HighAssurance Remote

FIPs-certified VPN client for Government Customers

Overview

Featuring FIPS technology, device authentication, and the Advanced Encryption Standard (AES) algorithm and containing numerous high-level security features not currently found in any VPN software product on the market, HighAssurance Remote is a ground breaking stride towards security aimed at supporting the nation's homeland security efforts.

With pending FIPS 140-2 Level 2 certified technology and the foundation of the industry's clear standard for VPN software, HighAssurance Remote client is an industry-proven VPN software solution that provides secure client-to-client or client-to-gateway communications over wireless LANs, TCP/IP networks, and dial-up connections.

FIPS Certifications
FIPS 140-2 Level 1 and 2 certification is of particular importance since Level 1 allows the software and firmware components of a cryptographic module to be executed on a general purpose computing system using an unevaluated operating system. Security Level 2 requires, at a minimum, role-based authentication in which a cryptographic module authenticates the authorization of an operator to assume a specific role and perform a corresponding set of services. And with device authentication, HighAssurance Remote strengthens network access password security by ensuring that all computers that attempt to log on have a second form of identification—a device identifier.

Complete, Always-on Security Solution
Covering both direct and remote access to the corporate network, as well as Internet
access, HighAssurance Remote is an "always on" application, protecting the user's PC even when not connected to the corporate VPN. HighAssurance Remote is built with SafeNet SecureIP technology, which provides the building blocks for security implementations that enable organizations to use the Internet and other shared networks for private communications. Other high assurance features include AES algorithm, MD-5 and SHA-1 hashing algorithms, and compliance with current IPSec RFC standards.

Features & Benefits

Broad VPN Switch Interoperability - eliminates the need for organizations to provide more than one VPN client to their users

Broad OS Compatibility

Windows XP
Windows Vista

Simple Certificate Enrollment Protocol (SCEP) Support - provides interoperability with certificate authorities that support online certificate requests

Gateway Hostname Resolution - provides the ability to resolve the name of the Secure Gateway Tunnel entry using DNS, WINS, and LMHOST

Automatic Certificate Selection – HighAssurance Remote automatically sends its own certificate based on the request of the peer instead of requiring it to be locally configured; and allows the client (based on configuration) to accept any ID from the peer as long as the accompanying certificate is issued by a "trusted" CA

Virtual Adapter Support - allows an IPSec gateway to assign network settings for improved network functionality with other applications

Technical Specifications

System Requirements

Disk Space - 10 MB
64 MB for XP
64 MB for Vista

Encryption Algorithms

DES, 3DES, AES

Hash Algorithms

HMAC-MD5
HMAC-SHA-1
DES-MAC (Windows only)

Compression

IPComp - Deflate and plug-in support for LZS

Diffie-Hellman Group Support

Group 1 - MODP 768
Group 2 - MODP 1024
Group 5 - MODP 1536

Authentication Mechanisms

Preshared keys, RSA signatures

Device Authentication

Strong, two factor associated with the PC itself (Windows only)

Key Management

IKE (Internet Key Exchange)

IPSec Modes

Tunnel, Transport

IKE Modes

Main, Aggressive, Quick

Certificate Acquisition

SCEP, PKCS #7 and PKCS #10, PKCS #12 (Windows only)
Microsoft Internet Explorer (Windows only)

Other Features

X.509 V3 support
LDAP directory support
CRL processing
Centralized policy management
Self signed certificate support
XAUTH
IKE, support mode configuration
L2TP support
Redundant gateways
IKE keepalives
FIPS 140-2 Level 2 certification
Diagnostic training
Audit log
Split tunneling

Stated CA Compatibility

Entrust
Baltimore Technologies
VeriSign
RSA Keon
Microsoft
Netscape