NCP's Secure Client products had been vulnerable to a Dynamic-Link Library (DLL)
hijacking attack that exploits a weakness when applications load external
libraries in Microsoft Windows.
The Bugfix requires Microsoft Windows XP (SP1 and later), Windows Vista or
Windows 7 to be effective.
For more information please visit our website:
http://www.ncp-e.com/en/downloads/library/technical-papers.html
The IPsec Client incorporates cryptographic algorithms conformant to the FIPS standard. The embedded cryptographic module incorporating these algorithms has been validated as conformant to FIPS 140-2 (certificate #1051).
FIPS conformance will always be maintained when any of the following algorithms are used for establishment and encryption of the IPsec connection:
- Diffie Hellman Group: Group 2 or higher (DH starting from a length of 1024 Bit)
- Hash Algorithms: SHA1, SHA 256, SHA 384, or SHA 512 Bit
- Encryption Algorithms: AES with 128, 192 or 256 Bit or Triple DES
For authentication purposes you can access (read only) user certificates, stored in the Windows Certificate Store, via CSP. You can only use this feature after successfully logging on to the windows system.
Since this function is only available after the user's logon to the windows system, it cannot be used for domain logon via VPN.
Configuration is carried out via "Configuration / Certificates" in the monitor menu.
Now you can enter a further, additional application in the configuration field for hotspot logon. This second application is responsible for communication since it is able to set up outgoing connections. An internal application-bound firewall rule monitors this application.
If both applications (hotspot logon and communication) are identical, you may refrain from entering anything in the parameter field "application for automatic firewall rule".
Carry out hotspot configuration via the monitor menu "Configuration / Hotspot". Set up the firewall rule via "Configuration / Firewall".
If you set up a connection via port 443 with the VPN Path Finder, the monitor displays this via an icon in its state display (below the HQ / Gateway to the right).
You can select the monitor interface language in the language menu item of the view menu. The following languages are available: English, German and French. Polish and Dutch have been removed. English, German and French are available as setup languages.
On Windows 7, data could not be transferred over a VPN tunnel when the supporting Internet connection was via a UMTS / Mobile Broadband link not established by the NCP Entry Client. This problem has been resolved.