|
Check Point VPN-1 Gateway integrates access control, authentication,
and encryption to guarantee the security of network connections,
the authenticity of local and remote users, and the privacy
and integrity of data communications. VPN-1 Gateway supports
both site-to-site and, along with VPN-1 SecuRemote/SecureClient,
remote access VPN solutions.
 FireWall-1
Integration
Flexible
Authentication
Strong
Encryption
OpenPKI
Support
FireWall-1
Integration
For effective enterprise security and efficient administration,
VPNs must include integrated firewall capabilities. To this
end, VPN-1 Gateway includes the market-leading FireWall-1®
to secure all popular Internet services with Check Point's
patented Stateful Inspection technology. VPN-1 Gateway supports
more than 150 pre-defined applications, services, and protocols
out of the box, as well as important business applications
such as Oracle SQL, multimedia applications such as RealAudio,
and multimedia services such as H.323.
Flexible
Authentication
For maximum security and flexibility, VPN-1 Gateway provides
integrated support for multiple user authentication methods.
Mobile VPN users can be authenticated using smart cards, token-based
products like SecurID, LDAP-stored passwords, RADIUS or TACACS+
servers, pre-shared secrets, X.509 digital certificates, or
even advanced biometric techniques.
With Check
Point's unique Hybrid Mode Authentication, VPN-1 Gateway provides
additional flexibility by enabling organizations to utilize
any FireWall-1 supported authentication method in conjunction
with IPSec VPN deployments.
Strong
Encryption
Beyond ensuring that network access is secure, a VPN solution
must protect the privacy of the data being transmitted. By adhering
to the IPSec standard, VPN-1 Gateway automatically negotiates
the strongest possible encryption and data authentication algorithms
available between communicating parties. This includes the new
Advanced Encryption Standard (AES) Rijndael and Triple DES algorithms
for data encryption.
| Encryption
Algorithm |
Key
Length |
Rijndael
(Advanced Encryption
Standard - AES) * |
128-
and 256-bit |
|
Triple
DES* |
168-bit |
| DES |
56-bit |
| FWZ-1 |
48-bit |
| DES-40* |
40-bit |
| CAST-40* |
40-bit |
|
User
Authentication |
| X.509
Digital Certificates |
| Pre-shared
Secret |
| Hybrid
Mode IKE * |
| RADIUS |
| TACACS/TACACS+ |
| Token-based
(two-factor) |
| Operating
System Password |
| FireWall-1
Password |
| S/Key |
| Public
Key Algorithms |
Key
Length |
| RSA |
512-
to 1536-bit* |
| Diffie-Hellman |
512-
to 1536-bit* |
|
Key
Management |
| IKE
(ISAKMP/Oakley) |
| FWZ |
OpenPKI Support
Public Key Infrastructures provide the necessary management
infrastructure for large IPSec VPN deployments by enabling the
use and management of keys and digital certificates. VPN-1's
OpenPKI support allows customers to choose the PKI solution
that best fits their needs. OpenPKI ensures that VPN-1 products
are compatible with leading PKI solutions from vendors such
as Entrust, Verisign, Baltimore Technologies, and iPlanet, which
are certified as part of Check Point's OPSEC (Open Platform
for Security) Alliance. VPN-1 solutions also support industry
standards such as X.509, PKCS #11 and PKCS #12, to ensure the
highest levels of security and interoperability as organizations
expand their networks through remote access and extranet VPNs.
|
VPN-1 Gateway Security