• Contacts
  • Contact Details
  • Contact Us
  • Home
• Mobile Computing
  • Lap-Top Security
  • PDA Security
  • Enterprise Mobile Solutions
  • Mobile Solutions for Public Sector
• Solutions for email
  • Email Archiving
  • Email Archiving Seminar Program
  • E-mail Firewalls Anti-SPAM
  • Anti-Virus
• The NHS
  • Agenda For Change
  • A4C Seminar Program
• Security Solutions
  • Remote Access SSL VPN
  • Password & Identity Management
  • Internet Firewall
  • Secure DNS Server
  • Document Collaboration
  • Web Content Management
  • E-commerce
  • Alumni Membership
  • Network File Encryption
  • USB Memory Drives
  • Smart Cards & Single Signon
  • Aladdin eToken
  • URL Web Filter
  • Fault Tolerant IP
  • SSL Acceleration
  • Tape Backup
  • Network Storage
  • Wireless Networking
  • Domain Names
• Resources
  • Library
  • Product Data Sheets
  • Customer Projects
  • Articles & Links
  • Credit Card Systems
  • Nominet T&C's
  • Accessibility
• Site
  • Home
  • News
  • Events
  • Contact Details
  • Contact Us

SafeGuard Advanced Security

SafeGuard Advanced Security provides secure strong authentication, controls for the use of USB memory ,[pen drives] and other P&P devices, enhanced access control using smart cards and biometric finger print recognition systems for users in heterogeneous networks.

The Challenge

Enterprise environments operate on a mix of platforms, Windows NT, Windows 2000 or Windows XP together with Citrix or Terminal Server based thin clients. They require a security solution that enforces a uniform security policy over all these platforms.

This mixed environment presents several difficult and costly problems to manage

• Providing scalable authentication mechanisms that relieve users from having to remember complex and multiple passwords?
• Enforcing a policy driven trustworthy IT environment across the entire organization?
• Prevent stability problems arising from unauthorized software introducing viruses or incompatible system configurations?
• Protect every Server and PCs behind the corporate firewall?
• Centrally manage the use of removable media such as Memory Cards?
• Provide multi-user access to shared terminals or fast user switching, but still need to enforce the corporate security policy

SafeGuard Advanced Security

SafeGuard Advanced Security meets all the above criteria in one modular security solution. One solution with simultaneous consideration of user productivity and costs. It provides comprehensive privilege definition and management facilities that can be professionally implemented into a consistent company-wide security policy to protect Intranets against either deliberate or inadvertent attacks by staff. The six modules of SafeGuard Advanced Security (see picture) offer a flexible and cost effective way to implement comprehensive, secure authentication, maintain a security policy and ensure system integrity for Microsoft operating systems.

Authentication Modules

Base Module

The SafeGuard Advanced Security Base Module replaces the Microsoft Windows logon by a strong Windows authentication to enhance security and better reflect company-specific demands. The user authentication of the Base Module supplies improved and easily enforced password rules and an optional two-factor authentication via smartcards and PIN or bio-metric fingerprint*. An additional benefit allows smartcards to be used in Internet browsers or other smartcard supporting third party applications. Furthermore, the Base Module provides secure user switching for working environments with shared terminals. It significantly improves productivity by enabling teams to share one single workstation. SafeGuard Advanced Security allows fast and secure "user switching" via smartcards. If the user removes the smartcard, his desktop is immediately closed before being activated again for the new user without the need for a time consuming "normal" logon/logoff process. The powerful auditing component completes the SafeGuard Advanced Security Base Module. It logs all security-related events either in a local or optionally in a central Event Log.

Authentication Extensions

For customers using Terminal Servers, the Authentication Extensions Module of SafeGuard Advanced Security offers strong authentication via smartcards at the client side. The authentication to the smartcard can be achieved via PIN or fingerprint* verification. The system is now available for Citrix environments too.

For all environments SafeGuard Advanced Security provides optional support of digital certificates on smartcards. A powerful two-way authentication between the client and the server ensures client and server integrity and full integration into a public key infrastructure (PKI).

Single Sign-On

The problem of remembering several complex passwords is solved by SafeGuard Advanced Security’s Single Sign On Module (SSO) which enables secure automated logon for heterogeneous networks without the need for additional passwords. SafeGuard Advanced Security SSO Module only requires one initial authentication and will then perform automatic logon to all other password based applications of the user, even if the user is known under different user-IDs to those applications. The powerful scripting based engine supports virtually any password based application (local, Web and on Terminal Server) and the new wizard of the SSO Module provides ease of use to the administrator by the simple "drag & drop" functionality.

SafeGuard Advanced Security reduces the risk of forgotten passwords caused by frequent password changes and increases user convenience at the same time. The administrator can easily update or replace applications and execute regular password changes without user knowledge, as the user only needs to know one PIN to activate the SSO process.

Enterprise Policy Defender Modules

Besides authentication, SafeGuard Advanced Security offers three modules to ensure system integrity and maintain an enterprise wide IT security policy for workstations.

Plug and Play USB Memory Devices

The use of new USB devices such as hard disks, memory sticks, pen drives or other smart media readers now presents a very serious threat to the corporate network

The devices are now very cheap and of extremely high capacity, with devices such as the Freecom credit card available in capacities up to 1Gb.

The latest module available for SafeGuard Advanced Security suite is designed to allow companies to set a central policy through Active Directory or any Group Policy Object which can control the use of any Plug and Play device.

Removable Media Management

Users often have access to data on removable media such as CDs or DVDs. However, in managed IT environments, not all media shall be available to users; programs installed from a CD by a user not authorized can endanger the integrity of systems or can cause some license violations as well as the risk of infection via

New viruses. In addition, the Removable Media Management Module allows administrators to define exactly which media a user may use, e.g. only the latest CD with a specific database shipped quarterly on CD to the employees or a phone book CD, but not an outdated version or other media like audio CD or unapproved software.

Application Specific Rights

The Application Specific Access Rights Module (ASAR) realizes a 3-dimensional security concept by allowing explicit rights to be specified between users, data and applications. This protects against the threat of certain (even currently unknown) viruses and implements a fine-grained security even in unmanaged (.NET) code or mixed Windows version environments. The ASAR Module provides a clear rights allocation and thus the enforcement of the security policy within the organization.

IP Filter

The IP Filter Module provides control for incoming and outgoing IP traffic on every client. It also takes care of attacks based on port scanning and Trojans using open default ports etc. The administrator can assign different IP Filter settings for different type of users, e.g. LAN or RAS user. This helps to protect machines of mobile workers or against attacks from inside, where traditional Firewalls are not applicable. The Enterprise Policy Defender, as a combination of these modules, provides companies with a secure workflow. Individual users cannot de-stabilize the system, install viruses or Trojans or reduce the productivity of the entire system.

Characteristics

SafeGuard Advanced Security is your guarantee for a predictable IT environment and improves system availability at any time.

It can be installed and administered locally or remotely from a central domain controller. Administration is based on Windows users and user groups resp. Group Policy Objects (GPO). SafeGuard Advanced Security takes full advantage of Windows Installer setup, the Microsoft Management Console and Active Directory. The modular architecture and licensing scheme helps to meet your needs in an optimal way and ensures a fast return on investment.

See also
SafeGuard Easy : Hard disk encryption for PC's and workstations
SafeGuard Biometrics : Fingerprint Recognition systems Match on Card technology
SafeGuard LAN Crypt : Network File encryption for file and terminal servers
SafeGuard PDA : Data encryption for Pocket PC PDAs
SafeGuard Advanced Security : Single SignOn, IP filtering, removable media management

Please feel free to download PDF versions of our product datasheets

What’s new with SafeGuard Advanced Security

• Complete Policy Control of the use of P&P devices such as USB Memory Drives
• Optimal fit to customer demands via modular licensing model
• Application Specific Access Rights for computer resources
• Network IP and Port Filter
• Removable Media Management allows control over CDs/DVDs
• Local and central auditing
• Terminal Server Support

Key benefits:

• Easy implementation and execution of company-wide security policy
• Ideal security migration for all Windows platforms
• Unique strong authentication solution for Terminal Server
• Convenient single sign on
• Significant increase in productivity by secure user switching
• All benefits of Microsoft Active Directory can be fully used
• Modular licensing ensures you only pay for the modules you use
• Minimizes helpdesk calls by maintaining system integrity and security

Key features:

• Configuration Viewer displays all settings for verification and revision
• Recording of security-relevant activities
• Administration via Microsoft Management Console (MMC)

Authentication Modules

• Convenient single sign on
• Authentication, SSO and rights management in Terminal Server environments
• Single sign on supports Visual Basic scripts
• Significant enhancement of security in logon process
• Microsoft GINA- and Novell IntranetWare client interface
• Interface to biometric authentication
• Strong authentication, based on X.509v3-certificate and 1024 bit RSA

Enterprise Policy Defender Modules

• Enforcement of 3-dimensional security concept by allowing explicit rights to be specified between users, applications and data
• Control over used Removable Media
• IP Filter