Versatile VPN Client for 32-/64-bit Windows (Windows 7, Windows Vista, Windows XP) – Simple and highly secure Remote Access via Internet
Compatible with VPN gateways (IPsec standard) Import of third party configuration files
Integrated, dynamic personal firewall
Fallback IPsec
HTTPS (VPN Path Finder Technology)
Fips Inside
Budget Manager for cost control
Integrated support of 3G and LTE hardware
Integration of all security and communication technologies for universal remote access
Universality and Communication
The NCP Secure Entry Client for Windows 32/64 bit operating systems is a communication software product for universal implementation in any remote access VPN environment. The teleworker works transparently and securely at any location (mobile or stationary) in the same manner as in his/her office within the corporate environment. Highly secure data connections to VPN gateways from all well-known suppliers can be established using IPsec standards. Independent of Microsoft remote data transmission dialer, the connection can be set up via any type of network (wire networks, wireless networks, LAN, Wi-Fi and Internet). Clients can be used on 32-/64-bit versions of Windows XP, Windows Vista and Windows 7 to access to company data networks and applications from any location. Even if the access point or the IP address changes, Wi-Fi roaming or IPsec roaming maintains the VPN connection. Even behind firewalls whose settings always block IPsec data connections, the NCP Path Finder technology ensures remote access is available.
Security
The NCP Secure Entry Client offers extensive security mechanisms that prevent attacks in any remote access environment. Hence, it offers comprehensive security of both the end device and the corporate network. This is true, even at hotspots during the logon and logoff process to the Wi-Fi network. In addition to data encryption the most important integrated components are: a dynamic personal firewall, support of OTP (One-Time Password tokens) and certificates in a PKI (Public Key Infrastructure). The cryptographic module complies with the requirements of FIPS 140-2 (certificate #1051). Use the personal firewall, which supports both IPv4 and IPv6 traffic, to define policies for: ports, IP addresses and segments, as well as applications. An additional safety criterion is "Friendly Net Detection" (location awareness), i.e. automatic detection of secure and non-secure networks. The appropriate firewall rules are activated or deactivated depending on whether a friendly net is detected. In contrast to common firewalls, the NCP firewall is already activated at system startup. All Client configurations can be locked by the administrator, meaning that the user cannot change the locked configurations.
Usability and Profitability
"Easy-to-use" for both user and administrator - the NCP Secure Entry Client is simple to install and simple to operate. A graphical, intuitive user interface provides information on all connection and security states. Detailed log information paves the road for effective assistance from the help desk. The feature “automatic media detection” automatically selects the fastest communication medium available. A configuration wizard simplifies the set up of connection profiles. Integrated support of Mobile Connect Cards for WLAN (Wireless Local Area Network) as well as WWAN (Wireless Wide Area Network) applies, without restriction, for all the Windows operating systems supported. Use of the Windows 7 Mobile Broadband interface ensures the highest possible performance of 4G/LTE hardware. The additional installation of the user interface supplied by the card manufacturer is not necessary. Domain logon, too, is of course highly secure and as convenient and familiar as it is in the local network. The Client Monitor can be tailored to include your company name or support information. Usability also means cost reduction through less time spent training, less documentation and fewer support calls. VPN tunnels can be configured to be established automatically. An integrated budget manager guarantees cost transparency because a volume or time budget or the use of a specific provider can be set and monitored.
Operating Systems
Windows (32-bit): Windows 7, Windows Vista, Windows XP Windows (64-bit): Windows 7, Windows Vista, Windows XP
Security Features
The Entry Client supports all IPsec standards in accordance with RFC
Personal Firewall
Stateful Packet Inspection; IP-NAT (Network Address Translation); Friendly Net Detection (FND) (Firewall rules are automatically adapted, if the connected network is recognized because of its IP address area, the DHCP servers Mac address or the NCP FND server's*); start FND dependent action; secure hotspot logon; differentiated filter rules relative to: protocols, ports, applications and addresses, LAN adapter protection; IPv4 and IPv6 support
Virtual Private Networking
IPsec (Layer 3 Tunneling),conform to RFC; IPsec proposals can be determined through the IPsec gateway (IKE/IKEv2, IPsec Phase 2); Event log; communication only in the tunnel; MTU size fragmentation and reassembly, DPD, NAT-Traversal (NAT-T); IPsec tunnel mode
The IPsec Client incorporates cryptographic algorithms conformant with the FIPS standard. The embedded cryptographic module incorporating these algorithms has been validated as conformant to FIPS 140-2 (certificate #1051). FIPS compatibility is always given if the following algorithms are used for set up and encryption of the IPsec connection:
-DH Group: Group 2 or higher (DH starting from a length of 1024 Bit)
-Hash Algorithms: SHA1, SHA 256, SHA 384, or SHA 512 Bit
-Encryption Algorithms: AES with 128, 192 and 256 Bit or Triple DES
Authentication Processes
IKE (Aggressive mode and Main Mode), Quick Mode; XAUTH for extended user authentication; IKE config mode for dynamic assignment of a virtual address from the internal address pool (private IP); PFS; PAP, CHAP, MS CHAP V.2; IEEE 802.1x: EAP-MD5 (Extensible Authentication Protocol): Extended authentication relative to switches and access points (Layer 2); EAP-TLS (Extensible Authentication Protocol - Transport Layer Security): Extended authentication relative to switches and access points on the basis of certificates (Layer 2); support of certificates in a PKI: Soft certificates, smartcards, and USB tokens: Multi Certificate Configurations; Pre-shared secrets, one-time passwords, and challenge response systems; RSA SecurID ready.
Strong Authentication - Standards
X.509 v.3 Standard; Entrust Ready PKCS#11 interface for encryption tokens (USB and smartcards); smart card operating systems: TCOS 1.2, 2.0 and 3.0; smart card reader interfaces: PC/SC, CT-API; PKCS#12 interface for private keys in soft certificates; CSP for use of user certificates in Windows certificate store PIN policy; PIN policy; administrative specification for PIN entry in any level of complexity; revocation: EPRL (End-entity Public-key Certificate Revocation List, formerly CRL), CARL (Certification Authority Revocation List, formerly ARL), OCSP.
Networking Features
LAN emulation: Ethernet adapter with NDIS interface, full WLAN (Wireless Local Area Network) and WWAN (Wireless Wide Area Network, Mobile Broadband from Windows 7) support
Network Protocol
IP
Dialers
NCP Secure Dialer, Microsoft RAS Dialer (for ISP dial-in via dial-in script) connection manager for international dial-in via GoRemote (formerly GRIC), UuNet, Infonet, MCI (on request)
Seamless Roaming
If a communications medium error occurs, automatic switchover of VPN tunnel to another Internet communication medium (LAN/WWAN/3G/4G) without altering IP address ensures that applications communicating over VPN tunnel are not disturbed and application session is not disconnected. (prerequisite: NCP Secure Enterprise VPN Server)
VPN Path Finder
NCP Path Finder Technology: Fallback IPsec/ HTTPS (port 443) if port 500 respectively UDP encapsulation is not possible (prerequisite: NCP VPN Path Finder Technology on the Gateway is required)
IP Address Allocation
DHCP (Dynamic Host Control Protocol), DNS: Dial-in to the central gateway with changing public IP addresses through IP address query via DNS server
DPD with configurable time interval; Short Hold Mode; Wi-Fi roaming (handover); channel bundling (dynamic in ISDN) with freely configurable threshold value; timeout (controlled by time and charges); budget manager (administration of connection time and/or –volume for GPRS/ 3G and Wi-Fi, in case of GPRS/ 3G separated administration of roaming abroad).
Data Compression
Stac (lzs), deflate
Software ratings and reviews are shown below. If you wish to rate this software please click the 'Rate this software' link.
