

With mobile PDAs and cell phones, Connectra offers SecureClient™ Mobile SSL VPN connectivity so users can access email and applications. SecureClient Mobile enables users to transparently roam in and out of connectivity to carrier data and WiFi networks and offers simplified firewall protection to prevent abuse of confidential data.

coMPreHensiVe endPoint securitYWith the integration of Integrity Clientless Security™, a clientless version of Check Point Integrity™, the industry’s most trusted endpoint security solution, Connectra secures network resources from remote PCs—regardless if they are used and/or owned by employees or partners, customers, or other network guests. It enforces network security policy for SSL VPN connections, ensures session confidentiality, and keeps the organization secure.

scans for spywareTo ensure that malicious processes, keystroke loggers, and Trojan horses are not installed on remote endpoints, Connectra scans for these and other spyware through remote users’ browsers. By disabling spyware and enforcing base-line security requirements before it grants SSL VPN access, Connectra stops identity and password theft and prevents data loss. In addition, SmartDefense Services delivers real-time updates for endpoint security checks.

ensures information confidentialityTo enable secure access even in unmanaged environments like airport Internet kiosk PCs, Connectra provides Integrity Secure Workspace, an option that provides a totally secure environment and which encrypts all session files such as attachments, cookies, emails, and passwords on the remote endpoint. This prevents sensitive corporate information from being viewed or stolen even after a session ends and the user leaves the PC.

Connectra can enforce an access policy requiring antivirus software and/or firewall installation before granting users access. Out-of-compliance users are offered links to self-remediation resources. Once in compliance, they are allowed to log in.

Administrators can also use Connectra to restrict access to individual resources based on the trust level of the endpoint and user. For example, one set of resources may be defined with a “high” sensitivity level and access allowed only if a remote endpoint provides strong authentication like token-based authentication and has current antivirus software installed and running. Similarly, another set of resources can be accessed only when someone is using the Integrity Secure Workspace.

HTTP, POP3, SMTP,IMAP, CIFS/SMB

Connectra Web Portal

Connectra

SSL Network Extender

Remote User Organization

IP

SSL

SSL

For network-level remote access, Connectra includes the SSL Network Extender browser plug-in to allow SSL remote access for any IP-based application.

Page 3: Connectra Web Security Gateway - Check Pointremote endpoint provides strong authentication like token-based authentication and has current antivirus software installed and running.

3

Web connectivity with unmatched security

Email Server

Authentication Server(optional)

ComprehensiveEndpointSecuritySmartCenter

Management(optional)

Integrated IntrusionPrevention

SSL

SSL

Check Point Connectra

Remote User • Employees • Business Partners • Mobile Users • Employee Home PC

Web Server

File Share Server

Non-WebApplication Server

Internet

Continued on page 4

inteGrated intrusion PreVentionIntegrated intrusion prevention provided by Connectra for SSL VPN access ensures the integrity of internal applica-tions. Integrated Stateful Inspection, Web Intelligence™, and Application Intelligence™ technologies offer protection against malicious activities and attacks over SSL VPN. For example, Connectra can prevent users from accessing confidential data using directory traversal or SQL injection attacks—a particular concern in extranet environments. Connectra can ensure that worms cannot spread through SSL VPN when a remote user is tunneling native applications. In addition, Connectra comes with a one-year SmartDefense Services subscription to ensure that integrated application protections are up to date.

easY dePLoYMent and ManaGeMentConnectra can be deployed in a network DMZ or on a trusted LAN and is easy to install and simple to manage. It supports several authentication options including LDAP, RADIUS, SecurID/ACE, or an internal database. For existing Check Point customers, a SmartCenter™ management server can be used for full central management. This enables organizations to use a single repository of definitions for users and groups, network objects, access rights, and security policies across their entire security and remote access infrastructure. Unified access policies will be enforced automatically throughout their distributed environment, empowering them to securely provision access from anywhere.

Protection aGainst neW tHreatsConnectra is supported by SmartDefense Services, which maintain the most current preemptive security for the Check Point security infrastructure. To help you stay ahead of new threats and attacks, SmartDefense Services provide real-time updates and configuration advisories for defenses and security policies. These ensure that Connectra endpoint security and intrusion prevention capabilities have the latest protections available.

fLeXibLe dePLoYMent oPtionsConnectra is available as an appliance or as software for open servers. See www.opsec.com for appliance and hardware options.

• Connectra appliances feature preinstalled Connectra software on dedicated Check Point or OPSEC™ certified appliances

• Connectra software is a software solution for open serv-ers. It installs SecurePlatform™ Pro, a hardened operating system, and Connectra software in less than 10 minutes

An intuitive Web-based administrative interface lets you quickly configure resources and applications. Assigning a security sensitivity level to a resource will enforce specific security requirements of the endpoint before access is granted to the resource.

Minimum connectra software requirementscPu Intel Celeron 2.4 GHz or equivalentMemory 512 MBdisk space 6 GB hard disk drive

To enable secure SSL VPN remote access, Connectra combines easy browser-based access with comprehensive endpoint and integrated intrusion prevention for Web connectivity with unmatched security.

Page 4: Connectra Web Security Gateway - Check Pointremote endpoint provides strong authentication like token-based authentication and has current antivirus software installed and running.

4

Worldwide Headquarters3A Jabotinsky Street, 24th Floor Ramat Gan 52520, Israel Tel: 972-3-753-4555 Fax: 972-3-575-9256 Email: [email protected]

u.s. Headquarters 800 Bridge Parkway Redwood City, CA 94065 Tel: 800-429-4391; 650-628-2000 Fax: 650-654-4233 www.checkpoint.com

©2003–2007 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoSa, DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Policy Lifecycle Management, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935, 6,873,988, and 6,850,943 and may be protected by other U.S. Patents, foreign patents, or pending applications.

February 28, 2007 P/N 502428

connectra aPPLiance sPecifications

Web connectivity

Secure connectivity• SSL v.3, TLS• 3DES (128, 256), AES (128, 256), RC4 (128)Connectra Web portal• Web: Citrix, dynamic links, JavaScript, Lotus iNotes, relative links, static links• Email access options: 1) Integrated Web interface for email servers using IMAP 2) Native email client via POP3S, SMTPS 3) Outlook Web Access 2000/2003/2007 access over SSL VPN• File sharing: Windows SMB/CIFS • On-demand applications: FTP, Jabber IM, RDP, SSH, Telnet, terminal emulation,

TN3270, TN5250, extensible• Languages: Bulgarian, English, French, German, Italian, Japanese, Polish,

Romanian, Russian, Spanish, and Traditional and Simplified Chinese• Supported browsers: Internet Explorer 5.5 or higher, Mozilla FireFox, Netscape

6 or higher, SafariSSL Network Extender• ActiveX and Java plug-ins• Application support: SSL VPN tunneling for any IP-based application, including

ICMP, TCP, and UDP• Networking options: DNS, Office Mode (internal IP address), and WINS support• Supported operating systems: Linux, Macintosh (including Intel-based),

Windows 2000/XPSecureClient Mobile (optional add-on)• SSL VPN client for Windows Pocket PC 2003/SE, Windows Mobile 5.0• Supports any IP-based application, DNS, Office Mode, and WINS• Integrated firewall features for mobile devicesAuthentication and authorization• Active Directory, client certificates, internal database, LDAP, RADIUS, RSA

SecurID• Dynamic Authorization grants access rights to resources based on

authentication type or endpoint security scan results

Performance and availability

High Availability and load sharing• ClusterXL® synchronization• Full stateful failover (active/active, active/passive)• Fully internal load balancing• IP virtualization• Synchronized configuration, session state,

individual user preferencesHardware acceleration• Connectra Acceleration Card for SSL encryption offload• Optional add-in, included with Connectra 6000 appliance

Integrated intrusion prevention

Web attack protection• Web Intelligence protection against malicious code transferred in Web-related

applications: worms, various attacks such as buffer overflows, command injections, cross-site scripting, customizable HTTP worm catcher, directory traversal, header rejection, malicious HTTP code, and SQL injection

Application level attack protection• Application Intelligence for traffic in SSL Network Extender. Connectra actively

protects organizations from both network and application attacks using Check Point’s Stateful Inspection and Application Intelligence technologies

Protection levels• Resources are defined with sensitivity levels. Access authorized based on

security of endpoint and authentication usedCookie protection• Cookies are protected and hosted on the gatewayAutomatic timeout• Automatic timeout of SSL VPN sessions, idle, and forced methods

Comprehensive endpoint security (optional add-on)

Integrity Clientless Security• Total endpoint inspection• Detects and disables malware and spyware: adware, browser plug-ins, dialers,

keystroke loggers, third-party cookies, Trojan horses, worms, and other hacker tools and undesirable software

• Checks for installed and updated antivirus software, PC firewalls, and other administrator-defined criteria before log in

• Policy compliance reporting—list unmet conditions by end user. Customizable remediation resources. Provide guidance and links to resources that enable out-of-compliance users to become compliant with enterprise access policy

Integrity Secure Workspace• Total endpoint confidentiality• Encrypts session data on remote endpoints and fully deletes protected data

after the session is completed• Monitors and controls applications so data cannot leave secure encrypted

workspace

Real-time security updates

SmartDefense Services• Includes one-year subscription for real-time updates for Application

Intelligence, Web Intelligence, and endpoint security protections

Management

Web-based administration• Web-based administration over SSL for configuration, monitoring,

and maintenance• Automatic configuration backup, archiving, and restoration• Restrictions by IP address• Configuration change loggingCentralized management• SmartCenter (requires NGX platform)• SmartDashboard™, Provider-1™, SmartView Monitor™, SmartView Status™,

SmartViewTracker™, SmartUpdate™, Eventia Reporter™, Eventia Analyzer™, Secure Internal Communication, SmartDefense Services

• SNMP

Connectra appliance.