Connecting systems or networks of different security levels, where one of the systems may be untrusted and outside the organisational control poses a great security risk. Secure Remote Access is a high security solution that offers data loss- and intrusion-prevention.
Enabling secure access to systems
Today’s advanced attack methods requires that attack surfaces are reduced and permitted remote access methods are limited. Stopping malicious code from entering the protected network or stopping any sensitive information from leaving the protected network will be hard if these threats are not handled with care.
Advenicas Cross Domain Solution provides secure access to protected neworks like ICS/SCADA environments or classified systems.
Validating all information
Advenicas Secure Remote Access Solution, RDP Application for SecuriCDS ZoneGuard, employs a well-defined information access methodology to reduce attack exposure. It safe-guards both the confidentiality and integrity of the interfaced systems by:
- transforming the Remote Desktop Protocol stream into single bitmap images, keystrokes and mouse movements at the cross domain point
- validating the bitmap images, the keystrokes and the mouse movements to ensure correct information types
- applying flexible filters, e.g. noise on the images, adding variables to mouse movement or restricting valid keystroke codes
Typical use cases include
- providing secure access to several different systems in diverse security domains from a single computer
- enabling users in a protected network to access resources in a lower classified network including Internet
- safe guarding jump servers and providing secure remote access for suppliers of equipment or off-site consultancy
Multiple resources and user handling
The Secure Remote Access solution supports multiple resources or servers on the protected network. Users are defined using a RDP Credentials Generator application which also sets which resources the user is permitted to access. Users trying to establish an RDP connection to the ZoneGuard device will be validated and displayed with a list of allowed resources to access. To establish a connection to a resource, the resource specific credentials must be entered by the user.