VPN-1 SecuRemote
Secure Virtual Network Architecture

The Challenge:
Virtual Private Networks (VPNs) provide a powerful means of protecting the privacy and integrity of business communications. Many organizations have deployed site-to-site VPNs as a viable alternative to expensive leased lines when connecting private networks. Corporations are now looking to VPNs to provide secure connectivity to the growing number of remote and mobile users. As Internet access becomes ubiquitous, the cost savings of Internet VPNs over dial-up remote access solutions are compelling. And while Internet VPNs protect critical business communications from unauthorized external users, the growing threat of network misuse by employees is now forcing security managers to consider securing communications over internal private networks as well.

The Solution:
VPN-1 SecuRemote™, an integral component of Check Point™ Software Technologies' comprehensive VPN-1™ product family, provides flexible VPN support for both remote and local users. Using VPN-1 SecuRemote, remote users can connect to their corporate gateways via Internet connections and establish secure VPN sessions to access sensitive network resources. When installed on LAN clients, VPN-1 SecuRemote establishes "Intranet VPN" connections to either critical application servers or internal VPN gateways. Whether internal or remote access, the VPN client transparently encrypts and authenticates critical data to protect against eavesdropping and malicious data tampering.

Flexible Remote Access
VPN-1 SecuRemote supports dynamic and fixed IP addressing for all Internet Service Provider (ISP) services--dial-up, cable modem, or Digital Subscriber Lines (DSL)--making it the ideal solution for remote access VPNs for telecommuters and mobile workers. The VPN-1 SecuRemote software installs on any Windows 9x/NT PC and supports all IP-based network communications. It interfaces with existing network adapters and TCP/IP network stacks for maximum compatibility. And because it operates at the IP layer, VPN-1 SecuRemote supports all IP services without modifications to any applications.

Product Features

Securely connects VPN clients to gateways or application servers
Supports IPSec/IKE and X.509 digital certificates from multiple vendors
Supports multiple industry-standard data encryption and user authentication protocols
Transparently chooses one of multiple gateways with which to establish a VPN tunnel

Product Benefits

Enables local and remote users to securely access resources on corporate networks
Leverages PKI investments for maximum security and interoperability
Provides full compatibility with VPN-1 solutions and industry standard applications
Delivers cost-efficient resilient remote access to maximize VPN availability

Support for Industry Standard Protocols
SecuRemote supports industry standard VPN protocols and algorithms to deliver complete compatibility with FireWall-1 security policies.

Encryption Algorithm

Triple DES

DES

FWZ-1

DES-40

CAST-40

User Authentication

Digital Certificates

IKE Pre-shared secret

RADIUS

TACACS/TACACS+

Token-based (two factor)

Operating System Password

FireWall-1 Password

S/Key

Flexible Authentication
Check Point’s Hybrid Mode Authentication for IPSec enables the use of widely deployed "legacy" authentication techniques such token cards, RADIUS and TACACS+ within IPSec/IKE VPNs.

Secure Intranet Communications
VPN-1 SecuRemote can be deployed in LAN environments using either DHCP or fixed IP addressing. When installed internally, VPN-1 SecuRemote protects critical business communications between local clients and either VPN-1 SecureServer or VPN-1 Gateway. These "Intranet VPN" connections protect sensitive data traveling within the corporate network against internal eavesdropping.

Intelligent Operation
VPN-1 SecuRemote maintains detailed information on all VPN sites. Each time a user requests a connection, VPN-1 SecuRemote intercepts the request and determines if the destination resource resides behind a known VPN-1 Gateway. Once the gateway is identified, VPN-1 SecuRemote is automatically invoked and asks the user for authentication. All VPN functionality, including key negotiation and data encryption, is completely transparent to the user. VPN-1 SecuRemote also intelligently resolves both internal unregistered domains and external domain names.

Resilient Connectivity
When reliability is critical, VPN-1 SecuRemote provides a cost-efficient alternative to High Availability configurations requiring redundant hardware. In multi-site VPNs, VPN-1 SecuRemote can detect a gateway outage, and then use any other available gateway to access network resources. Thus the VPN connection is established and all traffic is routed correctly through an alternate gateway with complete user transparency.

Support for Public Key Infrastructures
With VPN-1 SecuRemote, remote VPN users benefit from the improved security and scalability offered by PKI technologies. With support for PKIs from leading Certificate Authority vendors, VPN-1 SecuRemote can utilize X.509 digital certificates to initiate an IKE key negotiation with either VPN-1 SecureServer or VPN-1 Gateway.

Enterprise Security Integration
VPN-1 SecuRemote works seamlessly with Check Point's market-leading VPN-1 enterprise security suite. It is easy to incorporate secure remote access as part of an overall security policy by adding a single rule. And because VPN-1 SecuRemote establishes VPN tunnels directly with the VPN-1 Gateway, all elements of an enterprise security policy are strictly enforced.

Desktop Security Option
For additional security capabilities for local and remote clients, Check Point offers VPN-1 SecureClient. This enhanced client product provides all of the capabilities of VPN-1 SecuRemote, plus additional features for enforcing access control and security configuration control on clients.

Specifications
Operating System	Windows 95 Windows 98 Windows NT 4.0 (SP3 or SP4) Windows ME Windows 2000
Disk Space	6 MB
Memory	32 MB
Network Adapters	No known restriction
Media	CD-ROM and Web download