Featured Products by
Check Point Software Technologies
Check Point VPN-1 Certificate Manager
The Challenge:
Virtual Private Networks (VPNs) protect the privacy and integrity of business communications over the Internet. As organizations extend their networks to growing numbers of employees, remote offices and business partners, both management and scalability become critical issues. To effectively manage all of the user information necessary for the VPN, network managers must often deal with multiple user databases and administrative interfaces. As the number of VPN nodes increases, scalability requirements become evident, especially for managing the keys used to authenticate users and encrypt data.
The need to interoperate with a variety of partners requires that the VPN solution comply with the most current standards. Open solutions which allow companies to choose best-of-breed components achieve this interoperability, yet present significant implementation challenges. Administrators must balance the need for secure, standard solutions against the complexity of installing, configuring, and maintaining a VPN made up of components from multiple vendors.
The Solution:
The VPN-1 product family from Check Point™ Software Technologies is a complete line of solutions for secure intranet, remote access, and extranet VPNs. The latest addition to this line is VPN-1 Certificate Manager™, a turnkey public key infrastructure (PKI) solution for Check Point IPSec/IKE-compliant VPNs. VPN-1 Certificate Manager solutions maintain the highest level of security and standards-based interoperability, while also offering ease of use for both network security managers and end users.
VPN-1 Certificate Manager integrates best-of-breed technologies into a complete PKI and user management solution. The Certificate Authority (CA) from Entrust Technologies provides comprehensive key lifecycle management. The LDAP-compliant directory from Netscape Communications stores the X.509 digital certificates for all VPN nodes, as well as the Certificate Revocation Lists (CRLs). Check Point Software has pre-configured these industry-leading technologies specifically for VPN-1, and integrated them with a unified installation and management interface.
Product Features:
- Turnkey PKI including best-of-breed Certificate Authority and Directory Server
- Pre-configuration and unified installation of all components
- Choice of hardware or software tokens for strong two-factor authentication
- Account Management interface for managing user security information, including X.509 certificates
Product Benefits:
- Delivers state-of-the-art security for scalable VPNs
- Saves time and reduces complexity of multi-vendor solutions
- Provides flexibility for both administrators and end users
- Eases administration and reduces security risks through centralized user management
Best-of-Breed Technologies
With VPN-1 Certificate Manager, Check Point Software delivers a Public Key Infrastructure which is easy to install, manage, and use. VPN-1 Certificate Manager is the only PKI customized for VPNs and designed specifically to integrate seamlessly with the Entrust-Ready™ capabilities of Check Point VPN-1 Gateway™ Solutions and VPN-1 SecuRemote™.
VPN-1 Certificate Manager is comprised of the following components:
- The Certificate Authority (CA) from Entrust Technologies enables companies to create and revoke X.509 digital certificates for strong authentication and encryption.
- The LDAP-compliant directory from Netscape Communications provides a scalable, centrally manageable solution for storing and retrieving all user information, including digital certificates.
- The unified installation from Check Point Software dramatically simplifies installation and configuration of the PKI components.
- The award-winning Check Point management interface integrates certificates and other user-level security information into the overall enterprise security policy.
Scalability
The PKI and LDAP-compliant directory components of VPN-1 Certificate Manager provide the underlying technology to enable VPNs to support a growing number of users while preserving manageability.
For IKE VPN deployments there are two methods for authenticating the identities of VPN peers: pre-shared secrets and X.509-based digital certificates. While using pre-shared secrets may be practical for small VPN deployments, VPN-1 Certificate Manager provides a truly scalable PKI solution for key management for a large number of VPN nodes.
The Lightweight Directory Access Protocol (LDAP) is an extensible standard for directory servers. The LDAP-compliant directory in VPN-1 Certificate Manager includes schema definitions which store user-level security information, including X.509 digital certificates, for a virtually unlimited number of VPN users.
Manageability
VPN-1 Certificate Manager includes the Check Point Account Management client, an administrative GUI for managing all aspects of the user account lifecycle-identity, account information, security, and VPN attributes-along with the certificate lifecycle. This unified interface improves management efficiency, and minimizes the risks associated with data inconsistency which can occur when multiple administrative tools are in use. The Account Management client GUI also provides querying functionality and user templates, which aid in the ongoing management of user-level security attributes.
Industry Standards for Interoperability
Check Point VPN-1 solutions are ICSA-certified to adhere to the IPSec framework, the emerging standard for VPNs, therefore ensuring interoperability with other IPSec-compliant solutions in use by customers and business partners. VPN-1 Certificate Manager extends interoperability by enabling multiple sites and clients to utilize X.509 digital certificates and the Internet Key Exchange (IKE) for authentication and encryption.
Turnkey PKI
Solution for Scalable VPNs VPN-1 Certificate Manager enables network security managers to quickly add PKI capabilities to existing Check Point VPN-1 deployments. Each of the components has been pre-configured specifically for VPNs-customizations include schema modifications for Netscape Directory Server and streamlining of the Entrust PKI. The unified installation program consolidates all required inputs into a single window, and coordinates the installation of each component with the appropriate parameters.
Maximum Security
VPN-1 Certificate Manager provides maximum security by guaranteeing the authenticity of local and remote users as well as the privacy and integrity of network communications. While Check Point VPN-1 solutions offer a choice of authentication schemes, VPN-1 Certificate Manager uses X.509 digital certificates to provide the strongest user and site authentication mechanism currently available. Compliance with the IPSec/IKE standard enables gateways and clients to automatically determine and use the strongest possible encryption algorithms between them. By providing a state-of-the- art PKI, VPN-1 Certificate Manager maximizes the security of communications by securing keys within digital certificates, and by providing full key lifecycle management capabilities including certificate revocation.
Furthermore, VPN-1 Certificate Manager provides two types of secure client registration: off-line initialization, where the CA generates the key-pair and distributes it using either a hardware or software token; or on-line registration, where the certificate information is generated on the user's PC, securely transferred to the CA, signed by the CA, and then published on the LDAP directory server.
Specifications
| Certificate Authority and Directory Server | |
| Platform | Intel Pentium II 200 MHz (300 MHz recommended) |
| Operating Systems | Windows NT 4.0, Service Pack 3 |
| Disk Space | 100 MB for installation (ongoing disk usage depends on deployment) |
| Memory | 64 MB (128 MB recommended) |
 |
|
Account Management Client |
|
| Platform | Intel Pentium |
| Operating Systems | Windows 95, Windows NT |
| Disk Space | 15 MB |
| Memory | 64 MB |
About Us | Professional Services | Featured Products | Products Solution / Business Partners |
Network Security Tidbits | Place an Order | Online Credit Application | Events & Seminars
Career Opportunities | Site Map
Network Systems Integration
Land-mail: 2245 First Street, Suite 202, Simi Valley, CA 93065
Phone 1-805-579-1030 - Fax 1-805-527-9243
e-Mail:
info@nsi-solutions.com