Providing High Security Access for Mobile Users Connecting to Restricted Networks
Employees who travel regularly may need to access your network via laptop to carry out tasks such as retrieving and processing data, using internal applications online, etc. This should be simple to do, regardless of the employee’s location and using all of today’s channels of communication.
These are the requirements of the users, but an important question remains: How is reliable IT security ensured during remote work? After all, sensitive data is to be transferred via the Internet and processed on laptops. And – even more serious from the perspective of security – access is to be granted into your LAN with all of its confidential information. It is therefore essential that third parties be neither able to read or manipulate the data that is being transferred nor abuse the access to your LAN.
The vs-top laptop ensures that mobile personnel are able to connect securely to sensitive company and official networks. The security laptop achieves this through two separate working environments: One can be equipped with conventional Windows or Linux applications, such as browser, e-mail programs and word processing programs. The second working environment is used exclusively to process sensitive data. Encrypted connections from this environment to your network are established via mobile telephony, WLAN or Ethernet using an integrated VPN (Virtual Private Network) solution, made in Germany. With the vs-top, your users can comfortably work anywhere.
vs-top has been approved by the German Federal Office for Information Security (BSI) as meeting the requirements of classification levels German and NATO RESTRICTED and RESTREINT UE/EU RESTRICTED. This allows mobile employees of public authorities, the German armed forces and companies to use the security laptop to work with classified data.
The security components on the vs-top are centrally administrated by the genucenter management station. This means that you can set up the desired configuration for all mobile users from a central location as well as modify it and install updates at any time, ensuring consistent implementation of your security policy. You thereby achieve a very high level of mobile security.
The key to the high level of security is the strict separation between the internal areas. This is because applications such as e-mail programs or browsers offer numerous avenues of attack. If attackers or malicious software should manage to, e.g., compromise the browser, they must be stopped from accessing the working environment for sensitive data or, even worse, from accessing your network via VPN. The strict separation in the vs-top is made possible by the L4 separation system, which runs in the background, unnoticed by the user.
The L4 separation system used on the security laptop creates strictly isolated compartments for each working environment: the browser, mail and office applications are locked in one compartment, the working environment for sensitive data in a second. Located in a third compartment are the VPN gateway and firewall security systems. Each compartment is equipped with its own operating system and is therefore fully independent of the others.
This systematic separation means that attackers or malicious software cannot break out from one working environment into the next or, worse, into the security systems. Through the use of the separation technology, the compact vs-top provides a level of security that up until now could only be achieved with the use of additional, separate hardware. In addition, the sensitive data on the hard drive of the security laptop has been reliably encrypted and can only be accessed with a corresponding smart card and PIN. Even if the laptop is lost, no one can access your data.