|
At iWebGate, we strive to keep up with the changing needs of our customers who need fast, reliable and secure access to a variety of applications, information and reports residing in their office.
We understand that you have invested significant time, money and resources in your existing applications and infrastructure. iWebGate’s Ghost Network Platform is not designed to replace any of these but rather mirror services to establish a prudent layer of protection through your DMZ and provide additional functionality to your existing systems and business processes.
DMZ security has no boundaries - every business connected to the Internet should have a DMZ with services between their private network and the Internet (public network).
Our current range of customers come from a diverse spread of vertical and horizontal markets including telecommunication giants and global mining companies right through to freight forwarders and childcare facilities.
We have many customers that treat DMZ security as a "must have item", especially those who are bound to codes of ethics, sound corporate governance and/or frequently deal with confidential information including:
 Accounting Firms
Legal Practices
Financial Services
Human Resources and Recruitment Firms
Allied Healthcare Providers
We also have a number of software developers and managed service firms who deploy iWebGate's DMZ technology in their customer's networks to mitigate risk, optimize security and improve business performance.
Even the likes of Oracle, VMware and The United States Department of Homeland Security cite DMZ security as an integral practice of network security.
Self-built services within the DMZ seem too complex and expensive for most SMEs to implement and maintain.
The key to an effective security policy is to find the correct balance between security strength without hindering access to resources required by remote users - iWebGate elegantly achieves this.
The iWebGate Ghost Network Platform integrates a number of services which run in a single server with independent security permissions. This well crafted design ensures that if a service is breached, only that service that is affected and the level of access a successful hacker has is limited to that software only.
This methodology effectively emulates the scenario whereby each service is run on its own server, eliminating the risk involved for other services. Each network exposed process runs as a separate unprivileged user meaning that each service is protected from each other and can only communicate as though they were on separate servers.
What does this mean - iWebGate removes the need for you to purchase, implement, integrate and maintain an array of software that would typically need to be installed on a number of hardware devices. iWebGate is proud to keep your costs, complexities, land fill (i.e. end of life cycle) and power consumption down to an absolute minimum.
For additional technical information, please click here.
Based on customer experience, when your network deploys an iWebGate Ghost Network Platform within the DMZ, you can:
|
Overcome many network security and communication issues |
|
Generate additional revenue and deeper relationships with existing and new customers |
|
Significantly reduce the costs associated with inefficient business processes |
|
Boost green initiatives with less power consumption, travel, manual labor and waste |
Scalability is very important. iWebGate provides you with the unique opportunity to host services for multiple entities (sites) and their affiliated users without any per-user fees applying.
As an example, one of our customers (WorkPro) has deployed a single iWebGate Ghost Network Platform which currently services over 340 corporate entities and 93,000 affiliated users - seamlessly growing at approximately 800 users per week. Interestingly, this customer has not needed to employ any IT staff to manage the service!
Enjoy the possibilities of delivering an online service to every user
located in a small city like this from just one server!
|
Remote desktop access plays an integral role for many companies who want to reduce costs, generate additional revenue and improve carbon footprint by:
|
Providing staff with the convenience to access office resources anywhere, anytime |
|
Delivering services and support remotely without requiring travel |
|
Expanding services into new regions |
Many SMEs provide users with remote desktop access, using an array of applications like SSH, VNC and Microsoft's RDP by opening and linking ports at the perimeter firewall straight to business computers residing on their trusted network.
As previously highlighted, linking perimeter firewall ports directly to primary business systems is a very risky process.
The perimeter firewall usually has a number of weaknesses that ultimately enables a hacker to enjoy remote access to your business systems as conveniently experienced by your trusted users.
The security policy adopted by network administrators who deploy this type of feature is based on the misconception that their software and/or underlying operating system is 100% secure (i.e. there are no security mechanisms in place that prevents a hacker from having direct access to resources).
The severe risk associated with linking ports to business servers along with some connection protocols not being encrypted has led to the wide adoption of Virtual Private Network (VPN) services. Clients frequently complained about their VPN service where they:
|
Could not connect when working with low bandwidth connections (i.e. satellite, intercontinental delays) |
|
Frequently complain about unpredictable connections (i.e. couldn’t connect, slow connections, frequent drop outs) |
Aside from the technical inefficiencies and performance issues, VPN services are considered a security risk. First and foremost, the VPN service establishes a start topology which weakens network security policies because it’s frequently resides on the trusted network. A port within the perimeter firewall (i.e. 1723) is then opened and directly linked (mapped) to the VPN service. It’s a brave move to consider VPN software or services to be 100% secure.
In the event that VPN services are breached through poor configuration or known vulnerabilities, the hacker can find themselves with remote access to your entire trusted network.
It should be noted that VPN services are not a network security measure - they are a mere form of remote access.
iWebGate’s Bridging services enables authorized users to securely connect to their office with the greatest speed and reliability whilst at the same time not needing to:
|
Directly expose business computers to the internet; or |
|
Use inefficient, complicated and vulnerable VPN services |
For end users, they simply login to their iWebGate DMZ environment and click on a pre-established icon to initiate a remote connection to a computer in their office (i.e. no need to install software or remember network details).
The iWebGate Bridging services support concurrent connections which means all users can remotely access a computer in the office pending the device supports concurrent connections (e.g. Terminal Server) - without any per user and/or computer connection fees applying on a monthly basis.
iWebGate ensures that network administrators are in full control. From one central location they are able to control who has access and to which computers for a variety of remote connection protocols (e.g. RDP 5 & 6, VNC, SSH). Importantly, no per user or host connection fees apply. Click here for more technical information.
Working seamlessly with existing infrastructure, iWebGate’s Bridging service delivers superior performance where many customers report:
|
Faster performance when previously connecting with RDP via open and mapped ports at the perimeter firewall |
|
An ability to connect with great speed and reliability in situations where VPN could not connect |
|
Significantly faster and more reliable connections when compared to VPN connections |
Improvements in remote access mean greater convenience for staff which results in more revenue generating opportunities and decreased time delays (costs).
The following calculator has been setup to demonstrate the value of remote connection or connecting without the inefficiencies associated with VPN connections.
Our customers frequently comment on the ease, speed and reliability in which they can now securely connect to the office when working remote.
|
|
Access anywhere and anytime is a challenge for most organizations to meet. Network Engineers place securing private networks at the top of their priority list and are under constant stress to reconfigure their networks with every small change.
This introduces the problem of how to ensure users have uninterrupted access to Internet resources without having to allocate public IP addresses to each computer - which is just not viable given the current shortage of IP4 addresses.
Remotely connecting to office computers via direct links from firewall ports or VPN services are basically one directional (i.e. enables a connection to a computer located on the office network). New challenges arise when users want to connect to computer devices that reside in disparate networks (e.g. remotely connect to customer's computer for remote support and/or services).
To address this challenge and/or the difficulties establishing a remote desktop connection using firewall port redirects and/or VPN services, many SMEs subscribe to 'web-hosted' remote desktop services. The problems associated with most of these web-hosted remote desktop services include:
|
Don't support concurrent connections (i.e. if users want to connect a central server at the same time, they each need to connect to a different workstation which then needs to connect to the central server - imagine the costs, inefficiencies and/or power consumption) |
|
Per user and/or workstation fees apply on a monthly basis |
|
From a security perspective, data connections usually need to traverse (pass through) a central server hosted by a 3rd party provider who holds the encryption keys |
|
Connection is typically done at a 'layer 3' level which means users must use and work with a 3rd party remote desktop application |
|
Often administrators don't have central control over multiple connections and/or users |
Peer-to-Peer (P2P) technology has improved awareness of firewall "hole punching" techniques that address the inability for peers to communicate directly. However, it often means new software has to be developed or existing software needs to be modified in order to take advantage of P2P communications which is often costly, inefficient and results in proprietary protocols that other software may not understand.
iWebGate's virtual local area network (VLAN) over multi peer-to-peer (MP2P) service puts an end to these problems. Click here for technical information.
iConnect Peering is a zero-config, remote access solution similar to VPN and requiring nothing more than a Broker Server (included with your iWebGate Ghost Network solution), installing the software and creating your VLAN networks though very simple Peer management. There is no need to adjust any settings to firewalls including simple NAT firewalls.
By working at the Layer 2 level, iConnect Peering provides a viable alternative to traditional VPN services by incorporating a software-based alternative to securing and accessing computers located in any network - regardless of their platform, applications or physical location.
Unlike VPN services, iConnect Peering connections do not need to traverse through a central VPN server (i.e. star topology) in order for two disparate peers to communicate via legacy network connections. iConnect Peering connects two or more peers at a pseudo-layer 2 level allowing any legacy network aware software to communicate using direct P2P technology without the need to re-write a single line of code!
New applications can also take advantage of this software without the need to understand how P2P software connections work.
Interestingly, a VLAN can be created and modified without needing to physically reconfigure the network - making life really simple for Network Administrators. Communications are encrypted and conducted through a direct P2P channel - allowing you to strike an optimal balance between remote access security and performance whilst reducing overall bandwidth requirements - making connections faster and more reliable!
Now here is the real difference - unlike VPN services, iConnect Peering allows users to connect to peers (computers) located in remote networks. Designed at a Layer 2 level, existing LAN-based systems are now able to communicate over a direct peer-to-peer (P2P) connection without changing a single line of code.
In simple terms, iConnect Peering will allow you to:
|
Remotely connect to computers residing in disparate networks |
|
Establish faster, more reliable and secure remote connections |
|
Host a remote connection solution for customers |
|
Eliminate potential VPN security vulnerabilities by isolating computers into secure private communities or zones |
|
LAN-based software is now P2P enabled without changing a single line of code |
|
Business Intelligence (BI) reporting supports better business decisions by quickly and reliably delivering more, yet easy to interpret, information to relevant stakeholders.
Companies frequently store information in different data sources (i.e. application databases, spreadsheets) which reside in local and/or remote networks.
Remote Network Issues
|
IT personnel wrestle with the security issues, technical complexities and costs associated with obtaining information located in disparate networks. |
|
If there are problems and/or issues with reports, 3rd party solutions and/or remote access connections are needed to access to the applications or data sources in which the information was derived (see remote access issues above). |
Local Network Issues
|
Most companies are reluctant to email BI reports due to risks involved with issuing business sensitive information via unencrypted connections. Management typically need to access reports anywhere, anytime. This need raises the following options: |
|
a) |
Users login to their trusted network via some means of remote access (i.e. see issues above); or |
| |
b) |
Additional services (e.g. web, file management) need to be implemented to support the online reporting process- which raises additional expenses, complexity and security concerns.
From a security perspective, network security policies are often weakened with the introduction of online BI reporting services because the centralized data collection and reporting system often resides on the same network as other primary business services (e.g. email, file management, terminal services). Direct internet access to online BI reporting services could enable a hacker to launch an attack on other services within the same network - especially if they share a common administrative username and password. |
|
The majority of Business Intelligence technologies collect information directly from data sources, which typically reside on the same network, using Object Database Connectivity (ODBC) drivers. This is an extremely risky process, especially if BI reporting services are provided online, because a breach of the centralized data collection and reporting system could enable a hacker to directly access a data source. |
|
Small to medium companies are often reluctant to implement BI reporting solutions because most centralized data collection and reporting systems often prove expensive and difficult to set up and use.
BI reporting costs often include hardware, upfront data collection and reporting software, per user license fees and report customisation fees. |
With an iWebGate Ghost Network Platform, your BI reports are serviced in your DMZ to ensure that your primary business systems and information residing in your trusted networks remain protected.
Once generated, reports should avoid email (i.e. unencrypted communication) and be accessible over the web with secure connections. iWebGate's Ghost Network Platform includes 'File and Folder Management services' that play an integral role in facilitating this functionality.
iWebGate's Ghost Network Platform treats your trusted network as disparate as any other remote network. Therefore, we created an iWebGate Data Agent (iDA) which automatically negotiates a secure connection with your designated iWebGate Ghost Network Platform to send information on pre-scheduled or manual run-now process.
Once the information is securely collected in your iWebGate Ghost Network Platform without a permanent or in-bound connection to your data source(s), the in-built 'Reporting Services' automatically generates the reports and distributes them into permission-based folders for trusted users to access.
For end users, they simply login to their Ghost Network Platform via their favorite web browser (e.g. IE, Firefox) or open a small application on their smartphones (i.e. Apple iPhone) to quickly, reliably and securely access their reports |
|
Network administrators are in full control. They can design reports, schedule when and where information is collected from plus manage access rights on a company, site and user basis - with no per user fees applying.
Reports include:
|
Dashboard Reporting |
|
Self-Reconciling |
|
Dynamic Reporting (i.e. moving parts) |
|
Historical Reporting |
|
Static Reports |
|
Benchmark Reporting |
|
Consolidated Reporting |
|
Alert Triggers (via Email and/or SMS) |
Many organizations use the Reporting Services in their Ghost Network Platform to quickly create their:
|
Financial Reports |
|
Asset Reports |
|
Operational Reports |
|
Inventory Reports |
|
Physicals Reports (i.e. mining companies) |
|
Carbon Emission & Environmental Reports |
|
HR Reports (e.g. wages, payslips) |
|
Benchmark Reports |
|
Sales Reports |
|
...and many more |
Sample Reports:
Your iWebGate Ghost Network Platform delivers BI reporting with your DMZ in mind. Click here for more technical information.
There are many BI reporting solutions on the market but iWebGate's Ghost Network Platform:
|
Enables you to deliver "cloud" reporting services from existing systems and data sources residing in local and remote networks (e.g. accounting firm is able to automatically generate and securely deliver reports from clients existing systems)
How ... iWebGate's Data Agent (iDA) is able to securely collect information automatically from remote networks without any firewall issues |
|
Customers frequently need more and improved reports compared to those provided in their existing Accounting, ERP, CRM and Business Management systems. The end result is a large demand for report customisation services |
|
Integrates a number of complimentary services to complete the BI reporting process (e.g. remote application access, file management, email and sms services) |
iWebGate's eliminates the time, errors, environmental issues and costs associated with manually compiling, reviewing and delivering business reports.
Here is a simple calculator to help estimate how much you and your customers can save - especially when you can now deliver 'cloud' reporting solutions.
|
|
Customers want the ability to exchange large and/or sensitive files without using:
|
3rd party services providers (i.e. reluctance to rely on untrusted providers, not willing to justify the expense of per user or file fees) |
|
Unencrypted email connections (i.e. when intercepted, the hacker can simply read all content) |
A common method used to overcome these problems is to implement an in-house file server which is accessed over the Internet using FTP (file transfer protocol) clients which then opens the door to additional problems:
|
A hacker frequently enjoys the freedom of conveniently accessing the file server much like trusted users do because the file server is directly exposed to a volatile public network like the Internet via port redirects at the perimeter firewall (e.g. port 21 is opened at the perimeter firewall and directly linked to the file server) |
|
It proves extremely difficult to open a file residing on the file server and directly work on it (i.e. edit, save) using FTP. Thus the end user must inefficiently download the file using their FTP client, save it on their local computer, open it to make modifications and then save it on their local computer and finally upload the latest file onto the file server using their FPT client (i.e. overwriting the old file) |
|
The file server is not easily managed (i.e. setup, backup, establish companies, set user permission rights) by your average computer user |
|
Establishing and using an FTP client often proves complicated for many end users |
|
FTP connections are frequently done over unencrypted frameworks |
The iWebGate Ghost Network Platform includes file management services with the following features:
|
The iWebGate file management interface enables your average user to be able to conduct complicated tasks (e.g. quickly setting up a company and user permission rights with granular control) |
|
Online (HTTPS) and encrypted FTPS access |
|
WebDAV services are incorporated which enables users to open, edit and save files residing on a remote web/file server as if that file resided on their local computer or network |
From a security perspective, folders can be mounted to file servers (e.g. Windows File Server) that reside in trusted networks. The file server residing in the trusted network is never directly exposed to the Internet. In the event that the file services in the Ghost Network Platform are breached, the hacker has no access to the files because:
|
The files do not reside in the Ghost Network Platform |
|
The Ghost Network Platform detects unauthorized access and does not grant access to file server residing on the trusted network |
Overcoming insecure file transfer process and file size restrictions, trusted users can remotely access the information they need from any computer connected to the Internet (including smartphones) with the greatest speed, reliability and security - often with no software installations required and in a company-branded environment!
Our customers gain control of their information and the systems they reside in. They can then establish new ways in dealing with staff, contractors, suppliers and customers.
Our customers, especially professional service firms, can:
|
Host online file and folder storage services for numerous customers |
|
Establish collaborative document storage areas (i.e. particularly useful during times of mergers, acquisitions and insolvency) |
|
Integrates a number of complimentary services to complete the File Management services - For example:
- Email and/or sms users when files are uploaded or modified by other trusted users
- Automatically collect files and/or information from disparate networks for remote backup services |
|
Seamlessly integrate with existing LAN-based document management systems to keep "business as normal" for staff but allow customers and suppliers to securely access their files online (e.g. eliminate the need to email files) |
|
|
Most organizations already have a mail server in place. Surprisingly, the majority of SMEs directly expose their primary email server to a volatile public network like the Internet through port redirects (e.g. ports 25, 110, 143) at the perimeter firewall.
Email services are frequently attacked because virtually all email clients handle HTML, multimedia content and so on which rely on the underlying system libraries to parse this content. The bad news is that virtually every HTML rendering engine has exploitable flaws and most image and multimedia files also have exploitable flaws.
The iWebGate Ghost Network Platform includes an additional email service to network with free and effective anti-spam and anti-virus filtering included. Email can be filtered in your DMZ and then passed through to your primary email server residing on your trusted network.
In the event of a network breach, the email server residing in the trusted network is not directly exposed to the Internet and no email, apart from spam, should be found on the mail server residing in your Ghost Network Platform which sits in your DMZ.
The establishment of email forwarding and alias accounts is made really simple in your Ghost Network Platform with no per user or account fees applying. Users can access their email anytime on their favorite device (i.e. smartphone, notebook computer) with the Ghost Network Platform supporting both IMAPS and POP3S connections along with the ability to provide secure access to Microsoft Exchange Server.
|
The free and effective anti-virus and anti-spam filtering services found within your iWebGate unit can be used for both in-bound and out-bound mail ... significantly reducing the amount of spam email your network disseminates! |
|
Particularly useful for companies with multiple offices, significant cost savings and business efficiency can be achieved with "Multi-DMZ Server Exchange Tunnelling" which involves two (or more) DMZ Servers and an Exchange Server behind one of these DMZ Servers.
Because this setup uses two DMZ Servers, an effective "SSL tunnel" is established by using proxy maps. Apart from the possible bandwidth limitations of the Internet, the Exchange Client has no idea that the Exchange Server resides in another remote network and believes the iWebGate DMZ server in its physical network to be the Exchange Server.
The Exchange Server and Exchange Client both remain securely behind their respective firewalls and DMZ Servers and are never exposed directly to the Internet. No VPN or private IP tunnelling is needed and connections are performed purely over HTTPS to improve security and performance and minimize bandwidth use. |
|
The Ghost Network Platform's ability to support multiple sites enables you to host an effective email service for many companies - with no per user / account fees applying |
|
The ability to quickly and easily establish email alias and forwarding accounts proves particularly useful for users working on collaborative projects (e.g. send an email to project_name@yourdomain.com and all members of the project receive the email) |
|
Web site hosting services are a core feature of most networks, not just DMZ security zones. Your iWebGate DMZ Solution is equipped with everything needed to begin hosting multiple web sites and affiliated services including a fully integrated and easy to use content management system called iCatalogue
An example of iCatalogue in full action can be seen at www.richgro.com.au where the whole website is driven by iCatalogue
Click here for technical information.
|
Education and training is typically recognized as a necessity for many SMEs. Services are likely to incorporate some form of printed or CD-ROM material which result in repetitive preparation time, cost and resources. Furthermore paper and CD-ROM based training services prove difficult when trying to measure improvements in knowledge and/or providing post event resources.
Your iWebGate DMZ Solution provides a highly interactive learning and presentation tool that allows administrators to easily create and implement custom built, web based programs with the ability to track outcomes and compare user results.
Training material can include video, text, images, flash, audio, animation, HTML and dynamic forms. Content does not have to reside in your iWebGate DMZ Solution because content can be derived from any web server - regardless of location.
Implementing corporate training, customer education, product demonstration and organizational compliance programs just got easier.
|
| Our Customers: |
Our Customers Include: |
Significantly reduce the costs, resources and time delays associated with delivering training services
Significantly reduce costs and waste material associated with paper and/or CD-ROM based programs
Provide users with the ability to conveniently review content on demand from any location
Automatically track and measure learned outcome experiences
Provide users with a rich and interactive experience |
Professional service firms wanting to host services for customers (e.g. recruitment and employment agencies, accounting firms)
Progressive companies that are moving towards online services to improve efficiencies and reduce costs (e.g. mining companies) |
Your iWebGate DMZ Solution includes a simple web-based SMS messaging system.
With setup being as easy as purchasing SMS credits, the SMS feature is ideal for any organization that needs to improve the communication process or introduce a low cost business marketing and reminder tool.
Administrators also have the freedom to easily authorise user access rights from one central location.
|
| Our Customers: |
Our Customers Include: |
Instantly decrease messaging costs
Conveniently send messages to individuals and/or groups from any computer connected to the Internet without installing any software
Send messages as though they appear to come from mobile phones
|
Professional sporting teams
Recruitment firms
Medical clinics
Professional service firms (e.g. accountants) |
|
