In his recent reviews of NCP’s managed IPsec VPN clients compatible with Android (version 4.0 and higher), eWeek journalist Jeff Cogswell set out to determine just how well NCP’s VPN supports BYOD. The result? Not just a pass, but one with flying colors.

Cogswell was particularly sold on a few of NCP’s product features that make it suited for welcoming Android-based mobile devices into the enterprise. For one, the installation was a quick and painless process. Right away, Cogswell connected to NCP’s test server and his own VPN server, which is OpenBSD. He also tested it with a Cisco server, and it worked in all cases—the fact that NCP’s Secure Enterprise Android Client is compatible with all common VPN gateways is a huge plus, since IT departments are increasingly compelled to support various platforms. The eWeek reviewer was also relieved that his smartphone didn’t have to be rooted; in fact, he said it’s a significant differentiator between NCP’s offering and other Android apps: “I have spent a lot of time using Android devices in recent years, and what struck me as particularly interesting is that your phone doesn’t need to be rooted. Rather, Android supports the networking tasks that this VPN client requires. That’s a huge plus.”

Cogswell highlighted many other benefits, including how the client allows you to choose the Internet Key Exchange (IKE) type or a fully qualified domain name, and how it supports both split and IPSec compression. He noted that the client’s ability to configure the VPN to start automatically will be particularly useful for corporate-issued devices and in BYOD environments, as it might compel IT to enforce the “always-on” VPN policy for personal devices. The ability for IT managers to easily access NCP’s VPN logs was also singled out as a handy attribute, in case they need to determine if there are any problems.

Cogswell also explored the slight nuances between NCP’s basic and premium Android clients  and concluded that both versions provide the necessary encryption and authentication functionality enterprises need to support a BYOD environment.

So, why use NCP’s VPN clients for Android? Take it from Cogswell, who says it best: “A good VPN client should be transparent, and indeed this one is … the client is easy to install and configure. Once it’s up and running, it sits in the background and doesn’t interfere with your work. It definitely does what you would expect a good VPN client to do.”

Want to trial the products yourself? We encourage you to download the basic and premium  versions of the NCP Secure Android Client from the Google Play Store and try the free 30-day trial of the managed VPN client.

We also invite you to view the eWeek slideshow here.

The Web proxy and thin clients successfully delivered secure remote connections to those customers seeking access to Web- and non-http-enabled applications, yet we were noticing an increasing demand for a client that could deliver a fully transparent connection to the central network. With today’s workforce becoming increasingly mobile, our customers have made it clear that it is imperative for remote employees to have comprehensive network access. With this in mind, we created the NCP PortableLAN Client.

To understand how the PortableLAN Client works, a basic knowledge of a local area network (LAN) is required. A LAN is a group of computers and associated devices that share a common communications line or wireless link (i.e. a corporate network). In order to deliver a fully transparent portable LAN, the SSL VPN software must be installed on each end device, similar to the process of installing an IPsec client. Once this is done, the client serves as the virtual connection, transmitting all network traffic via the encrypted SSL connection and allowing workers to connect remotely. Just like that, comprehensive, fully transparent network access is made available!

Whether companies require their remote network access to be completely opaque, or specific to Web applications, NCP’s SSL VPN technology delivers the necessary security. The NCP Secure Enterprise VPN Server has strong authentication features, such as one-time-password (OTP) via token or SMS text messages, or digital certificates. What’s more, the software can be scaled according an enterprise’s specific needs, and can be installed directly on hardware using the Windows or Linux operating systems, or as a virtual machine.

For additional information about our May Feature of the Month, please click here. We are also happy to answer any questions you may have in the comments section below!

Soon after enterprises saw clear productivity gains when mobile workers were able to access their corporate networks with NCP’s web proxy VPN, more customers started demanding greater functionality from their SSL VPNs. Specifically, our users wanted to connect directly to certain applications on specific ports. In response to that demand, we introduced our second-generation SSL in the form of a thin client, which is a small footprint software client installed and linked via the SSL session.

Now, if companies wish to access non-http-enabled applications and are using an SSL VPN tunnel to communicate with a specific server within the company network, it is best to use a thin client SSL VPN. The thin client has to be installed at the end device and can be downloaded via Web browser. Specifically, companies use NCP’s port forwarding technology to open ports, configured by the administrator. These local ports allow software to securely communicate with the designated server within the company network.

As you can imagine, workforce mobility has forced companies to seek even greater SSL capabilities, like comprehensive secure access to the resources housed on internal corporate networks. Tune in next time, when we round out our May Feature of the Month series by explaining our portableLAN fat client SSL functionality.

If companies don’t migrate to Windows 7 or higher, they will leave their entire network and systems vulnerable to malicious exploits targeting the expired OS, like cyber and DDOS attacks, data theft and hacking. In other words, it’s absolutely critical that organizations migrate to a modern OS ASAP. To do this, however, companies will need to do a clean install, meaning they’ll need to transition all user data and reinstall or repackage all of their applications to the new Windows 7 or Windows 8 system.

Normally, this can be a time and labor-intensive process, and requires testing all hardware, peripherals and applications to make sure they work with one of Microsoft’s newest OSs. And this means third-party remote access VPN and security software, too – because, while Windows 8 comes will embedded features like DirectAccess and Secure Boot, their pitfalls make it essential to deploy layered security measures in order to effectively lock down a corporate network.

So as companies try to beat the clock, where should they turn? For optimal security without breaking the bank, they’ll need robust solutions that support the latest Windows OSs, which will maximize their investment during the migration process. For instance, NCP’s centrally managed IPsec VPN client suite, which is fully compatible with Windows XP/Vista/7/8, offers end users increased device and OS flexibility when connecting to their corporate networks.

But best-of-breed technology alone isn’t enough to secure an enterprise, especially as today’s threat landscape intensifies in complexity. Microsoft said it itself: “Securing an OS requires multiple layers of defense.” This means companies should deploy a combination of client device firewalls, hybrid IPsec and SSL VPNs as well as anti-virus software, all interconnected in intelligent ways, that can adapt to the dynamism of today’s shifting landscape – and the key will be finding third-party solutions than can play a role in this defense-in-depth strategy for powerful threat responses.

The first SSL feature we’d like to call attention to is NCP’s browser-based SSL VPN (Web proxy). This method puts the fundamental idea behind SSL VPNs into practice – it eliminates the need to install additional software at the end device. SSL VPN was originally introduced to address various shortcomings of its IPsec counterpart, such as usability, interoperability and scalability. In particular, the IPsec client-based approach was regarded as a difficult-to-manage process from both the administrator and user perspectives.

When SSL was initially introduced, it was thought of as a client-less technology in order to differentiate from the IPsec client-centric approach. However, SSL is actually involved on the client side, typically in the form of a Web browser. Since SSL comes pre-installed on all OSs, whereas with IPsec, a separate software install is often required, many companies opt for the SSL approach.

NCP created its “first generation” SSL VPN offering to be a simple yet effective technology: it isolates the internal web server from direct access from the Internet, and after successful authentication at the SSL VPN gateway, the user is granted access to the gateway.

Following the success of the Web proxy functionality, customers started demanding more. But, how can simple, browser-based SSL VPNs directly connect users to certain applications on specific ports, or provide transparent remote access to the central network?

For the answers to these questions and more, stay tuned. We will reveal how the NCP Secure Enterprise VPN Server has evolved to offer a thin client and a thick, portable LAN client for the most comprehensive connectivity, security and individual access control.

By: Rainer Enders, CTO, Americas at NCP engineering.

The Android mobile platform and its oft-publicized security limitations, along with those of other mobile operating systems (OSs), are guaranteed to be a hot topic at this year’s Interop event. After all, they have even caught the attention of the American Civil Liberties Union (ACLU), which filed a complaint against the four major cellular carriers in the U.S. for not doing enough to protect the private information of subscribers using the Android OS.

The security concerns associated with Android shouldn’t shock anyone. We’ve known there were problems for a long time now, and other popular platforms like iOS are not immune either. But, thanks to the bring-your-own-device (BYOD) and consumerization of IT trends, the implications of such issues are now much more significant. Enterprise network security architects and managers are limited in their abilities to secure certain remote access connections due to the lack of open APIs for security relevant functions, such as VPN and Device Firewall, in most mobile platforms. This also means that neither carriers nor enterprises can effectively deploy and manage such features built into a mobile OS to meet their specific security needs. So, if they choose to stick with the native security functions, if they exist at all, they are at the mercy of many limitations.

The consumerization of mobile devices has led to another serious side effect: significant relevant security functions, required by major industry verticals and government entities around the world, are missing in action.

It is clear that BYOD is no passing fad, and that companies in every industry must find ways to make it work without compromising their IT infrastructures and the sensitive data contained within them. With each passing day, more and more organizations recognize the need to go beyond the one-size-fits-all approach that comes with most mobile devices and OSs, and instead focus on technologies that combine the security they need with the convenience users demand. Additionally, the mobile device industry must be more concerned and engaged in endpoint protection strategies and technologies if these limitations are to be permanently fixed.

How and when the industry addresses these issues remains to be seen, but it is evident that BYOD and the consumerization of IT will not slow down to let Android, iOS or any other platform catch up. This means that businesses must take a proactive approach to meeting the security needs that the mobile platforms’ built-in features cannot presently live up to.

Keep your ears and eyes open at Interop Las Vegas 2013 – we think this security topic will prove to be among the most popular.

At the end of last year, we spent some time discussing a few projected network security trends for 2013. While there was room for debate on some topics, most people agreed that there was a clear need for more secure authentication methods. In hindsight, it appears that the experts were correct, and the traditional combination of username and password is no longer a strong enough security barrier to ward off hackers with increasingly sophisticated tools. But, this doesn’t mean that there is one answer that solves every problem.

Two-factor authentication in particular has received heightened media attention in recent weeks. Many users on Twitter, one of the fastest growing social networking platforms in the world, are clamoring for it in light of recent high-profile hacks. Most notably perhaps, the Associated Press (AP) handle was used to tweet (falsely) that President Obama was injured in a White House explosion. After the ruse was exposed, one glaring question emerged in the minds of security experts: could it have been prevented if Twitter used two-factor authentication?

In reality, two-factor authentication – a security process in which the user provides two means of identification – may not have prevented this attack. The Syrian Electronic Army, which claimed responsibility, reportedly obtained login credentials from a phishing email attack that prompted employees to enter their usernames and passwords. If this is true, Dan Kaplan of SC Magazine correctly points out that the perpetrators could have easily added another field for that second means of identification.

What we should learn from this is that there is no one magic technology that applies to every situation. However, robust security software combined with proper employee education on security best practices can help safeguard companies against most of today’s cyber threats.

The NCP Secure Enterprise Management software, for example, administers a one-time password that users receive via SMS. Each password is created by a random number generator within the NCP Advanced Authentication Connector and is automatically canceled after use. This eliminates the need to use third party solutions and enables two-factor authentication with only a mobile or smartphone. Ultimately, this creates additional security hurdles that hackers must clear in order to obtain access to sensitive company content.

One company that has embraced enterprise mobility is Truesense Imaging, a developer, manufacturer and marketer of the world’s highest performance image sensor devices. Today, NCP announced its virtual private network (VPN) technology is enabling Truesense employees to securely connect to the corporate network and work from home or on the road, improving both workforce mobility and productivity.

When Truesense’s increasingly-mobile technical and sales teams demanded secure, remote access to their corporate network in order to work seamlessly while off-site, the company recognized how important this was, not only for productivity, but also workforce morale and future recruiting efforts.  In order to attract top-level talent, organizations need to show that they are willing to invest in technologies that help employees do their jobs to the best of their ability.

For these reasons, Truesense chose NCP’s enterprise IPsec VPN clients and fully automated VPN management system, which provide a secure tunnel from any Internet access point into the corporate network using their company-owned Windows XP, Windows 7 or Mac OS X laptops. Now, with NCP’s robust VPN technology, Truesense is guaranteeing its mobile employees the same access and functionality as colleagues sitting in their offices, without compromising security.

For more information about the Truesense use case, go here.

Additionally, NCP will be discussing this use case next month at Interop Las Vegas and we invite you to stop by our Interop Booth #951 for further details.

By: Rainer Enders, VPN Expert and CTO, Americas, at NCP engineering:

Industry Perspective: What are some of the main security concerns for data center managers today?

Rainer Enders: The evolution of modern data centers, while beneficial for many reasons, is exposing serious security pain points along the way. For one, as data centers grow in size to keep up with enterprise computing needs, it becomes increasingly difficult for IT managers to adequately protect all corporate assets, which include everything from data and documentation to software and supplies. As capacity expands, data center managers are finding it harder to maintain critical IT compliance and security measures, such as managing and de-provisioning privileged user access, and running compliance reports that are growing in both depth and volume. Additionally, with the rising popularity of virtualized and cloud environments, data center managers are tasked with baking security into all compute, network, storage and hypervisor layers. This is a considerably difficult task, in light of the numerous emerging attack vectors that constantly increase in sophistication, such as ever-morphing advanced persistent threats (APTs) that are compromising critical corporate information.

IP: What specific security challenges arise as companies outsource to the cloud and rely on remote services with increasing frequency?

RE: The most critical security challenges that arise in cloud deployments are compromises to remote access connections—in the form of session-hijacking attacks, for example—and compromises of cloud-hosted resources, such as virtual machines, from within the hosted provider network. Insufficient security architectures and controls in operator networks can cause great harm. A major compromise can not only lead to a significant loss of critical data, but it can also infiltrate systems and serve as a platform for attacks against other systems or networks.

IP: What is the role of VPNs in enabling secure communication and service provisioning over the Internet?

RE: A virtual private network (VPN) not only secures all data transfers in an encrypted tunnel, but it also seals the communication as early as Internet dial-up, which is the most frequent vector for cyber-attacks. The optimal VPN solution offers the greatest possible flexibility, including support for IPsec and SSL, as well as seamless roaming capabilities between various communication media, such as LAN and Wi-Fi. It also enables IT administrators to centrally manage all clients, users and other relevant components of the VPN infrastructure. Remote services to critical infrastructure must be properly protected by means of the strongest secure remote-access technology such as IPSec VPN. It is no coincidence that IPSec is an integral component to IPv6, the next emerging Internet Protocol.

IPsec VPN clients, in particular, provide transparent Layer 3 remote access and offer high-level security in the form of strong authentication and authorization. Furthermore, they allow information-security professionals to tie in additional security functions, preventing malicious external attacks. Other potential security functions include hot-spot logon, managed endpoint dynamic firewalls and endpoint-protection policies. Lastly, IT managers should integrate VPNs into existing identity-management platforms and processes, including full automation of user provisioning, delivering high-end security, operational efficiency and cost effectiveness.

Stay tuned for Part Two of this Q&A next week.

According to Forrester, the goal is to streamline targeted business processes, improve employee performance and productivity, and enable faster and more fruitful innovation. This not only improves how companies work internally, but also how they deliver products and services to their clients. Furthermore, Forrester said in a recent blog post that the focus must shift from short-term profit realization to building long-term business value.

As the global workforce becomes increasingly mobile, companies are searching for ways to become more flexible and productive without compromising security. Whether embracing bring-your-own-device (BYOD) policies or supplying workers with company-owned laptops, smartphones or tablet computers, remote working capabilities are clearly on the minds of business executives everywhere. No longer is this issue and related decisions solely under the purview of IT departments.

Technologies like comprehensive VPN solutions with robust personal dynamic firewalls and seamless roaming features are highly sought-after by organizations that recognize the value of having security and convenience rolled into one package. BYOD popularity and mobile device use is only going to grow in 2013 and beyond, and businesses that invest in solutions that promote security, collaboration and innovation are likely to stand head-and-shoulders above the competition.