AccessPoint SSL VPN
Source Code Toolkit
View the AccessPoint SSL VPN Datasheet »
End Point Security
Web File and Credential Management from Menlo Logic: Increasing security and privacy for web based remote access.
The AccessPoint portal provides end point security by erasing all Internet web files saved during the SSL VPN session. When a user logs into an Internet web site, the web browser automatically saves hidden records to multiple locations on the client machine: temporary Internet file directories, the system registry, downloaded program file directories and more.
Because AccessPoint provides encrypted remote access from any location, it is important to make sure that sensitive data, such as web files and cookies are deleted from the client machine. AccessPoint provides three methods: HTTP no-cache directives, an ActiveX based web cache controller and an encrypted, session-based cookie to prevent data from being stored or reused to log into the AccessPoint SSL VPN portal. All temporary web files are deleted from the system after the SSL VPN session is terminated. With the AccessPoint Web Cache Control, companies can extend web-based access to any networked device with confidence.
Web browsers cache web pages and images, passwords, and cookies, to enhance the performance and user experience while browsing the Internet. However, this provides backdoors through which malicious hackers can steal passwords, cookies and company information.
To ensure secure, private browsing experience, AccessPoint employs three methods that reduce the risks of web-based remote access. The first is HTTP no-cache directives. The SSL VPN portal web pages include headers that direct the browser against storing web pages and files on the local disk. The HTTP no-cache directives apply to all platforms with HTML 4.0 compliant browsers.
Some systems will store temporary Internet files and stored passwords regardless of the HTTP header data. So the AccessPoint SSL VPN portal also includes an ActiveX web cache control for Windows platforms. The web cache control is activated when an end-user logs out of the portal or closes the web browser window. When the web cache control is activated, it searches the temporary Internet files folders, the system registry, and web indexers for SSL VPN session information. Then the AccessPoint web cache control informs the end user that the history files are being deleted.
IT administrators must use AccessPoint rule policies to prevent files and documents from being downloaded and saved to client machine via portal services such as FTP.
In addition, it is very important to ensure that the AccessPoint login session key is not saved or compromised. So the login session key is saved as an encrypted session-based cookie. The session-based cookie is deleted when the user logs out of the SSL VPN portal. But even if a malicious user was able to copy the cookie from the running memory before the SSL VPN session terminated and decrypt the MD5 hash of the session key, they would not be able to login to AccessPoint. This is because the session key is a temporary ID created by AccessPoint when the user logs in. Once the user has logged out, the ID is no longer valid.
For greater security and flexibility, the AccessPoint SSL VPN Toolkit includes a Create Session ID API that customizes the data contained in the encrypted session key. API options include the user name, time and date, IP address and other information that can identify a valid user when the user logs in.