Check Point Abra
Encyclopedia
Check Point GO is a USB drive that combines an encrypted USB flash drive
with virtualization
, VPN and computer security
technologies to turn a PC
into a secure corporate desktop. By plugging Check Point GO into the USB port of a Microsoft Windows
® OS-based PC or laptop
, users can launch a secure virtual workspace that is segregated from the host PC. This allows users to securely access company files and applications from any remote location, including insecure host environments such as a hotel business center or Internet café
.
Check Point GO uses hardware and software encryption
to protect user credentials, documents, and other sensitive data, so that data cannot be compromised in transit or in the event the device is lost. The system uses an authentication
process that enforces minimum levels of password
strength, as well as certificates and security tokens for multifactor authentication for remote connectivity. The device interfaces with software on a corporate server to support company policies and security updates through security gateways.
Software Technologies Ltd. and SanDisk Corporation in March 2010 to address security and compliance issues for companies with remote employees. Workers have been increasingly demanding remote access to company applications and data. Personal equipment accessing the network can pose a risk to corporate networks, creating a potential avenue for corporate data loss or allowing unsecure connections.
The companies cite that the Check Point GO system provides a solution for companies that want to let their employees purchase and manage their own PCs and laptops, for those needing high security (including encryption) for computing devices outside the workplace, as well as contractors/vendors who require access to the company network while working on site.
Since its release, the product has won industry awards including "IT Product of 2010" by Computerworld and was named one of the “25 Hot Products to Watch” at the 2010 RSA Conference by CRN Magazine.
. Upon successful login, a new explorer.exe instance is started in the Check Point GO Secure Workspace. All subsequent processes are started as child processes of this new explorer.
Check Point GO uses the software installed on the host PC to run applications such as Microsoft Word
and Microsoft Excel
, but the user’s documents remain secure in the Check Point GO environment – a virtual workspace that runs parallel to the host environment. All file and registry input/output calls for the secure application inside Check Point GO are redirected to the flash drive
.
All applications running on the Check Point GO desktop (including the new explorer) operate in a virtual file system and registry. The virtual files and registry data are instantly written to the flash drive and immediately encrypted.
Currently, Check Point GO does not work on all Windows workstations, due to incompatibility with enterprise client settings.
USB flash drive
A flash drive is a data storage device that consists of flash memory with an integrated Universal Serial Bus interface. flash drives are typically removable and rewritable, and physically much smaller than a floppy disk. Most weigh less than 30 g...
with virtualization
Hardware virtualization
Computer hardware virtualization is the virtualization of computers or operating systems. It hides the physical characteristics of a computing platform from users, instead showing another abstract computing platform...
, VPN and computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
technologies to turn a PC
Personal computer
A personal computer is any general-purpose computer whose size, capabilities, and original sales price make it useful for individuals, and which is intended to be operated directly by an end-user with no intervening computer operator...
into a secure corporate desktop. By plugging Check Point GO into the USB port of a Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
® OS-based PC or laptop
Laptop
A laptop, also called a notebook, is a personal computer for mobile use. A laptop integrates most of the typical components of a desktop computer, including a display, a keyboard, a pointing device and speakers into a single unit...
, users can launch a secure virtual workspace that is segregated from the host PC. This allows users to securely access company files and applications from any remote location, including insecure host environments such as a hotel business center or Internet café
Internet cafe
An Internet café or cybercafé is a place which provides internet access to the public, usually for a fee. These businesses usually provide snacks and drinks, hence the café in the name...
.
Check Point GO uses hardware and software encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
to protect user credentials, documents, and other sensitive data, so that data cannot be compromised in transit or in the event the device is lost. The system uses an authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
process that enforces minimum levels of password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
strength, as well as certificates and security tokens for multifactor authentication for remote connectivity. The device interfaces with software on a corporate server to support company policies and security updates through security gateways.
History
Check Point GO (formerly Abra) was first introduced by Check PointCheck Point
Check Point Software Technologies Ltd. is a global provider of IT security solutions. Best known for its firewall and VPN products, Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology...
Software Technologies Ltd. and SanDisk Corporation in March 2010 to address security and compliance issues for companies with remote employees. Workers have been increasingly demanding remote access to company applications and data. Personal equipment accessing the network can pose a risk to corporate networks, creating a potential avenue for corporate data loss or allowing unsecure connections.
The companies cite that the Check Point GO system provides a solution for companies that want to let their employees purchase and manage their own PCs and laptops, for those needing high security (including encryption) for computing devices outside the workplace, as well as contractors/vendors who require access to the company network while working on site.
Since its release, the product has won industry awards including "IT Product of 2010" by Computerworld and was named one of the “25 Hot Products to Watch” at the 2010 RSA Conference by CRN Magazine.
Technology Architecture
When Check Point GO is inserted into the USB port of any PC, the user is presented with a login screenScreen
- Separation or partitioning :* Window screen, a wire mesh that covers a window opening* Fire screen, a device to put in front of a fireplace* Windbreak of trees or shrubs* Windshield , protects the driver of a vehicle...
. Upon successful login, a new explorer.exe instance is started in the Check Point GO Secure Workspace. All subsequent processes are started as child processes of this new explorer.
Check Point GO uses the software installed on the host PC to run applications such as Microsoft Word
Microsoft Word
Microsoft Word is a word processor designed by Microsoft. It was first released in 1983 under the name Multi-Tool Word for Xenix systems. Subsequent versions were later written for several other platforms including IBM PCs running DOS , the Apple Macintosh , the AT&T Unix PC , Atari ST , SCO UNIX,...
and Microsoft Excel
Microsoft Excel
Microsoft Excel is a proprietary commercial spreadsheet application written and distributed by Microsoft for Microsoft Windows and Mac OS X. It features calculation, graphing tools, pivot tables, and a macro programming language called Visual Basic for Applications...
, but the user’s documents remain secure in the Check Point GO environment – a virtual workspace that runs parallel to the host environment. All file and registry input/output calls for the secure application inside Check Point GO are redirected to the flash drive
USB flash drive
A flash drive is a data storage device that consists of flash memory with an integrated Universal Serial Bus interface. flash drives are typically removable and rewritable, and physically much smaller than a floppy disk. Most weigh less than 30 g...
.
All applications running on the Check Point GO desktop (including the new explorer) operate in a virtual file system and registry. The virtual files and registry data are instantly written to the flash drive and immediately encrypted.
Currently, Check Point GO does not work on all Windows workstations, due to incompatibility with enterprise client settings.
Specifications
| Check Point GO Host Platform Support | |
|---|---|
| Operating systems | Windows 7 (32 & 64-bit, Home Premium, Enterprise, Ultimate) Windows Vista (32 & 64-bit, Home and Professional, SP2+) Windows XP (32-bit, Home and Professional, SP3+) |
| SmartCenter Management Server | |
| Operating systems | Check Point SecurePlatform™ Windows Server 2000/2003 Solaris 8/9/10 Red Hat Linux Enterprise 3.0 |
| SmartCenter GUI | |
| Operating systems | Windows 2000/2003, ME, XP, Vista Solaris 8/9/10 |
| Encrypted USB Drive | |
| SanDisk USB Drive | Available capacities: 4, 8 GB High-speed USB 2.0 interface AES 256-bit hardware encryption FIPS 140-2 Level 2 certified drives available |
Versions
| Version R65 | Installed with: |
|---|---|
| Security Gateway | R65 HFA60 R65 HFA60 Check Point GO Hotfix |
| SmartCenter server | R65 HFA60 R65.4 or R66 Connectra plug-in R65 HFA60 Check Point GO Hotfix |
| SmartDashboard Version | R65.4 with Check Point GO R70.1 update |
| Version R70.20 or R70.40 | Installed with: |
| Security Gateway | No additions |
| Security Management Server | No additions |
| SmartDashboard Version | SmartDashboard for versions with Check Point GO R70.1 update |
| Version R71.1 | Installed with: |
| Security Gateway | No additions |
| Security Management Server | No additions |
| SmartDashboard Version | R71.1 for versions with Check Point GO R70.1 update |
Awards
- It was distinguished with "The best international innovation" award at the 2010 Information Security Day (ITBN) conference in Hungary.
- It Received the Computerworld Czech Republic's annual "IT Product of the Year" in 2010.
See also
- Check Point VPN-1
- Circuit-level gatewayCircuit-Level GatewayA circuit-level gateway is a type of firewall.Circuit level gateways work at the session layer of the OSI model, or as a "shim-layer" between the application layer and the transport layer of the TCP/IP stack. They monitor TCP handshaking between packets to determine whether a requested session is...
- Comparison of firewallsComparison of firewallsThe following tables compare different aspects of a number of firewalls, starting from simple home firewalls up to the most sophisticated Enterprise firewalls.-Firewall software:...
- FirewallFirewall (computing)A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
- List of Linux router or firewall distributions
- Packet
- Sandbox (computer security)Sandbox (computer security)In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites....
- Screened-subnet firewallScreened-subnet firewallIn network security, a screened subnet firewall is a variation of the dual-homed gateway and screened host firewall. It can be used to separate components of the firewall onto separate systems, thereby achieving greater throughput and flexibility, although at some cost to simplicity...
- Unified threat managementUnified threat managementUnified Threat Management is a comprehensive solution that has recently emerged in the network security industry and since 2004, has gained widespread currency as a primary network gateway defense solution for organizations...
- Virtual firewallVirtual firewallA virtual firewall is a network firewall service or appliance running entirely within a virtualized environment and which provides the usual packet filtering and monitoring provided via a physical network firewall...