| |
|
|
| |
|
|
| |
|
|
| |
| Ouotes |
"G/On by Giritech is a solution that will keep up with our rapid growth without further expense or development. Now that is a solution we can live with"
Joe Best, Director of IT, Quality Wine & Spirits
|
| |
|
|
|
|
G/On is a Client/Server software solution implementing a distributed port forwarding proxy with built in application level firewall based on an application level communication protocol.
|
|
G/On 3.6 Server
The G/On 3.6 Server is the key component in the G/On 3.6 virtual access solution. To provide an overview, it acts as an integrated:
-
Network access controller
Unlike a VPN tunnel, the G/On 3.6 Server is by default closed for all traffic. It only accepts connectivity and authentication attempts from known devices and all communication is constantly challenged on device and user authentication as well as data integrity.
-
Authentication and Application level firewall.
In addition to device and user authentication, connectivity is only accepted for individually authorized applications and only those specifically launched by the user or by the G/On Server itself.
-
Security policy enforcer
It’s the role of an organization’s security policy to decide who is allowed access to what under what circumstances. G/On enables organizations to not only specify these rules but also directly implement the rules. G/On 3.6 Zones enables you to include properties and characteristics of the remote PC and its environment as part of the application authorization. G/On’s integrated authentication of users and devices along with the authorization of applications provides the enforcement of the rules as well as detailed logging for compliance audit.
-
Application access and user identity manager
The integration of G/On with a user directory, like Microsoft Active Directory, will provide G/On with the user domain credentials and will allow single sign on to a number of applications. After successful login, G/On 3.6 presents to the user a menu of applications authorized as a result of the entire end-to-end connectivity, authentication, and authorization process.
The G/On 3.6 Server runs as a service on a Windows server. Depending on the number of users and workload in general it is recommended to install the service on a dedicated machine. For large scale implementations, multiple servers can be installed and configured for load balancing and fall back. The G/On 3.6 Server is installed behind the main perimeter firewall with access to the user directory for authentication and with access to the relevant application servers.
All G/On communication goes through a single port. Consequently, only a single port is required to be open in the firewall for remote access via G/On. All communication through this single port goes to the G/On 3.6 Server and the G/On 3.6 Server ignores any connection attempts unless it comes from adopted and approved devices.
From a networking standpoint, the G/On solution operates as a distributed port forwarding proxy. The appl
ication client connection is forwarded to the local loopback on the remote PC where the G/On Client creates an encrypted data stream and sends it to the G/On Server via a single port. This encrypted connection from the G/On Client terminates on the G/On Server which recreates and distributes the originally application connections and forwards them to the application server. This approach effectively isolates the remote PC from the company network and prevents any direct communication between the network and PC and any applications on the PC.
The G/On 3.6 Server has a number of configuration options that allow for the specification of application client and application server connectivity, integration into the network infrastructure and for scaling and fall back.
The G/On 3.6 configuration, data about the adopted hardware authentication devices, and the application access rules are stored in a central database. G/On 3.6 offers its own proprietary database for single server deployments whereas multiple servers require an external database like Microsoft SQL Server.
|
|
Top of Page
|
G/On 3.6 Client
The virtual access is initiated by the user launching the G/On 3.6 Client from a Windows PC (W2K+). The G/On 3.6 Client has been configured as part of the G/On 3.6 installation process and will know where and how to contact its corresponding G/On 3.6 Server. Every G/On installation is unique and the G/On clients are connecting to their G/On Server without the involvement of any third party facilitator or broker. Consequently, the G/On Client must be able to establish an outgoing connection to the Internet on one of the alternative ports and methods specified during the configuration of the G/On Server.
After successful login, the G/On Client presents to the user the menu of authorized applications as received from the G/On Server.
There are currently two types of G/On 3.6 Clients:
|
|
Top of Page
|
G/On USB
Installed on a special G/On USB key supplied by Giritech, G/On USB affords maximum mobility. Just plug the USB key into the USB port of any Internet-enabled PC and wait for the log-in dialog box to appear. Enter your normal user name and password and you're presented with a menu of the applications you are authorized to use.
The G/On USB is a unique device that combines connectivity and hardware authentication into one, single device. Each G/On USB has a globally unique hardware identification (like a certificate) that is recognized by the G/On Server. This offers a very strong authentication model: Not only must the user have a G/On USB in order to establish a connection, but it must also be the very USB given to that specific user and the USB must be able to talk to the specific G/On Server for which it has been configured. Without the G/On USB, no connectivity is possible. On the other hand, if a user loses the G/On USB and another person is trying to use it, the G/On Server will make a record of the login attempt or – if the genuine user has reported the G/On USB lost the G/On Server will make detailed records of the connection attempt but will never present a login screen. The details of the login and the connection attempts can be used to track down the lost key.
|
|
Top of Page
|
G/On Desktop
Installed on a PC, this client option provides a lower-cost alternative for secure direct access to your business applications. In this case, the PC itself becomes the hardware authentication device. Consequently, every PC must be adopted by the G/On Server before connectivity is possible and the IT administrator has full control over which PC is allowed access.
The G/On Desktop is ideal to use in those cases where the same PC is used regularly. This is a very relevant option for home office use where employees work from their home PC, for external contractors working off their own PCs and for employees with company Laptops. As indicated on the picture of the
Windows Start Menu to the right multiple instances of G/On Desktop can coexist on the same PC to give access to different organizations.
Like G/On USB, users still enjoy all the connectivity and the security features including 2-factor authentication, AES encryption and mutual client/server authentication.
|
Top of Page
|
|
|
| |
|
|
Copyright © Giritech. All rights reserved.
|
