Mac OS X VPN Client Blasts Through Firewalls


Add one to the list of virtual private network clients for Mac OS X. This one comes from security tools developer NCP engineering, a channel-friendly German company with offices in Mountain View, Calif.

Useful capabilities of the tool -- the company’s first for the platform -- include automatic connection, seamless switching between IPsec and SSL and a built-in firewall. The NCP Secure Entry Mac Client works on Intel-based Macs running Leopard and Snow Leopard, and lists for $144. An enterprise edition is planned within months that will add hostile network detection and automatically invoke firewall and other settings when appropriate to bolster security.

The CRN Test Center downloaded version 1.0 shortly after the software was released in mid-June. Testers found a stable application that was easy to install and set up, and after a few custom settings for our test network, the client worked quietly in the background. A traffic-light icon in the Mac OS X Dock indicates connection status, and when the firewall is active, the light is protected by a red brick wall.

There’s no shortage of free VPN clients for Mac OS X, including Apple’s own.

But for government users and other paranoids, compliance with the Federal Information Processing Standards (FIPS) is a must, and is lacking in many free tools. Not so with the NCP Secure Entry Mac Client, which is certified to the FIPS 140-2 specification.

It also supports VPN Path Finder, a feature familiar to users of NCP’s VPN client for Windows, allows for a secure data connection from behind public-hotspot firewalls and other instances where an IPsec VPN connection is typically not possible.

And it’s in such situations that according to Martin Hack, executive vice president of NCP engineering, a personal firewall is most important.

“If you’re on a Starbucks network and you get spoofed, someone now has a secure connection to your corporate network,” he said “A personal firewall adds layers of security around the tunnel, and those layers are necessary to protect the corporate network.”

Friendly Net Detection, a feature currently available only on the company’s Windows client, detects whether the network is friendly or hostile, and automatically erects a firewall accordingly. The function will be implemented in the enterprise edition for Mac OS X later this year, as will the option of preventing connections to a corporate VPN from within the corporate network. The purpose here is to preserve gateway resources and prevent routing disruptions.

While pricing of the Mac OS X enterprise edition hasn’t yet been set, it’s expected to be on par with its Windows counterpart, which lists for $180.

NCP offers multi-level discount programs for resellers, as well as certification training and a lead generation program.

NCP Secure Entry Mac Client is available now. Resellers can download fully functional versions for Mac or Windows to evaluate for 30 days.

We'd like to test the automated features of the enterprise edition and become more familiar with the company’s Windows VPN client and centralized management tools. We will withhold recommendation until then.