Rock VPN - Server Protector

The Rock VPN Server Protector forms part of the Rock VPN suite of products. Used in conjunction with other Rock VPN product models or with third party IPSec compliant products, the Server Protector enables you to secure all traffic flowing to and from the server. It allows you to set up secured communications with other protected servers, user workstations running the Rock VPN Workstation software or Rock VPN Gateways and VPN Appliances.

Product Description

The Rock VPN Server Protector is an easily installed software package that secures communication between a server and other Rock VPN products. The Server Protector extends the network stack of the host operating system and provides full-featured communication security. It is a standards-based product using the IETF IPSec and IKE protocols. With the Server Protector you can selectively enable privacy, integrity and authenticity of information sent between the Server Protector and workstation users or other participants in a VPN community. The secured traffic can be safely sent across the Internet and other untrusted networks, allowing networks to securely participate in user communities, corporate or dial-up VPNs, and Intranet VPNs.

Benefits

The full IPSec implementation and multi-platform support of the Server Protector will secure the increasingly important information flowing over your corporate backbone. With the Server Protector you can achieve true end-to-end Intranet security for user communications.

Features and Specifications

IPSec features supported:

• AH/ESP tunnel and transport mode
• Main, Quick and Aggressive modes
• Expiration of Security Associations (SAs) using time and/or kilobytes
• NAT Traversal
• Path MTU discovery

Platforms supported:

• Windows 2000
• Windows NT 4.0 (Service Pack 3, and above)

Network support:

• Ethernet
• Dial-up

Encryption algorithms supported:

• DES (56 bit), 3DES (168 bit)
• IDEA (128 bit)
• Blowfish (40 - 446 bit)
• AES / Rijndael (128, 192 & 256 bit)

Authentication and Key Exchange support:

• IKE (formerly known as ISAKMP/Oakley)
• Diffie-Hellman (768, 1024 bit)
• RSA (1024, 2048 bit)
• Signatures: RSA, DSS, X.509
• Pre-shared secrets
• Perfect forward secrecy (PFS) support for Diffie-Hellman in Quick Mode

Hash functions supported:

• MD5
• SHA1

Standards supported:

• IETF IPSec
• ISO X.509 v3
• PKCS #1, #10, #12
• SCEP / CMP

Certification Authorities supported:

• VeriSign
• RSA Data Security Certificate Server (Keon)
• Baltimore
• Entrust

Certificate Management:

• Automatic retrieval and processing of certificates and Certificate Revocation Lists (CRLs)
• X.509v3 certificates supported
• Automatic certificate enrolment using
• SCEP / CMP

Management:

• Policy + rule based configuration with a user-friendly Graphical User Interface
• Live configuration
• Granular control based on IP address, subnet address, address range, port and protocol.
• Use of wizards for installation and
• configuration
• Access control based on X.509 certificate contents.
• Event log viewer
• Quick policy selection
• Password protection for policy
• Management software included with Server Protector
• Remote management
• Local management
• Remotely manageable using Workstation Software
• Centrally manageable
• Security Association (SA) monitor (both phase I and phase II)

Download PDF Version: