TightGate-Pro
Preventive security
The secure web browser for government, businesses, and industry
TightGate-Pro is a Remote-Controlled Browser System (ReCoBS) – a web browser that physically separates the browser’s execution environment from the workstation computer. This effectively shields the internal network from the Internet and reliably protects it against attacks and data leakage.
How it works
So simple, so secure
With the ReCoBS TightGate-Pro system, the web browser is no longer run on the workstation. Instead, a dedicated server in the DMZ takes over the execution. The browser display is encrypted and transmitted to the workstation as image and sound data, while mouse and keyboard inputs remotely control the browser.
An internal packet filter firewall between TightGate-Pro and the workstation ensures that only image data from TightGate-Pro reaches the client and no further network access is possible. This allows the internal network to be completely isolated from the Internet, while defined connections to trusted remote stations and internal data remain possible.
Components
Less is more
A real ReCoBS system such as TightGate-Pro consists of two components:
- the TightGate-Pro server in the DMZ, which runs the browser,
- and the client programs (viewers) on the workstations.
The TightGate Viewer displays the browser’s screen content, enables control, and regulates secure data exchange. It corresponds to the current state of the art and offers no target for malicious code.
High functional
Secure, practical, and user-friendly
In addition to maximum security, TightGate-Pro offers numerous functions that make everyday work easier and maintain the usual ease of use—without compromising on protection.
MagicURL link switch
The integrated MagicURL link switch automatically ensures that Internet addresses are opened in the correct environment—internally in the local browser or externally via TightGate-Pro. Manual switching is not necessary.
Printing
Web pages and documents can be printed directly to local printers or as PDF files from the TightGate-Viewer.
Copy & paste
Automated file exchange with the Internet is prevented for security reasons.
However, text transfer via the clipboard remains possible – exclusively in Unicode format and without formatting. This maintains convenience without compromising security.
Utility programs
TightGate Pro offers a range of carefully tested applications that allow found content to be processed directly in the protected environment.
These include an office suite for creating and editing documents, a PDF viewer, an archiving program for unpacking and decrypting files, and various multimedia tools for secure playback of audio and video content.
Secure web conferences
TightGate-Pro enables secure participation in web conferences – even with a microphone and camera connected directly at the workplace.
Certification
Security that stays secure
TightGate-Pro (CC) 1.4 is designed for highly sensitive environments and was certified by the BSI (BSI-DSZ-CC-0589) in 2015 according to Common Criteria EAL 3+. The formal certification expired in 2020 as scheduled; the underlying protection mechanisms remain effective unchanged.
Comparing secure browsing
Explained in detail
Why there is no such thing as a 100% secure browser, which risks really matter and which options the BSI recommends. Everything at a glance – from the BSI minimum standard for web browsers to the optimum solution of a separate browsing environment.
The top 5 for ‘safe surfing’
The big picture
1) Locally secured web browser
2) Microvirtualisation
3) System virtualisation
4) Surfing via terminal server
5) Separate browser via ReCoBS
