Catseye™ SPN - Articles

There are more than 20 SSL VPN appliances on the market. Catseye™ SPN is radically better. Here’s why.

During the last few years, Virtual Private Networks (VPNs) have become the preferred technology for remotely accessing an organization’s internal network. Because VPNs utilize the readily available Internet backbone, they have allowed organizations to significantly reduce the cost of remote access versus previous private network systems.

Most early VPNs utilized a technology called IPSec that required remote computers to have specialized software installed on the computer. Therefore it was virtually impossible to walk up to a machine in a location such as an airport lounge and access the VPN.

A few years ago, vendors began introducing VPNs that utilize SSL (Secure Sockets Layer) technology that is built into all common web browsers such as Internet Explorer and Netscape Navigator. SSL VPNs have the advantage that any machine with a standard web browser can be used to access an organization’s internal network. Therefore remote users can now perform tasks such as accessing their internal email systems from an airport lounge anywhere in the world. However, this freedom has been at the expense of security, until now.

The new Catseye™ SPN incorporates a number of patented* features that are unique in the industry. These features provide organizations a radically better solution than competitors SSL VPNs.

Let’s look at these advantages in more detail.

Advantage #1: Slashes the cost of Web Publishing

As long as a PC is running Windows 2000/2003 or XP (even on a desktop machine), a user can easily install the Catseye Agent software that will allow them to begin securely publishing to the Internet.

Because of the unique Catseye™ SPN architecture, web publishing can now be accomplished in a simple, low-cost AND highly secure manner. By separating the Internet ‘listener’ and the private ‘responder,’ Catseye™ SPN provides a major advance in security that also reduces both the cost and complexity of a typical SSL VPN installation.

Advantage #2: Separation of Web listener & responder

The radical advantage of the Catseye™ SPN architecture is a result of separating the listening and responding functions of the system. Competitors’ VPN systems require that sensitive information such as databases and user passwords be placed in a public or semi-public area connected to the Internet. However, because Catseye™ SPN splits the listening and responding functions, sensitive information can be safely stored on computers on an organization’s internal private network, not accessible from the public Internet.

Using Catseye™ SPN, the Internet connected device only has to listen, therefore the insecure functions associated with responding to requests have been removed from the listening device. The responder that performs all the decisions regarding ‘who can get what’ is securely located away from the public Internet.

Another major patented innovation of the Catseye™ SPN is that incoming VPN connections are fully controlled by the responder and not the listener. This feature adds yet another unique layer of protection for Catseye™ SPN customers against Internet threats.

Advantage #3: User information is kept private

In order to access a system, the details that a user submits must be compared to those held within a company directory. Because of the unique Catseye™ SPN architecture, no user information is stored on computers in the public or semi-public Internet zone. This helps protect user information at all times. It also improves system security because user details only have to be added or deleted in the internal directory. This eliminates the danger that directory synchronization may not correctly de-activate a user account across the multiple directories required by competitor’s systems.

Advantage #4: Securing Database information

There is a common misconception that credit card information is usually stolen while in transit over the Internet. However in fact most credit card theft is a result of hackers breaking into computers that are storing credit card details in a database.

Using Catseye™ SPN, databases containing highly sensitive data such as credit card numbers and personal details can be kept securely on an organization’s internal network.

Advantage #5: Secure updating of a public portal

Since the information provided from a Catseye™ SPN system resides on computers on an internal network, updating information that can be remotely accessed via the Catseye SPN system is simple. Whereas competitors’ systems require that updated information must be securely transferred to computers within an organization’s public or semi-public Internet zone, Catseye™ SPN eliminates this step. Now to update information on a public portal is identical to updating an organization’s internal portal.

Advantage #6: Reduces complexity of synchronization

Catseye™ SPN eliminates the need to have two different copies of an organization’s portal, one internal and the other for remote access via the Internet. Therefore system complexity and administrative overhead is reduced along with the elimination of errors that can result when the two systems do not correctly synchronize.

Advantage #7: Responder allows Firewall lockdown

In order to access document portals from the Internet, competitors’ systems require many ports on an organization’s Firewall to be opened. Opening ports on a firewall can be compared to opening doors in an apartment block. In a single apartment block there are many doors, each of which can be open or shut. The more doors that are opened, the more difficult it is to secure a system. Catseye™ SPN allows the Agent responder to operate behind a fully closed Firewall. This provides yet another radical improvement over competitors’ systems.

Advantage #8: Catseye™ Agent and Server security

The Catseye™ Agent responder communicates with the Catseye™ server listener via an encrypted secure channel. Because this channel doesn't use standard HTTP traffic, it is highly protected against the multitude of common attacks that hackers use via HTTP. This also allows security administrators to implement strongly hardened security measures on both the Catseye™ responder and listener computers.