Connectra Web Security Gateway
Total Page:16
File Type:pdf, Size:1020Kb
puresecurity PRODUCT DESCRIPTION Connectra Connectra™ is a complete Web Security Gateway that unifies SSL VPN access with comprehensive endpoint security Web Security Gateway and integrated intrusion prevention. Web connectivity with unmatched security PRODUCT FEATURES n Secure SSL VPN remote access YOUR CHALLENGE n Comprehensive endpoint security Access to information is critical to modern businesses, and, increasingly, n Integrated intrusion prevention employees and business partners need to access it anytime from virtually n Appliance or software platforms anywhere. Sharing timely information increases your business competitiveness, partnership effectiveness, and employee productivity. And sharing this informa- tion requires a solution that is universally available and easy to use—even for PRODUCT BENEFITS the lay user. n Delivers Web-based secure remote access for an extensive In addition to enabling ubiquitous access, the confidentiality and integrity of range of enterprise applications this information is even more important in today’s information-driven economy. Yet the explosion of spyware, like keystroke loggers and Trojan horses, threat- n Shields information from malicious ens the confidentiality and integrity of information shared with remote users. spyware and malware on remote endpoints Bottom line, you need to provide easy access to information from anywhere n Defends the integrity of internal while ensuring that your enterprise IT resources retain their security everywhere. infrastructure from worms and attacks n Provides standalone or full OUR SOLUTION SmartCenter™ central management ™ Connectra is a complete Web Security Gateway that provides SSL VPN n Protects against new threats access and comprehensive endpoint and integrated intrusion prevention through SmartDefense™ Services security in a single, unified solution. By combining SSL VPN connectivity and security in one solution, organizations can effectively deploy SSL VPNs safely and securely to a diverse set of users while ensuring the confidentiality and integrity of information that is critical to business success. And Connectra is supported by SmartDefense™ Services, which protect against new threats by providing real-time defense updates and configuration advisories. The Connectra Web portal allows remote users to view email, browse Web links, run client/server applications, and access Web applications and shared files from the convenience of a Web browser. The NGX platform delivers a unified security architecture for Check Point. 1 Connectra Web Security Gateway SECURE WEB-BASED CONNECTIVITY Connectra is a Web Security Gateway that enables remote users to access corporate resources. It provides both Web-based and network-level access through the SSL encryption delivered in most Internet browsers. Through an integrated Connectra Web portal, users can access Web applications, Web-based resources, shared files, and email. For extra flexibility, administrators can customize the design of the Connectra Web portal, including support for multiple languages. For non-Web, client/server applications, Connectra provides secure network-level access over the Web with SSL Network Extender™. Included with Connectra, SSL Network Extender is a browser plug-in that tunnels traffic from endpoint applications over SSL. It supports any IP-based application, including ICMP, TCP, and UDP, without requiring complex configuration to support each application. SSL Network Connectra with Integrity Secure Workspace, shown here, gives users Extender can even work on remote PCs without requiring a completely isolated desktop which gives them a confidential place administrator privileges. to access information even when on a guest machine. With mobile PDAs and cell phones, Connectra offers SecureClient™ Mobile SSL VPN connectivity so users can Ensures information confidentiality access email and applications. SecureClient Mobile enables To enable secure access even in unmanaged environments users to transparently roam in and out of connectivity to like airport Internet kiosk PCs, Connectra provides Integrity carrier data and WiFi networks and offers simplified firewall Secure Workspace, an option that provides a totally secure protection to prevent abuse of confidential data. environment and which encrypts all session files such as attachments, cookies, emails, and passwords on the remote COMPREHENSIVE ENDPOINT SECURITY endpoint. This prevents sensitive corporate information With the integration of Integrity Clientless Security™, a from being viewed or stolen even after a session ends and clientless version of Check Point Integrity™, the industry’s the user leaves the PC. most trusted endpoint security solution, Connectra secures Connectra can enforce an access policy requiring antivirus network resources from remote PCs—regardless if they are software and/or firewall installation before granting users used and/or owned by employees or partners, customers, access. Out-of-compliance users are offered links to self- or other network guests. It enforces network security policy remediation resources. Once in compliance, they are allowed for SSL VPN connections, ensures session confidentiality, to log in. and keeps the organization secure. Administrators can also use Connectra to restrict access to Scans for spyware individual resources based on the trust level of the endpoint To ensure that malicious processes, keystroke loggers, and user. For example, one set of resources may be defined and Trojan horses are not installed on remote endpoints, with a “high” sensitivity level and access allowed only if a Connectra scans for these and other spyware through remote remote endpoint provides strong authentication like token- users’ browsers. By disabling spyware and enforcing base- based authentication and has current antivirus software line security requirements before it grants SSL VPN access, installed and running. Similarly, another set of resources Connectra stops identity and password theft and prevents can be accessed only when someone is using the Integrity data loss. In addition, SmartDefense Services delivers real- Secure Workspace. time updates for endpoint security checks. For network-level remote Remote User Connectra Web Portal Organization access, Connectra includes the SSL Network Extender browser SSL plug-in to allow SSL HTTP, POP3, SMTP, remote access for any IMAP, CIFS/SMB IP-based application. IP SSL Connectra SSL Network Extender 2 Web connectivity with unmatched security INTEGRATED INTRUSION PREVENTION Integrated intrusion prevention provided by Connectra for SSL VPN access ensures the integrity of internal applica- tions. Integrated Stateful Inspection, Web Intelligence™, and Application Intelligence™ technologies offer protection against malicious activities and attacks over SSL VPN. For example, Connectra can prevent users from accessing confidential data using directory traversal or SQL injection attacks—a particular concern in extranet environments. Connectra can ensure that worms cannot spread through SSL VPN when a remote user is tunneling native applications. In addition, Connectra comes with a one-year SmartDefense Services subscription to ensure that integrated application protections are up to date. EASY DEPLOYMENT AND MANAGEMENT Connectra can be deployed in a network DMZ or on a trusted LAN and is easy to install and simple to manage. It supports several authentication options including LDAP, RADIUS, SecurID/ACE, or an internal database. For existing Check An intuitive Web-based administrative interface lets you quickly configure resources and applications. Assigning a security sensitivity Point customers, a SmartCenter™ management server can be level to a resource will enforce specific security requirements of the used for full central management. This enables organizations endpoint before access is granted to the resource. to use a single repository of definitions for users and groups, network objects, access rights, and security policies across their entire security and remote access infrastructure. Unified FLEXIBLE DEPLOYMENT OPTIONS access policies will be enforced automatically throughout Connectra is available as an appliance or as software for their distributed environment, empowering them to securely open servers. See www.opsec.com for appliance and provision access from anywhere. hardware options. PROTECTION AGAINST NEW THREATS • Connectra appliances feature preinstalled Connectra Connectra is supported by SmartDefense Services, which software on dedicated Check Point or OPSEC™ certified maintain the most current preemptive security for the Check appliances Point security infrastructure. To help you stay ahead of • Connectra software is a software solution for open serv- new threats and attacks, SmartDefense Services provide ers. It installs SecurePlatform™ Pro, a hardened operating real-time updates and configuration advisories for defenses system, and Connectra software in less than 10 minutes and security policies. These ensure that Connectra endpoint security and intrusion prevention capabilities have the latest protections available. Minimum Connectra software requirements CPU Intel Celeron 2.4 GHz or equivalent Authentication Server Memory 512 MB (optional) Disk space 6 GB hard disk drive Non-Web Application Server File Share Server Web Server Email Server Integrated Intrusion Prevention SSL Comprehensive Check Point Endpoint Security SmartCenter Connectra Management (optional) SSL Remote User • Employees • Business Partners To enable