HOBLink VPN 1.8
Enterprises expand their Security Policy with IPsec, Network Address Translation (NAT) and Strong Authentication.
With HOBLink VPN you have a complete package for the creation of a Virtual Private Network infrastructure in your enterprise.
The Internet is an economical and flexible network infrastructure that is available all over the world, 24 hours a day, 7 days a week. . Many enterprises use the Internet as a central communications platform, which can certainly be an effective cost-cutting measure. But how do these companies ensure the security and performance of their Internet communications? It is of the utmost importance that internal network resources be protected from unauthorized access.
HOBLink VPN - the Solution
HOBLink VPN is a modular security solution and part of the HOBLink Connectivity product range. The main component of this product range is "HOB Enterprise Access" (EA), a central platform for the configuration, management and administration of all HOBLink software products.
Even in the smallest version the administrator can use the EA functionalities. With HOBLink VPN the user has at his disposal the VPN Gateway und the VPN Client, the modules VPN configuration, VPN management and VPN LogView. If "HOB Enterprise Access" is already being used, the new modules are installed as "Plug-Ins." Objects and user settings that have already been defined remain the same.
Another component of HOBLink VPN is the "HOBLink Security Manager," which is used to generate X.509 certificates. HOBLink VPN is installed on PC hardware. This enables high scalability as regards performance.
The software to be installed is the same for the HOBLink VPN Gateways and Clients. The only difference is the configuration. Remote gateways can use economical DSL connections with a flat rate pricing policy. The "roaming" function enables operation without fixed IP addresses. HOBLink VPN provides "end-to-end" security, so there is no need at all for an ISP's VPN. This ISP independence provides great flexibility in the choice of regional ISPs, resulting in further savings potential.
HOBLink VPN combines comprehensive security with the greatest flexibility. It also has the indispensable firewall functionality with "NAT" and "Security Policy." The security policy is applied to all Gateways and VPN Clients (Personal Client Security). The entire configuration, administration and management are based on SSL. With the certificate manager the administrator can generate and manage the corresponding SSL and VPN keys. Thus authenticity and integrity are ensured.
By using pre-shared keys, DSA and RSA digital signatures HOBLink VPN guarantees that the information that you receive really does come from the claimed source.
Both the Authentication Header (AH) and the Encapsulating Security Payload (ESP) can use the Hash methods MD5 and/or SHA to detect data manipulation. In this way it is assured that the received message has not been tampered with.
Through the use of IPsec (ESP), HOBLink VPN makes certain that nobody is in a position to decrypt data sent between the sender and recipient. HOBLink VPN allows you to choose between the encryption methods AES (128/256 Bit), 3DES, DES, RC4, BLOWFISH, CAST, DES, DES_IV32, DES_IV64.
UDP Encapsulation (NAT-T)
Now you can use all public hot spots with your own VPN client, just as well as private IP address ranges (e.g., mobile networks). IPsec is packed into UDP packets. In this way, HOBLink VPN supports connections over NAT devices. These can be, for example, DSL routers or firewalls. Due to the UDP encapsulation, multiple tunnels can be established.
Extended Dialer Function
All connections that a client uses can be conveniently placed as icons on your desktop. To connect, just double-click..
Radius Protocol Implementation
Another authentication method available with HOBLink VPN is that implemented with the RADIUS protocol. This is used for interaction with Radius servers or authentication solutions that permit the use of authentication tokens, e.g., RSA SecurID
Local Preshared Keys
To further increase security, HOBLink VPN now supports preshared keys. The users save these to their local clients and use them for authentication. Usually, a corporation would store the preshared keys in LDAP servers or the HOB Enterprise Access Server. During authentication, they are encrypted and sent to the client. Theoretically, a user could read out and decrypt the encrypted key on the LDAP or EA Server. The local preshared keys effectively prevent this.
TeleSec Card Support
HOBLink VPN now supports authentication with TeleSec SmartCards.
HOBLink VPN Gateway and HOBLink VPN Client are fully integrated in the "HOB Enterprise Access" design which can be used to configure and administrate them. With HOB Enterprise Access the administrator can centrally manage all user and configuration data.
This is especially advantageous when there are many users and/or network objects to manage or create. An optional connection to conventional LDAP servers and data import/export is also supported by HOB Enterprise Access (EA).
User data need no longer be created nor stored in several locations. The configuration can be placed in a tree structure in HOB EA or in LDAP.
The Most Important Benefits of HOB Enterprise Access:
With the inheritance function for configuration data, gateways and clients can be added quickly and easily, and policies can be just as easily changed. There is also a plausibility check for the security policy. The entire configuration and management console is intuitively designed, making the administrator's tasks simpler to perform.
Below is a listing of the most important functions of the module "HOBLink VPN – Remote Management":
With LogView the administrator can monitor all processes relevant to the individual policies for which the auditing function has been activated. To reduce the amount of data to be transferred, a time limit can be set. It is also possible to filter for specific data, e.g., IP address, protocol, policy number action, etc.