TightGate-Pro

BSI-certified according to EAL3+.

The secure web browser for authorities, companies and industry

TightGate-Pro is a ReCoB system. ReCoBS stands for Remote-Controlled Browser System, literally “remote-controlled web browser”. TightGate-Pro physically separates the web browser execution environment from the workstation computer. The system shields the internal network from the Internet, effectively protecting against attacks from the Internet. TightGate-Pro is true ReCoBS and thus avoids the typical disadvantages of products advertised with similar arguments, which are based on local virtualisation. TightGate-Pro is used by public authorities, administrative institutions, financial institutions and industrial companies – in short: everywhere where Internet access at the workplace is indispensable and internal infrastructures must be secured in the best possible way. TightGate-Prois BSI-certified according to EAL3+.

How it works

With the TightGate-Pro remote-controlled browser system from m-privacy GmbH, the web browser is no longer executed on the workstation computer. Instead, a dedicated ReCoB server set up in the DMZ takes over the execution of the browser. The workstation computer only receives the browser’s screen output as a video data stream via a function-specific protocol. Conversely, mouse and keyboard signals are transmitted to TightGate-Pro, thus controlling the browser remotely from the workstation. A packet filter between TightGate-Pro and the computer workstations ensures that actually only the image data stream from TightGate-Pro can reach the clients, but not other network accesses.

Due to the independent, strongly hardened operating system , TightGate-Pro is far superior to any other solution based on virtualisation or sandbox in terms of security.

TightGate-Pro is placed in the DMZ and runs the web browser. The internal network can thus be completely sealed off from attacks from the Internet. Connections to trusted remote sites are possible as before. (Click to enlarge.)
Components of the communication of the ReCoBS TightGate-Pro

Components of TightGate-Pro

Like any real ReCoB system, TightGate-Pro consists of the dedicated ReCoB server, which is placed in the DMZ, and the client programmes.
The TightGate-Pro server provides the execution environment for the browser, while the client programmes are responsible for display, control and file exchange.
It is important that the viewer is state of the art and does not leave any attack vectors open. For example, ReCoB systems cannot be operated securely if powerful transfer protocols such as RDP, ICA, HDX or the local X server are used.

Secure for the network

The TightGate-Pro system from m-privacy GmbH is a dedicated ReCoBS. Dedicated because it runs on an independent server computer, i.e. not in a virtual machine or a sandbox. From a security point of view, this is an important feature, because only the physical separation of the web browser’s execution environment creates the preventive security that modern infrastructures need in view of the increasing pressure of attacks on the Internet.

Fully functional

It’s like surfing locally – that’s how it feels when you use the Internet via TightGate-Pro. You don’t have to get used to anything. Even multimedia content such as videos, Java applets or Flash animations can be used without danger. Uploads and downloads can be carried out conveniently via the file lock and text content can be exchanged safely with the local network via the clipboard. Printing web pages or other documents works just like printing local files.

High level of self-protection

Powerful self-protection is at the core of TightGate-Pro’s security. This means that attackers cannot compromise or paralyse TightGate-Pro. Protected in this way, TightGate-Pro ensures high availability of the Internet, because as more and more services are moved to the Internet, the availability requirements for the Internet are constantly increasing.