The SafeNet Client is a Windows™ 95, Windows 98 and Windows NT 4.0 compatible software product which provides Virtual Private Networking (VPN) capability to a desktop or laptop computer. Based on the latest industry-standard IPSec recommendations, the SafeNet Client allows secure Client-to-Client or Client-to-Gateway communication over TCP/IP networks, including the Internet. The security services offered by the SafeNet Client include confidentiality via encryption, packet integrity and authentication via keyed hash, and identity authentication via Digital Signatures and X.509 certificates exchanged during key negotiation.
Features:
Full compliance with IPSec Standards including full support for:
Tunnel Mode or Transport Mode security - DES, 3-DES, MD-5, and SHA-1 algorithms
IKE (Internet Key Exchange using ISAKMP/ Oakley)
Compatible with PC Windows Communications devices such as LAN Adapters, Modems, PC Cards
Intuitive graphical user interface for configuring security policy and managing certificates
Easy to install and transparent to use
Compatible with virtually all Windows applications
Applications:
The SafeNet Client enables traveling "Road Warrior" communications back to the home office via
the Internet or dial-in remote access devices (client-to-gateway). Internal secure communications across a
LAN, WAN, or dial-up connections (client-to-client) are also easy to accommodate. The SafeNet Client creates
a Virtual Private Network when it operates on a shared, unprotected network.
Interoperability:
The SafeNet Client is interoperable with IPsec devices from major equipment manufacturers. It is approved
for pilot deployment by the AIAG ANXTM initiative and has been awarded IPSec certification from the
International Computer Security Association (ICSA). The SafeNet Client interoperates with IPSec-compliant
gateways such as firewalls, VPN routers, and gateway encryptors.
In the
diagram, secure connections are shown between peer SafeNet/SafeNet Clients A to B or B to D - as well as
between a SafeNet/SafeNet Client and an IPSec Compliant Gateway - A to C.
The SafeNet Client User Interface:
The SafeNet Client includes an intuitive and powerful Graphical User Interface (GUI) which allows the
workstation user or Security Officer to configure the security policy and manage certificates. The user
interface applications are accessed via an icon in the "tray" portion of the Windows Taskbar.
Aside from providing access to these applications, the SafeNet Client icon also gives a visual indication of
the status of the IPSec connections - Bypass, Negotiating, or Secure.
The SafeNet Client Security Policy Editor allows for configuration of security policy on a connection by connection basis. Each connection may be referenced by its IP address, a range of IP addresses, an IP subnet/mask, a Domain Name, an e-mail address, or a distinguished name. The user may configure connections to be Blocked, Non-secured (without protection), or Secured with ESP or AH transforms.
Connections not explicitly listed in the Security Policy table may be specified to be Blocked, Non-secured or Secured, using the "Other Connections" entry.
Other parameters, which may be defined for each connection, include its lifetime (expressed in seconds or bytes), encryption algorithm and authentication algorithm.
The SafeNet Client Certificate Manager provides a means to manage and view the local user's certificates as well as the certificates for the trusted signers. The user may request local generation of a private/public key pair and a certificate request for an X.509 certificate from a Certificate Authority (CA) or from a Local Registration Authority (LRA). The private key is never exposed outside of the client application. The Certificate Manager uses the standard PKCS#10 and PKCS#7 formats for exporting a Certificate Request and importing a signed certificate from the CA. The request and response are carried in standard disk file formats, e-mail messages or transferred over a network to and from the fulfilling CA if desired. The SafeNet Client also supports CRL retrieval using LDAP.
Specifications:
Security Standards
IPSec Standards
AH (Authentication Header)
ESP (Encapsulating Security Payload)
IKE (ISAKMP/Oakley) key management
X.509 v3 certificates
FIPS PUB 46-1: Data Encryption Standard
RFC 1321: The MD5 Message Digest
Algorithm
FIPS PUB 180-1: Secure Hash Standard
PKCS #7: Cryptographic Message Syntax
Standard
PKCS #10: Certification Request Syntax Standard
System Requirements
PC compatible computer with a Pentium processor
Microsoft Windows 95 or Windows NT 4.0 (with Service Pack 3) Operating System
18 MB hard disk space
16 MB RAM for Windows 95, Windows 98 or 32 MB RAM for Windows NT
CD-ROM Drive or 3.5" high density floppy drive for software installation
Internal/External Modem (non-encrypting) or network connection