While most network security managers concentrate on protecting their networks against external attacks, recent studies confirm that the majority of threats originate inside an organization. Therefore security measures such as access control, encryption, and user authentication must also be deployed internally. Data on desktop machines must be protected against unsanctioned access. Sensitive client-server communications must be protected against eavesdropping by unauthorized users. And every client system, whether local or remote, opens up a potential door into the corporate network if configured in an insecure manner.

The Solution:
VPN-1 SecureClient extends Check Point™ Software Technologies’ market-leading network security solutions by enforcing security on client machines. While VPN-1 SecuRemote™ provides standard VPN connectivity with client-side encryption and user authentication, VPN-1 SecureClient adds powerful client security features such as access control

and security configuration control. VPN-1 SecureClient strengthens the security of the entire corporate network by ensuring that intruders--such as users on shared outside networks--cannot take advantage of an insecure remote client machine to hijack an existing VPN connection into the corporate network. VPN-1 SecureClient also provides the ability to automatically verify that users' machines across the extended enterprise are configured securely.

Flexible Deployment
VPN-1 SecureClient provides secure connectivity for both Remote Access and Intranet VPN clients. The VPN-1 SecureClient software installs on any Windows 9x/NT PC and supports all IP-based network communications. For telecommuters and mobile workers using either dial-up or broadband Internet connections, VPN-1 SecureClient supports both dynamic and fixed IP addressing. When installed internally, VPN-1 SecureClient protects critical business communications between desktop clients and either VPN-1 SecureServer or VPN-1 Gateway.




VPN-1 SecureClient can be deployed to secure either LAN clients or Remote Access VPN users. 

Personal Firewall Capabilities
VPN-1 SecureClient protects local and remote client systems using the same patented Stateful Inspection technology in the market-leading FireWall-1¨ and VPN-1 solutions. Pre-defined policies are provided which specify allowable traffic and encryption policies for all network clients. For example, a policy can specify that all traffic to and from clients must be encrypted. Deploying policy-based security to clients not only protects the data on client machines from unauthorized access, but in the case of remote access VPN users, eliminates those machines' vulnerability to attacks from neighboring users on shared networks.

Security Configuration Control
VPN-1 SecureClient strengthens enterprise security by ensuring client machines cannot be configured in a way that circumvents the enterprise security policy. Users can be denied network access unless their machines are currently operating with an approved configuration. For example, managers can specify that a properly configured machine has no non-IP protocols in use, has IP forwarding turned off, and is running the correct security policy. Only once the configuration of the client has been verified may that client establish a VPN connection to a corporate gateway or server.

VPN-1 SecureClient can inform the end user when the client machine does not meet the enterprise security requirements.

Policy-based Architecture
VPN-1 SecureClient uses a centralized Policy Server to protect network clients. First, the VPN-1 administrator defines the level of client security to be deployed across the enterprise. This management decision consists of two components: the Security Policy to be installed on client machines, and the required Security Configuration settings to be enforced. The enterprise-wide security policy is automatically downloaded from the Policy Server to all network clients. Users must then successfully authenticate themselves, and their machines must meet the security configuration requirements, in order to establish VPN connections.

Support for Industry Standard Protocols
VPN-1 SecureClient supports industry standard VPN protocols and algorithms for complete compatibility with VPN-1 security policies.

* Supported for IKE

Enterprise Security Integration
VPN-1 SecureClient works seamlessly with Check Point's market-leading VPN-1 enterprise security suite. Client security policies and security configuration controls are specified within the centralized Check Point VPN-1 Management Console. And because VPN-1 SecureClient establishes VPN tunnels directly with either VPN-1 Gateway or VPN-1 SecureServer, all elements of an enterprise security policy are strictly enforced, including access control, user authentication, and logging.