TightGate-Pro

BSI-certified according to EAL3+.

The Secure Web Browser for Government, Business and Industry

TightGate-Pro is a ReCoB system. ReCoBS stands for Remote-Controlled Browser System. TightGate-Pro physically separates the execution environment of the web browser from the workstation. The system shields the internal network from the Internet and thus effectively protects against attacks from the Internet. TightGate-Pro is a real ReCoBS and therefore does not suffer from the typical disadvantages of products promoted with similar arguments that are based on local virtualization. TightGate-Pro is used by government agencies, administrative institutions, financial institutions and industrial companies – in short: wherever Internet access at the workplace is indispensable and internal infrastructures have to be secured in the best possible way. TightGate-Pro is BSI-certified according to EAL3+.

TightGate-Pro

How it works

With the Remote-Controlled Browser System TightGate-Pro from m-privacy GmbH, the web browser is no longer executed on the workstation computer. Instead, a dedicated ReCoB server set up in the DMZ takes over the execution of the browser. The workstation computer only receives the screen output of the browser as a video data stream via a function-specific protocol. Conversely, mouse and keyboard signals are transmitted to TightGate-Pro and control the browser remotely from the workstation. A packet filter between TightGate-Pro and the computer workstations ensures that only the image data stream from TightGate-Pro can actually reach the clients, but not other kinds of network access.

Durch das eigenständige, stark gehärtete Betriebssystem ist TightGate-Pro jeder anderen Lösung auf der Basis einer Virtualisierung oder Sandbox in Puncto Sicherheit weit überlegen.

 

TightGate-Pro is placed in the DMZ and runs the web browser. The internal network can thus be completely isolated from attacks from the Internet. Connections to trustworthy remote stations are possible as before. (Please click to enlarge.)
Communication Components of the ReCoBS TightGate-Pro
TightGate-Pro

Components of TightGate-Pro

TightGate-Pro (like any ReCoBS) always consists of the dedicated TightGate-Pro server, which is placed in the DMZ, and the client programs.

The TightGate-Pro server represents the execution environment for the browser, while the client programs are responsible for display, control and file exchange.

It is important that the viewer is state of the art and does not leave any attack vectors open. ReCoB systems cannot be operated safely if powerful transmission protocols such as RDP, ICA, HDX or the local X server are used.

Safe for the network

TightGate-Pro from m-privacy GmbH is a dedicated ReCoBS. Dedicated because it runs on an independent server computer läuft, also nicht in einer virtuellen Maschine oder einer Sandbox. Unter Sicherheitsaspekten ist das eine wichtige Eigenschaft, denn nur die physische Trennung der Ausführungsumgebung des Webbrowsers schafft eine präventive Sicherheit, die moderne Infrastrukturen angesichts des steigenden Angriffsdrucks im Internet benötigen.

Fully functional

Als ob man lokal surft – so fühlt es sich an, wenn man über TightGate-Pro das Internet nutzt. Man muss sich nicht umgewöhnen. Auch Multimediainhalte wie Videos, Java Applets oder Flash-Animationen sind gefahrlos nutzbar. Up- und Downloads lassen sich bequem über die Dateischleuse realisieren und über die Zwischenablage können Textinhalte gefahrlos mit dem lokalen Netzwerk ausgetauscht werden. Das Drucken von Webseiten oder anderen Dokumenten funktioniert genauso wie das Ausdrucken von lokalen Dateien.

High availability

TightGate-Pro has strong self-protection, so it cannot be shut down by attackers from the Internet. This means that TightGate-Pro ensures high availability of the Internet, because the more services are transferred to the Internet, the higher the availability requirements on the Internet.