1. USB-Key authentication:
SANGFOR DKey is a USB Key dual-factor identification hardware device for SOHO and mobile users, and it is applicable for secure access to IPSec VPN and SSL VPN client. This device stores the security policy device such as the VPN key and digital certificate in the device to provide the user with secure and convenient access to VPN. This device contains USB port, without the need of separate card reader, and it can provide secure VPN authentication simply by connecting USB port of the computer. With compact design, this device can be hung on the key chain conveniently, so the user can access VPN network securely anytime, anywhere.

 

2. Single sign-on:
The user is authenticated successfully when the user logs on the authentication server, without the need of entering username and password again. The user can pass other related authentication when the user logs on the authentication server by entering the password once, so this reduces the number of password entry, and reduces the risk of the password leakage.

 

3. Page forward:
When the user is authenticated successfully, the user PC will be forwarded to the defined page from the authentication interface.

 

4. DPI:
DPI refers to Deep PIAMket Inspection. “Deep” is a term in comparison with the message analysis hierarchy of common L2-L4 switch or router. L2-L4 switch/router analyzes only the IP packet below layer 4, including the source address, destination address, source port, destination port and protocol type, while in addition to these, DPI incorporates the application layer (feature) analysis, application identification, and even the content identification.

 

5. Intelligent P2P identification:
This function is based on patented intelligent P2P identification technique to identify all P2P behaviors such as encrypted P2P, P2P variants of the same version and emerging P2P applications.

 

6. P2P variant:
It refers to P2P not fully consistent with above-mentioned P2P type with minor protocol modification.

 

7. Unknown P2P:
It refers to P2P which is based on but different with P2P protocol, and which does not emerge but may emerge.

 

8. Postponed Sending after Audit:
The email which is not compliant with the email sending and receiving rule will be intercepted by the access behavior management device and forwarded to the administrator’s mailbox. The email will be sent after the administrator checks that the email content complies with the requirement, and will not be sent if the email is not compliant with the requirement.

 

9. URL library introduction:
Our URL library includes different types as per the feature of webpage URL on Internet, such as news, employment, etc. For new webpage, we can use intelligent webpage identification technique to identify its type as per the feature of the webpage.

 

10. Antivirus engine introduction:
The antivirus engine of IAM is based on F-Prot Antivirus to kill the worm, virus and Trojan horse coming from Internet.

11. Multiplexing:
In case that IAM is deployed in the gateway, if there are multiple lines at the network exit, such as China Telecom and China Unicom, then when one line is busy but another is idle, two lines can be used to increase the network speed.

 

12. Intelligent routing:
In case that IAM is deployed in the gateway, if there are multiple lines at the network exit, then IAM sends the detection packet to two lines, the line on which the packet is returned first will be used as the access line.

 

13. Audit-free Key:
Once online behavior management device is deployed at the network exit, in addition to controlling the online behavior of intranet user, the audit to the network behavior of the user accounts for a large part of the device function; daily network access behavior of senior executives and decision makers in the intranet is likely to affect the confidentiality of the decision and future development plan, so usually, these behaviors should not be recorded and audited. Senior executives use this “Audit-free Key” to access Internet with any computer in the organization, and SANGFOR IAM device will not monitor and record the access. Once vicious IT administrator unchecks “Enable DKEY Monitor”, when senior executive inserts “Audit-free Key” in the computer again to access Internet, the device will give the alarm showing “The status of this Key has changed”, and prohibit the access to Internet, so this implements monitor-free function for sensitive users such as senior executives from the underlying layer of the device.

 

14. Log Check Key:
The data recorded by IAM may involve the user privacy. In order to protect the benefit of the employee, we assign different privilege levels for viewing the data center. Common administrator can view only statistic report and trend report, while the administrator with KEY can view detailed information of the user accessing the network.