Personal Firewall
Security Features
In Remote Access it is essential to protect stationary and mobile PC workstations against potential hacker attacks. There are special safety requirements for mobile data communication via public wireless networks and hotspots. The client software must have extensive mechanisms that are adapted to each other, that ensure a highly secure end-to-end connection between tele-workstation, and corporate headquarters over any transmission medium.
All NCP Secure Clients have an integrated Personal Firewall, i.e. no additional personal firewall software is required on the tele-workstation. Additional advantages of the NCP solution:
- Central firewall management
- Simple configuration
- Operating system independence
- Detailed filtering rules
- Connection dependant behavior
- Extensive log functions
The Firewall Client can be configured for the NCP Secure Enterprise Client via NCP Secure Enterprise Management. The filtering rules are already defined for each remote client at rollout. Changes during operation are distributed to each user via automated procedures.
The specific functionalities of the NCP Personal Firewall:
1. IP Network Address Translations (IP-NAT)
IP-NAT hides the internal client address, so that it not vulnerable from outside.
2. Stateful Inspection
Rules for data transfer are specified, i.e. all outgoing and incoming data packets must correspond to filtering rules that have been determined previously. On the basis of defined characteristics, each incoming data packet is verified and is rejected in the event of non-agreement. This means: The Internet port of each computer is completely disguised and setup of undesired connections is prevented.
3. Application-dependant filtering rules
4. Protocol, port and address based filtering rules
5. Friendly net identification
Defined filtering rules are automatically activated depending on the network environment, in which the teleworker is located, e.g. LAN in the company or WLAN at In familiar networks other conditions apply, than apply in public, unfamiliar transmission networks. The network is automatically identified by analysis of one or more factors:
- Current network address
- IP address of the DHCP server
- MAC address of the DHCP server
6. Automatic hotspot recognition
Intelligent mechanism for secure release of network access via the browser on public VLANs (hotspots). Every further data transfer remains blocked, i.e. the user is also unassailable in this phase of a connection set-up.
7. Connection-dependent filtering rules
8. Extensive log options, such as:
- Protocol out/in
- Rejected data traffic
- Approved data traffic
Important:
The NCP Personal Firewall also remains active if the NCP Secure Client is deactivated (alternative pre-set is possible).