|
IMX DataSystems |
|
IMX DataSystems - www.imx.dk - Strandgade 70.1 - Dk-1401 København K - Telefon 32941318 - e-mail: salg@imx.dk - Cvr/SE nr. 28 33 11 85
|
|
|
|
|
|
||||||||||||
|
|
|||||||||||||
|
G/On's end-to-end solution integrates two-factor, mutual
authentication. The hardware token can either be G/On's unique USB-based
authentication and connectivity device OR G/On can use the PC itself as the
hardware token. G/On integrates a strong two-factor, mutual authentication model based
on these steps:
The hardware authentication is based on unique identifiers of the
hardware device being used. In the case of G/On USB, the
identifier is part of the specially built G/On USB hardware. In the case of G/On Desktop, the identifier is based on uniquely identified hardware components
of the PC. In all cases, the devices must be known to the G/On server before
hardware authentication can be completed. |
|
|
Device Isolation & Independence Contrary to traditional VPN based solutions G/On does NOT make the
remote PC part of the network. G/On connects users virtually to their
applications, their office PC or to their virtualized desktop. Device isolation and management The remote PC ─ the user device ─ used for G/On remote
access can be any Internet connected PC. Contrary to traditional VPN based
remote access solutions, G/On does NOT connect the remote PC to your network.
G/On connects users to their applications. Using traditional VPN based remote access means the remote PC becomes
part of your company network and consequently it is almost impossible to
allow access from a PC that is not owned and managed by the company. G/On’s encrypted connections only go to the G/On Server that in turn
forwards the connection to the application server. This virtual
application connectivity combined with Giritech’s unique “lock-to-process”
technology effectively isolates the remote PC from your company network. That
makes it impossible for malicious software to find its own way onto your
network. With G/On, users can enjoy the freedom of using
their own PC at home while your
company avoids the cost of providing employees with company owned and managed
PCs just for remote access. G/On will also make it possible for external
contractors – and any other individual
or entity external to your company – to use their own PCs to get direct
access to the applications they need. Giritech strongly recommends that users check their PC for an active
firewall and an updated anti virus tool. This is always a good idea and
especially for work related use. |
|
Data
Protection & Integrity
G/On is based on a FIPS 140-2 validated 256 AES encryption. Data Protection and Integrity
Instead of using VPN tunneling protocols such as IPSec, SSL, L2TP and
PTPP, G/On establishes a protected, virtual connection directly
between user and the application. All data is transmitted via a 256-bit AES,
FIPS 140-2 validated encryption engine that is part of EMCADS, the patented
technology core of G/On. Checksums (SHA-1 hashing) are used to prevent
man-in-the-middle, relay and spoofing attacks. This ensures both high
performance and a stable connectivity. Network Access Control Only validated G/On traffic from known devices and known users are
allowed access to the G/On Server. |
|
|
Network Access Control and Logging G/On improves the protection of your company network considerably.
First of all, the G/On Server only responds to traffic from known and
approved devices and it will only communicate with users following a
successful two-factor authentication. Secondly, all communication between G/On Clients and the G/On Server goes
through one single port. The G/On Client
understands how application clients communicate and translates that into the
encrypted G/On traffic on the single G/On port. Similarly, the G/On Server
translates the encrypted G/On traffic back and forwards that traffic to the
application servers. Consequently, G/On needs only one single open port in
your external firewall. G/On effectively filters away all non-G/On traffic that attempts to
access your company. As all authenticated communication goes through the G/On
Server the detailed logging of all events serves as an excellent audit and
control vehicle to track who did what, when, and from where. |
|
|
Application Authorization and User Management G/On provides end-to-end connectivity. If policies allow it will
manage the entire process from user login to application provisioning,
authorization, and sign in. Application
Authorization and User Management The G/On administrative tool enables IT administrators to manage every aspect of
every connection. This configuration is typically done by integrating G/On
with Microsoft Active Directory (AD) and using the existing group definitions
already used in the AD. Access and authorization to applications can be
defined based on where you connect from, which group you belong to in Active
Directory and who you are. G/On is not only a secure access solution. It is an integrated
tool for the management and implementation of access policies and
compliance. G/On can be configured to give a user or a group of users one set
of applications when they connect from company owned PCs, and a different set
of applications if they use their G/On USB to connect from an unknown PC (a
hotel lobby or hotel business center). For instance, users may be allowed to use their locally installed
Outlook on their company laptop and connect securely through G/On to
synchronize mail, calendar and contacts to their laptop. However, if they
connect from an unknown PC they get a locked down Terminal Server session
with access to mail but with no options for copy/paste of information and
without attach/detach options. As an all-in-one, integrated solution, G/On is a cost effective
solution that gives users the flexibility to connect directly to applications
when they need to and provides your company a tool to manage and implement
its security policies. |
|
