NCP Secure Entry Windows Client (32/64 bit)
Simple and Highly Secure Remote Access via Internet

Features:

Secure

Rely on high-quality IT security software made in Germany

• IPv6 supported dynamic personal firewall
• data encryption
• strong authentication (e.g. biometrics)
• multi-certificate support
• parameter locks
• FIPS Inside
• support of OTP (one time password tokens) and certificates in a PKI (Public Key Infrastructure)
• automatic modification of firewall rules

Efficient

Mindful of one of the biggest challenges organizations face – cost savings

• parameter locks avoid misconfiguration by users
• NCP Budget Manager for full cost control
• support for 3G/4G hardware (LTE)
• Custom Branding Option

Ease of use

Reduced IT complexity

• a single and easy-to-use user interface (one click) for the connection setup
• integrated support for 3G/4G hardware
• a reliable, uninterrupted VPN connection
• automatic, location-aware adaption of firewall rules through the NCP VPN Client
• automatic media detection
• seamless roaming
• easy Windows domain registration
• Home Zone
• VPN Bypass

Mobile

The best mobile device user experience

• Working without dropped connections or interruptions even when switching between networks, i.e. seamless roaming
• auto-connect to your corporate network
• reliable and uninterrupted VPN connections
• quick and secure hotspot logon
• Remote Access even behind firewalls, whose port settings typically deny IPsec based communication, i.e. NCP Path Finder® Technology

Technical Data:

Secure Entry Client for Windows 32/64 bit: Technical Data
Operating Systems	Microsoft Windows (32 and 64 bit): Windows 10, Windows 8.x, Windows 7
Security Features	The Entry Client supports all IPsec standards in accordance with RFC
Personal Firewall	Stateful Packet Inspection; IP-NAT (Network Address Translation); Friendly Net Detection (FND) (Firewall rules are automatically adapted, if the connected network is recognized because of its IP address area, or the NCP FND server's); start FND dependent action; home zone; secure hotspot logon; differentiated filter rules relative to: protocols, ports, applications and addresses, LAN adapter protection; IPv4 and IPv6 support
VPN Bypass	The VPN Bypass function allows the administrator to define applications which can communicate over the Internet directly despite disabling split tunneling on the VPN connection. It is also possible to define which domains or target addresses can bypass the VPN tunnel.
Virtual Private Networking	IPsec (Layer 3 Tunneling),conform to RFC; IPsec proposals can be determined through the IPsec gateway (IKE/IKEv2, IPsec Phase 2); Event log; communication only in the tunnel; MTU size fragmentation and reassembly, DPD, NAT-Traversal (NAT-T); IPsec tunnel mode
Encryption	Symmetric processes: AES 128,192,256 bits; Blowfish 128,448 bits; Triple-DES 112,168 bits; Dynamic processes for key exchange: RSA to 2048 bits; seamless rekeying (PFS); Hash algorithms: SHA-1, SHA-256,SHA384, SHA-512, MD5, DH group 1,2,5,14-21, 25, 26
FIPS Inside	The IPsec Client incorporates cryptographic algorithms conformant with the FIPS standard. The embedded cryptographic module incorporating these algorithms has been validated as conformant to FIPS 140-2 (certificate #1051). FIPS compatibility is always given if the following algorithms are used for set up and encryption of the IPsec connection: DH Group: Group 2 or higher (DH starting from a length of 1024 Bit) Hash Algorithms: SHA1, SHA 256, SHA 384, or SHA 512 Bit Encryption Algorithms: AES with 128, 192 and 256 Bit or Triple DES
Authentication Processes	IKE (Aggressive mode and Main Mode), Quick Mode; XAUTH for extended user authentication; IKE config mode for dynamic assignment of a virtual address from the internal address pool (private IP); PFS; PAP, CHAP, MS CHAP V.2; IEEE 802.1x: EAP-MD5 (Extensible Authentication Protocol): Extended authentication relative to switches and access points (Layer 2); EAP-TLS (Extensible Authentication Protocol - Transport Layer Security): Extended authentication relative to switches and access points on the basis of certificates (Layer 2); support of certificates in a PKI: Soft certificates, smartcards, and USB tokens: Multi Certificate Configurations; Pre-shared secrets, one-time passwords, and challenge response systems; RSA SecurID ready.
Strong Authentication- Standards	Biometric Authentication (Windows 8.x or higher) X.509 v.3 Standard; PKCS#11 interface for encryption tokens (USB and smartcards); smartcard operating systems: TCOS 1.2, 2.0 and 3.0; smart card reader interfaces: PC/SC, CT-API; PKCS#12 interface for private keys in soft certificates; CSP for use of user certificates in Windows certificate store PIN policy; PIN policy; administrative specification for PIN entry in any level of complexity; Revocation: EPRL (End-entity Public-key Certificate Revocation List, formerly CRL), CARL (Certification Authority Revocation List, formerly ARL), OCSP.
Networking Features	LAN emulation: Ethernet adapter with NDIS interface, full WLAN (Wireless Local Area Network) and WWAN (Wireless Wide Area Network, Mobile Broadband from Windows 7) support
Network Protocol	IP
Dialers	NCP Internet Connector, Microsoft RAS Dialer (for ISP dial-in via dial-in script) connection manager for international dial-in via GoRemote (formerly GRIC), UuNet, Infonet, MCI (on request)
VPN Path Finder*	NCP Path Finder Technology: Fallback IPsec/ HTTPS (port 443) if port 500 respectively UDP encapsulation is not possible
Seamless Roaming	If a communications medium error occurs, automatic switchover of VPN tunnel to another Internet communication medium (LAN/WWAN/3G/4G) without altering IP address ensures that applications communicating over VPN tunnel are not disturbed and application session is not disconnected. (prerequisite: NCP Secure Enterprise VPN Server)
Additional Features	UDP encapsulation, WISPr-support, IPsec-Roaming, Wi-Fi roaming, import of the file formats:*.ini, *.pcf, *.wgx and *.spd, Multi Certificate Support
Transmission Media	Internet, LAN, WI-FI, GSM (inkl. HSCSD), GPRS, UMTS, LTE, HSDPA, PSTN, ISDN
IP Address Allocation	DHCP (Dynamic Host Control Protocol), DNS: Dial-in to the central gateway with changing public IP addresses through IP address query via DNS server
Line Management	DPD with configurable time interval; Short Hold Mode; Wi-Fi roaming (handover); channel bundling (dynamic in ISDN) with freely configurable threshold value; timeout (controlled by time and charges); budget manager (administration of connection time and/or –volume for GPRS/ 3G and Wi-Fi, in case of GPRS/ 3G separated administration of roaming abroad)
APN of SIM Card	The APN (Access Point Name) defines the access point of a mobile data connection at a provider. If the user changes provider, the system automatically takes APN data from the corresponding SIM card and uses it in client configuration
Data Compression	IPCOMP (lzs), deflate
Point-to-Point Protocols	PPP over ISDN, PPP over GSM, PPP over Ethernet; LCP, IPCP, MLP, CCP, PAP, CHAP, ECP
Internet Society RFCs and drafts	RFC 2401 –2409 (IPsec), RFC 3947 (NAT-T negotiations), RFC 3948 (UDP encapsulation), IP security architecture, ESP, ISAKMP/Oakley, IKE, XAUTH, IKECFG, DPD, NAT Traversal (NATT),UDP encapsulation, IPCOMP, RFC 7427: IKEv2-Authentication (Padding-method)
Client Monitor Intuitive, Graphical User Interface	Multilingual (German, English, Spanish, French); Client Info Center; Configuration, connection management and monitoring, connection statistics, log-files (color displayed, easy copy&paste-function); Internet availability test; Trace tool for error diagnosis; Traffic light icon for display of connection status; Integrated support of Mobile Connect Cards (PCMCIA, embedded); The Client Monitor can be tailored to include your company name or support information; Password protected configuration management and profile management, configuration parameter lock; Automatic check for newer software version

*) Prerequisite: NCP Secure Enterprise VPN Server

Documentation:

Download the NCP Secure Entry Client for Windows 32/64 bit Datasheet (PDF).

Download the Software Activation NCP Secure Entry Client (Win32/64) Document (PDF).