Kerio launches new Contol Box NG100 for small businesses

We’re excited to announce the launch of the new Kerio Control Box NG100 – an all-in-one network security hardware appliance for small businesses! Read more at http://bit.ly/1H2R85h

Kerio's photo.

Kerio Control 8.5 out now

What’s New in Kerio Control 8.5
Edit Text

Kerio Control 8.5 boosts security for remote access with the addition of 2-step verification, while adding numerous usability improvements for users and administrators alike.

  • 2-Step Verification - improve security for remote access by requiring users to enter a one-time passcode in addition to their standard credentials.
  • Service Discovery forwarding - easily connect to printers and other discoverable devices over VPN and across different networks behind the same firewall.
  • VPN Client Improvements - easier management of multiple VPN connections and new Mac OS installer enables “push” installation via 3rd party tools.
  • Improved/New Alerts - keep informed of important firewall events with an expanded set of alert triggers with a new default set of alerts for new installs.

 

To download this latest version visit the support section of our website and to learn more about what’s new in this release check out the release notes.

Here is a quickstart guide

http://kb.kerio.com/product/kerio-control/quick-start-with-kerio-control-1558.html

Configuring IPsec VPN Iphone and Android

IPsec overview

Kerio Control supports IPsec. IPsec (IP security) is a security extension for Internet Protocol (read more in Wikipedia).

Kerio Control uses IPsec for VPN implementation. IPsec can be used for:

  • IPsec VPN server for connecting clients (desktops, notebooks, mobile devices etc…)

  • IPsec VPN tunnel for connecting LANs

This article describes using IPsec VPN server and configuring clients.

For securing the communication you can use:

  • a preshared key (PSK, shared secret)

  • a SSL certificate

  • both methods in Kerio Control (client application must use only one method).

Each user must provide their credentials for authentication.

Configuring IPsec VPN server with a preshared key

The preshared key is a shared password for all users using an IPsec VPN.

VPN Server Properties

VPN Server Properties

  1. In the administration interface, go to Interfaces.

  2. Double-click on VPN Server.

  3. In the VPN Server Properties dialog (see screenshot VPN Server Properties), check Enable IPsec VPN Server.

    Kerio Control is able to provide the Kerio VPN server and IPsec VPN server simultaneously.

  4. On tab IPsec VPN, select a valid SSL certificate in the Certificate pop-up list.

  5. Check Use preshared key and type the key.

  6. Check Enable MS-CHAP v2 authentication, if the users’ passwords are stored in a format which supports MS-CHAP v2.

    User passwords are stored in a format supports MS-CHAP v2, if they are:

    • mapped from Microsoft Active Directory

    • local, but authenticate in Microsoft Active Directory

    • local + Store password in MS-CHAP v2 compatible format is checked in the user dialog (see screenshot Add/Edit user dialog in section Users)

      Add/Edit user dialog in section Users

      Add/Edit user dialog in section Users

  7. Save the settings.

Configuring IPsec server with a SSL certificate

  1. In the administration interface, go to Interfaces.

  2. Double-click on VPN Server.

  3. In the VPN Server Properties dialog, check Enable IPsec VPN Server.

  4. On tab IPsec VPN, select a valid SSL certificate in the Certificate pop-up list.

  5. On tab IPsec VPN, check Use certificate for clients.

  6. Check Enable MS-CHAP v2 authentication, if the users’ passwords are stored in a format which supports MS-CHAP v2.

    Users passwords are stored in a format supports MS-CHAP v2, if they are:

    • mapped from Microsoft Active Directory

    • local, but authenticate in Microsoft Active Directory

    • local + Store password in MS-CHAP v2 compatible format is checked in the user dialog (see screenshot Add/Edit user dialog in section Users)

  7. Save the settings.

Configuring clients with a preshared key

Tell your users what to prepare for the configuration of their clients:

  • VPN type: L2TP IPsec PSK

  • Kerio Control hostname or IP address

  • preshared key (PSK, shared secret)

  • username and password for access to firewall

Supported mobile devices

Many mobile devices support IPsec VPN and may work with Kerio Control. However, Kerio Control officially supports the following list:

  • Android 4 and higher

  • iOS 6 and higher

Examples of Apple iPhone and Android settings

Examples of Apple iPhone and Android settings

From Kerio more information about the Heartbleed bug

OpenSSL vulnerability CVE-2014-0160 (Heartbleed)

SummaryThe National Institute of Standards and Technology (NIST) has published a vulnerability to OpenSSL 1.0.1. Details regarding the vulnerability are available from the NIST website. The following Kerio products used the affected version of the OpenSSL library…

  • Kerio Connect 8.2.0 and higher
  • Kerio Control 8.2.0 and higher
  • Kerio Operator 2.2.0 and higher

Resolution

A fix is available for Kerio Connect as of version 8.2.4. You can download this release from the Kerio Website.

A fix is available for Kerio Operator as of version 2.2.5. You can download this release from the Kerio Website.

A fix for Kerio Control is expected to be released on April 10, 2014.

Additional information and security precautions can be found at the following location: http://goo.gl/filNif

The Heartbleed bug

 

Please Note, Tipp Technical Solutions is currently updating all affected servers.

Dear Kerio Connect Customer,

The Heartbleed bug, which was discovered Monday, exposed a serious global vulnerability in OpenSSL 1.01. The vulnerability allows an attacker to read arbitrary data from the process memory. Customers using Kerio Connect version 8.2.0 and higher are affected.

This vulnerability is fixed in Kerio Connect 8.2.4, which was released today. We advise all affected customers to visit our knowledge base to find details of product updates including guidance for installation.

LEARN MORE

Kind Regards Kerio Technologies