Reflection for Secure IT Client for Windows

Reflection for Secure IT Client for Windows uses the SSH protocol to provide secure file transfer and terminal access capabilities in both graphical and command line formats. It is part of the Reflection for Secure IT family of SSH clients and servers for Windows and UNIX—all designed to protect data in motion.

TECHNICAL SPECIFICATIONS

Connectivity

• SSH2 protocol: IETF SecSh Internet drafts (RFCs 4250–4254, 4256, 4462, 4344, 4345, and 4716)
• SSH1 protocol for compatibility with older protocol servers
• SCP1 for compatibility with OpenSSH Servers

Cryptographic Library Validation

• FIPS 140-2 Level 1 (Certificate #1027)

User-Friendly Interfaces

• Familiar graphical user interface
• Batch/command-line scripting via ssh, sftp, and scp commands
•  Convenient setup for multihop connections

Secure File Transfer

• SCP:
  • Replaces the nonsecure rcp command
  • SCP1 support
• SFTP:
  • Replaces the nonsecure FTP protocol
  • Complies with draft-ietf-secsh-filexfer
• Secure, graphical FTP client utility:
  • Support for wide variety of FTP servers by SFTP protocol, FTP over SSH, standard FTP (unencrypted), FTP over SSL/TLS, and Kerberized FTP (TLS)
•  Servers supported:
  • Windows-based, IBM System z, IBM System i, UNIX, NetWare, Unisys, HP 3000, and OpenVMS
  • File browsing on IBM mainframes with no host-side intrusion or modification
  • Site-to-site transfer between servers
  • Automation tools (script recorder and Microsoft OLE Automation)
  •  Preserve timestamps and file attributes during SFTP transfers

Tunneling

• TCP port forwarding (Local/Remote)
• FTP protocol (dual-channel)
• X11 forwarding
• Gateway port
• RDP protocol (secures Microsoft remote desktop access)

Encryption Algorithms

• Ciphers:
  • AES (128, 192, and 256 bit CTR)
  • AES (128, 192, and 256 bit CBC)
  • 3DES (3 56-bit key CBC)
  • Blowfish (128 bit CBC)
  • CAST (128 bit)
  • Arcfour (128 and 256 bit)
• MACs:
  • HMAC-SHA1 and HMAC-SHA1-96
  • HMAC-SHA256 and HMAC-SHA512
  • HMAC-MD5 and HMAC-MD5-96
  • RIPEMD160
• Key exchange:
  • RSA
  • Diffie-Hellman

Authentication

• Server authentication:
  • Public key (RSA and DSA)
  • PKI X.509 certificates
  • GSSAPI
• User authentication password:
  • Local
  • Windows Domain (Active Directory) authentication
• User authentication public key:
  • RSA
  • DSA
  • Agent forwarding
  •  Smart card support for agent forwarding
• Keyboard interactive:
  • RSA SecurID
  • RADIUS
  • Keyboard-interactive password
• PKI X.509 certificates:
  • Reflection Certificate Manager
  • Windows Certificate Manager (MSCAPI)
  • Online Certificate Status Protocol (OCSP) support
  • Certificate Revocation Lists (CRL)
  • LDAP/Active Directory retrieval of CRLs and intermediate CA certificates
  • PKCS #12 key and certificate storage
  • PKCS #11 smart card support
  •  Shared trusted certificate store location
• GSSAPI/Kerberos:
  • Reflection Kerberos client
  • Microsoft SSPI logon credentials
  • Supports both user and host authentication using GSSAPI

Emulation Types

• VT500 and VT420
• VT320, VT220, and VT100
• VT-UTF8
• Linux Console
• BBS-ANSI and SCO-ANSI
• QNX
• xterm

International Support

• French
• German
• English
• Japanese

Operating Systems

•  Microsoft Windows 7
• Microsoft Windows Vista (Service Pack 2)
• Microsoft Windows XP (Service Pack 3)
• Microsoft Windows Server 2003
• Microsoft Windows Server 2008 (including R2)
• Windows Terminal Server
• Citrix XenApp 

System Requirements

• Any system that meets the minimum requirements for the Microsoft Windows operating system
• Disk space varies depending on the features installed
• Network interface card