NetOp Tech GmbH Remote Control. Education. Security

NetOp Tech GmbH Remote Control. Education. Security

Moving expertise – not people

NetOp Remote Control – Desktop Management for OS/2 - eComStationWarpstock Europe 2007

Andreas KietzmannManaging Director NetOp Tech GmbH


Agenda

Introduction of NetOp Tech GmbH

NetOp Product Pillars

Remote Control/Management Functionality

OS-Platforms

Presentation of NetOp Host for OS/2 - eComStation


NetOp Tech GmbH

Subsidary of Danware A/S

Established October 2006 in Stuttgart

Location since April 2007: Neu-Isenburg near Frankfurt

Objectives: Sales, marketing and support of the NetOp solutions

Number of employees: 9

100% indirect sales through channel


NetOp – Product Pillars

NetOp Desktop FirewallNetOp NetFilter

NetOp Learning CenterNetOp SchoolNetOp Instruct

NetOp Process Control -Scaleable safety solution with central management console for the monitoring of processes and communication on Desktop/Laptop computers

NetOp Net Filter – Centrally manageable Web filter.

NetOp Learning Center – eLearning Content Management Solution.

NetOp School - Solution for education, training and instruction in computer-based classrooms.

NetOp Instruct - Solution for computer-based advanced training, teamwork and internal communication in enterprises.


NetOp Remote ControlNetOp MobileNetOp On Demand

NetOp – Product Pillars

NetOp Remote Control – highly scalable software solution for remote maintenance of heterogeneous, complex IT environments for enterprises of all size.

NetOp Mobile - The remote control solution for the remote administration of mobile and industrial devices e.g. mobile phone, PDAs, Windows CE/Mobile was based controls.

NetOp On Demand - Web based remote control solution for the flexible employment e.g. for the support of external customers.


The complete, scalable and secure remote control software for IT professionals

Complete - one product covers allRemote control across multiple platforms - Windows, Linux, Mac, OS/2, SunRemote ManagementUnrivalled connectivity solutions available for LAN, WAN/Internet

Scalable – from few to thousands of usersHierarchical, sharable address bookIntegration with Directory ServicesMultiple Guest users sharing same screen

Secure – advanced authentication and unbreakable encryptionAuthentication by e.g. Smart Card, RSA SecureID and Directory ServicesNetOp Security Server for extended authentication and authorization Encryption implemented according to the toughest industry standards.

When quality matters


NetOp Remote Control today

NetOp Remote Control is designed specifically to meet the needs of corporate business, and is packed with numerous features to help IT professionals get the most out of remote control technology.

NetOp is typically used for

– Remote access to the user’s own computer

– Remote server administration

– Remote user support from a corporate Helpdesk


NetOp Modules Guest

– Allows a computer to remote control any computer running the Host module.

Host

– Allows a computer to be remote controlled by any computer running the Guest module.

Gateway

– An extended Host module that can route NetOp traffic across different communication protocols.

Name Server

– An extended Host module that can store NetOp names and resolve them into IP addresses.

Security Server

– An extended Host module that can control NetOp security management and logging.


Key Features

Remote control – superior quality supporting a large range of platforms.

Remote Management – computer management controlling services, registry, tasks, event log, shares and system state.

File transfer – split screen, copy, move, sync, clone, crash recovery and delta transfer.

Scripting – schedule file transfers and other operations like inventory scanning.

ActiveX components – integrate remote control and file transfer into other applications.

Chat, Audio Chat, Video Chat – allow users to communicate in text mode or verbally – supported by webcam video.


Key Features …

Multi Guest session – allows a number of Guest users to view and control the same Host desktop.

Run Program – launch programs at the remote computer.

Send Message – distribute popup messages in Rich Text Format which allows links to e.g. web sites.

Get Inventory – collect hardware and software information from remote computers.

Request Help – contact the help desk via NetOp and run an external application to auto-generate trouble tickets.

Communication devices – TCP/IP (IPv4), TCP/IP (IPv6), IPX, NetBIOS, Serial, TAPI, CAPI, IrDA.


Key Features …

Security – local and centralized, Native NetOp, Directory Services, RSA SecurID, Smart Card and Windows-integrated.

Encryption – implemented according to the toughest industry standards.

Event logging – local, centralized, Windows-integrated and management-integrated.

Session recording – save the Host screen activities in a file for later replay.

Snapshot - save the current Host desktop image as a file.

Deployment Utility – roll-out a large number of NetOp Hosts unattended.


Remote Control Remote control allows a user to view the desktop of a remote

computer from ones computer.

Take full control of remote keyboard and mouse.

Host desktops can be displayed in full-screen, optionally auto-scrolling window or fit window mode. Support for full-screen command prompt.

Remote control windows and the Guest application window are separate.

Multiple Guest sessions allow multiple Guests to view the same Host desktop.

Cascade remote control can chain Guest-Host sessions.


File Transfer The File Manager offers:

– Drag-and-drop transfer.

– Copy, Move, Synchronize, Clone.

– Crash recovery and Delta transfer.

– Select/deselect files/directories.

– Invert selections and Hotkeys.

– Local file transfer. Open and edit local and remote files.

– Progress bar with transfer details.

– Log with graphical viewer.


Multi Guest Session

The Multi Guest Session allows a number of Guest users to view the same Host desktop and in turn have keyboard and mouse control. Multiple instances of file transfer sessions and a shared text chat are enabled as well.

A Guest can withdraw keyboard and mouse control from another Guest computer or pass control to a specific Guest.

GuestGateway

HostFirewallInternet

Guest

Guest


Multi Chat

This feature allows multiple Guests to communicate online in formatted, line based text mode.


Request Help

Host users can request help from multiple help-providing Guest users at the touch of a button or unattended from a command line.

Optionally, customize help requests by a specified problem description, help service name, unique service tickets, communication profile and/or timeout.

A help request icon can be added to the tray and will also be available when the Host runs in stealth mode.

Incoming requests can start an action like send message and/or run an application - e.g. a helpdesk system that auto-generates a trouble ticket.

HostGateway

GuestFirewallInternet

Guest


Key Features

High Performance

Security

Stability

Superior Cross-platform Support

Multi-protocol Communication

Scalability


High Performance

Among the fastest in the world.

Only screen changes are transferred.

Windows version uses GDI-hooking.

Advanced event-driven region technique.

Uses bitmap caching.

Non-polling communication engine.

Strong compression algorithm.

Guest Host


Key Benefits

High Performance

Security

Stability



Scalability


Security Objectives

The main security objectives for NetOp are:

– To secure the Host against unauthorized access across the wire.

– To protect the traffic between NetOp modules against eaves-dropping and unauthorized alteration of data.

– To offer a broad range of alerting options.

– To prevent unauthorized change of the Host configuration.

– To offer extensive event logging.

Guest

Hosts

Firewall


Secure the Host from unauthorized access

To gain access to the Host, the Guest can be forced to meet up to six access criteria.

Guest

Host

2

1

3

5

4

6

MAC/IP address check

Closed user group

Authentication

Call back

User controlled access

Authorization


MAC/IP address check

The Host can filter the Guest addresses it communicates with based on:

– IP address (TCP and UDP).

– MAC address (IPX and NetBIOS).

When enabled, the Host only communicates with Guest computers if their addresses are listed.

Designed to use the original MAC/IP address (or the NAT address) of the Guest.

1


Closed User Group

Closed User Group serial numbers are supplied by Danware to:

– Deny any communication with modules not using the same Closed User Group serial number.

– Prevent employees from using the modules outside the organization.

– Prevent outside access to the organization.

2

HostGuest

1234…. 4321….?


Authentication

Authentication is the process of verifying the identity of a user based on a set of logon credentials.

Local authentication

– The identity information is available in a database on each Host computer.

Centralized authentication

– The identity information is available in a database on a shared remote computer.

3

CentralizedLocal

Host Authentication ServiceGuest


Centralized Authentication …

NetOp Security Server

– Authenticate the Guest identity against NetOp, Windows (via the Host), Directory Services, Microsoft CA (Smart Card) or RSA SecurID Authentication Services.

– Multiple Servers provide fault-tolerance and load-balancing.

– The Security Manager maintains the database service via an ODBC interface.

Guest Host AuthenticationService

SecurityServers

DatabaseService

SecurityManager

3


Centralized Authentication …

Smart Card Authentication

– By using a Smart Card and a Smart Card reader at the Windows Guest, the Windows Host is now able to authenticate the identity of the Guest user via the Security Server that communicates with a Windows 2000/2003 Server with Microsoft CA installed.

Guest Host Windows Domain

Controller

SecurityServer

DatabaseService Security

Manager

3


Call Back

Access to the Host computer is controlled by the location of the authenticated Guest user.

– For modem, ISDN or TCP.

– Depends on the authenticated identity.

– Can call back to a fixed address or to a Guest controlled address (roving).

4


User controlled access

Access to the Host computer is manually controlled by the Host user.

– The Host user allows or denies the access request.

– Option to bypass Confirm Access, if no user is logged on to the computer, computer is locked or Guest user already logged on to the Host computer.

– Customize the message appearing on the Host computer.

5


Authorization

Authorization is the process of determining which actions are allowed for an authenticated user, defined by Security roles.

Local authorization

– The security roles information is available in a database on each Host computer.

Centralized authorization

– The security roles information is available in a database on a shared remote computer.

6

CentralizedLocal

Host Database ServiceGuest


Authorization …

Security role

– A security role is a set of allowed actions.

– The user can create customized roles in addition to the built-in roles Full access and View only.

– One or more groups and user accounts can be assigned to each Security Role.

– Total allowed actions are calculated by adding actions from each Security Role the user has membership of.

– Confirmed access is required if it’s present in at least one Security Role.

6


Authorization …

Local authorization – NetOp Host

– Authorize the Guest’s allowed actions against the local NetOp database containing Security Roles.

– Local and centralized Authentication Services are used to check group membership to determine whether a user belongs to a Security Role or not. These includes NetOp, Windows or Directory Services Authentication Services.

6

Host AuthenticationService

Guest

SecurityRoles


Authorization …

Centralized authorization – NetOp Security Server

– Authorize the Guest’s allowed actions against a centralized Database Service containing Security Roles.

– Authentication Services are often used to check group membership to determine whether a user belongs to a Security Role or not. This covers NetOp, Windows, Directory Services, Microsoft CA (Smart Card) or RSA SecurID Authentication Services.

6

Guest Host AuthenticationService

SecurityManager

SecurityRoles

SecurityServers

DatabaseService


Protect the traffic

Encryption

– Data transmitted between Windows, Linux,Solaris and Mac OS X modules can be encrypted using the Advanced Encryption Standard (AES) with key lengths up to 256-bits. 7 different levels are available including NetOp 6.x/5.x compatible for communication with older NetOp modules.

Integrity and message authentication

– The integrity and authenticity of encrypted data is verified using the Keyed-Hash Message Authentication Code (HMAC) based on the Secure Hash Standards SHA-1 (160-bit) or SHA-256 (256-bit).

Key exchange

– Encryption keys for encrypted data transmissions are exchanged using the Diffie-Hellman method with key lengths up to 2048 bits and up to 256-bit AES and up to 512-bit SHA HMAC verification.


Security policies and options

Action after exceeding max. invalid logon attempts

– Disconnect, Disable Host or Restart Windows.

Action after disconnect:

– None, Lock computer, Log off Windows or Restart Windows.

File Transfer – Disable file transfer before local logon.

– Protect Host computer files.

– Ensure that Host user file rights are enabled.

Record sessions

– Save session-recordings for documentation.

– Enforce recording and disconnect if it fails.

Timeouts

– Confirm Access, Authentication and Inactivity.


Security policies and options …

Stealth mode

– Host is not displayed on the screen.

Host name not public

– Host does not respond to broadcast communication and hides its names and addresses.

User name disabled

– Host does not respond to connection attempts using the logged-on user name.

Connection notification

– Message and/or sound upon and/or during connection.

– Connection list.

– Balloon tips.

– Animated icon.


Prevent unauthorized change of the Host configuration

Host maintenance password

– Protects Guest access security.

– Protects all other configuration.

– Prevents the Host user from unloading the Host and stopping Host communication.

– Protects Host configuration files and disables the Tools menu commands, when the:

• Host is connected.• Host is communicating.


Extensive event logging

Multiple logging destinations:

– Local file – log NetOp events on the local computer.

– NetOp Server – log NetOp events in the database of a central NetOp Security Server group.

– Windows event log – log NetOp events to the local or a remote Windows Event Log.

– Management console – log NetOp events by sending SNMP traps to a SNMP enabled central management console like HP OpenView.

Large set of events

– More than 100 NetOp events can be logged.


Key Benefits

High Performance

Security

Stability



Scalability


Stability NetOp offers an incredible powerful feature set that interferes very little with the

operating system:

– Display device drivers are NOT replaced by a cover driver to capture the Host screen activity.

– On-the-fly configuration check of core settings.

– Recovery mechanism to provide high availability of the Host module.

– Low CPU utilization.

– Unique communication recovery.


Key Benefits

High Performance

Security

Stability



Scalability


Superior Cross-Platform Support By using a unique forwards and backwards compatible design

NetOp can offer remote control across different operating systems:

– Windows Server 2003, XP, 2000, NT 4.0, ME, 9x

– Windows CE, Windows Mobile

– Solaris/Linux

– Mac OS X

– OS/2, eComStation

– DOS / Windows 3.1x *

– ActiveX

– Terminal Services / Citrix

– Symbian OS *

* Available in other versions


Superior Cross-Platform Support example…

OS/2 - eComStation Host

– Remote control.

– Enhanced bitmap mode.

– UDP, TCP, IPX, Serial, CAPI, APPC.

– Default password security.

– Individual Guest ID and password security.

– Security Server authentication.

– Confirm access.

– File transfer.

– Text chat.


Key Benefits

High Performance

Security

Stability



Scalability


Multi-protocol communication …

Protocol support

– TCP (IPv4 and IPv6) and UDP including Dial-up networking, IPX, NetBIOS, Gateway (outbound), Serial modem, ISDN CAPI (1.1, 2.0), APPC is available in OS/2.

Communication profile

– A protocol and its configuration.

– Multiple communication profiles can be enabled at the same time.

Options

– Protocol-specific options including port numbers.



NetOp Gateway

– Extended Host module.

– Dial-in (Modem to LAN).

– Dial-out (LAN to modem pool).

– Internal routing (LAN to LAN).

– Terminal Server (LAN TS)↔

– WAN enabled (supports NAT, one-to-many routing).

– Multiple device support (e.g. multiple modems).

Guest Gateway HostFirewallInternet



NetOp Name Server

– Extended Host module.

– Stores NetOp names and IP addresses of NetOp modules using NetOp Name Server in separate name spaces.

– Frequent update. Names not updated are deleted.

– Called NetOp names are resolved into IP addresses that are used for connecting.

– Two public NetOp Name Servers are available on the Internet.

Guest

Name Server

Host

Internet Register name and IP address

Connect by IP address

1

3

Resolve name to IP address2


Scalability

NetOp is designed with scalability in mind to fit any organization.

– The Guest can handle from one Host and upwards.

– Number of phonebook entries is only limited by disk space.

– Number of concurrent connections is only limited by memory and CPU power.

– NetOp generates only a modest amount of network traffic during a session and uses a non-polling communication engine which only transmits if something changes or a command is issued.

– Multiple protocol-support spans from simple point-to-point connections and up to enterprise WAN.

– And finally NetOp can integrate into most management systems.


Technical Support

NetOp Tech offers 2nd level support in German language

Support exclusively to partners

Knowledgebase http://help.netop.com


Thank you for your attention.

Any Questions?

NetOp Tech GmbH, Dornhofstrasse 18, D-63263 Neu-IsenburgTel: +49-6102-83399-0 http://www.netop.com/de

Andreas Kietzmann Managing Director NetOp Tech

GmbH

NetOp Tech GmbH Remote Control. Education. Security

Documents

Transcript of NetOp Tech GmbH Remote Control. Education. Security