NCP Secure VPN Enterprise Client for Windows Mobile
Universal, Centrally Manageable IPsec Client Software for Windows Mobile
NCP Products
NCP Managed VPN Client Suite
Overview:
NCP's Secure Enterprise Windows Mobile Client is a component of the comprehensive NCP Secure Enterprise Solution. The communication software is designed for universal teleworking in any remote access VPN or M2M environment. Mobile teleworkers, for example, can access the central databases and applications with pocket PCs, handhelds and tablet PCs from anywhere in the world. Collecting mobile data in a customer's warehouse via PDA with integrated barcode reader and transferring the data via Wi-Fi represents another common application.
Features:
- Secure mobile computing
- Integrated, dynamic personal firewall
- Worldwide dial-in to the corporate network
- Compatible with VPN gateways from different manufacturers
- Strong authentication with certificates
- End-to-end security even at hotspots
- Central management
Technical Data:
| Secure VPN Enterprise Client for Windows Mobile: Technical Data | |
|---|---|
| System Requirements | |
| Mobile End Device |
|
| Configuration PC | Operating system: Windows 7, Windows Vista, Windos XP (all 32/64 bit); 32 MB RAM, Configuration: At least 20 MB RAM, MS Active Sync v. 4.x or higher |
| Security Features | The Enterprise Client supports all major IPsec standards in accordance with RFC |
| Personal Firewall | Stateful Packet Inspection; IP-NAT (Network Address Translation); Friendly Net Detection (analysis of: current network address, IP address and MAC address of the DHCP server); secure hotspot logon; differentiated filter rules relative to: protocols, ports and addresses, LAN adapter protection, central administration with Client firewall configuration plug-in* |
| Virtual Private Networking | IPsec (Layer 3 Tunneling), RFC-conformant; IPsec proposals can be determined through the IPsec gateway (IKE, IPsec Phase 2); Event log; communication only in the tunnel; MTU size fragmentation and reassembly, DPD, NAT-Traversal (NAT-T); IPsec tunnel mode |
| Encryption | Symmetric processes: AES 128,192,256 bits; Blowfish 128,448 bits; Triple-DES 112,168 bits; dynamic processes for key exchange: RSA to 2048 bits; Diffie-Hellman Groups 1,2,5 seamless rekeying (PFS); hash algorithms: SHA1, MD5 |
| Authentication Processes | IKE (Aggressive mode and Main Mode), Quick Mode; XAUTH for extended user authentication; IKE config mode for dynamic assignment of a virtual address from the internal address pool (private IP); PFS; PAP, CHAP, MS CHAP V.2; IEEE 802.1x: EAP-MD5 (Extensible Authentication Protocol): Extended authentication relative to switches and access points (Layer 2); EAP-TLS (Extensible Authentication Protocol - Transport Layer Security): Extended authentication relative to switches and access points on the basis of certificates (Layer 2); support of certificates in a PKI: Soft certificates, smart cards, and USB tokens; Pre-shared secrets, one-time passwords, and challenge response systems; RSA SecurID ready. |
| Strong Authentication - Standards | X.509 v.3 Standard; Entrust Ready PKCS#11 interface for encryption tokens (USB and smart cards); smart card operating systems: TCOS 1.2 and 2.0; smart card reader interfaces: PC/SC, CT-API; PKCS#12 interface for private keys in soft certificates; PIN policy; administrative specification for PIN entry in any level of complexity; revocation: EPRL (End-entity Public-key Certificate Revocation List, formerly CRL), CARL (Certification Authority Revocation List, formerly ARL), OCSP. CMP* (Certificate Management Protocol), |
| Networking Features | LAN emulation: virtual Ethernet adapter with NDIS interface or transparent mode |
| Network Protocol | IP |
| Dialers | PPC Connection Manager, NCP Secure Dialer, Microsoft RAS Dialer (for ISP dial-in via dial-in script) |
| IP Address Allocation | DHCP (Dynamic Host Control Protocol), DNS: Dial-in to the central gateway with changing public IP addresses through IP address query via DNS server |
| Transmission Media | WLAN (WiFi), GSM (incl. HSCSD), GPRS, UMTS, Internet, analog modems (mobile phones) |
| Line Management | DPD with configurable interval; WLAN roaming (handover); |
| Data Compression | Stac (lzs), deflate |
| Point-to-Point Protocols | PPP over ISDN, PPP over GSM, PPP over PSTN, PPP over Ethernet; LCP, IPCP, MLP, CCP, PAP, CHAP, ECP |
| Internet Society RFCs and drafts | RFC 2401 –2409 (IPsec), RFC 3498, RFC 3947: IP security architecture, ESP, HMAC-MD5-96, HMAC-SHA-1-96, ISAKMP/Oakley, IKE, XAUTH, IKECFG, DPD, NAT Traversal (NAT-T),UDP encapsulation, IPCOMP |
| Client Monitor Graphical User Interface |
Multilingual (German, English); intuitive operation; configuration, connection statistics, log-files, trace tool for error diagnosis; traffic light icon for display of connection status; password protected configuration management and profile management. |
*) Prerequisite: NCP Secure Enterprise Management
Documentation:
Download the NCP Secure VPN Enterprise Client for Windows Mobile Datasheet (PDF).