NS One NS One
Bâtiment Oslo - Les Fjords
19, avenue de Norvège - ZA Courtaboeuf 1
91140 Villebon sur Yvette - FRANCE
Tél. : +33 (0)1 69 59 12 00
Fax : +33 (0)1 69 59 12 05

Contact form >
  • Autonomous solution
  • Centralized administration
  • No direct connection
  • Risk of attack minimal
  • A non-intrusive solution
  • High-performance

Web applications have become a new source of attacks on Information Systems, through the exploitation of security vulnerabilities in these new applications.

As a complement to conventional security tools (firewalls, intrusion detection systems, etc.) which provide little protection for the application layer and do not prevent the opening of TCP connections, NS One has developed a single solution that makes it possible to create a tight barrier between the private network and the Internet, and that prohibits direct access to the Information System.

By installing the SG One solution to secure your Web applications, you allow your users to connect to the SSL gateway through a standard web browser. In this way, they are able to access the internal enterprise resources according to pre-defined rights from any workstation, anywhere.

schema sgone web

The SG One solution

SG One is a solution offered in the form of an appliance to simplify implementation. It makes it possible to secure the various access points to the enterprise’s Information System: e-mail, web, applications, etc. using the various plugable security modules.

With the implementation of the SG One solution to secure your Web applications, you allow users to connect to SSL proxy via a standard Web navigator. Thus, they can reach the internal resources of the company according to preset rights, whatever the place and work station used.

Easy to implement, the SG One solution is delivered in the form of an appliance. Solution proactive and complementary to the traditional security equipments, it allows the creation of a tight barrier between the private network and the Internet by prohibiting the direct access to the Information System.

More informations

Each SG One appliance is composed of a framework based on a securied Linux core and of Reverse Proxy (Virtual hosting and load balancing IP and URL, End-to-End encryption).

Various modules are then added to meet the customers needs according to their business activities and the requirements for their security policy: type of users and accessible applications, volume of information and connections, security level, etc.

Integrated modules

The IPS module is responsible for inspecting the data flows (header, URL and page content) and includes white lists and black lists mechanisms. It prevents any attacks at the http/https level.

The OneWay module is based on a unique architecture developed by NS One that uses a system of network partitioning (diode), to reverse the direction of data exchanges and to authorize firewalls to block all traffic of external origin.

The Crypto module is, in fact, a cryptographic acceleration card integrated in all NS One appliances. It enables up to a five-fold increase in throughput for 128 bit encryption configurations and supports more than 4000 RSA 1024 Bits/s.

To ensure better security, the Crypto card may be replaced by the HSM cryptographic acceleration card. To prevent any risk of spoofing, the cryptographic keys are generated directly and stored in the card. Designed and manufactured in Europe, it meets the FIPS 140-1 security standards for random number generation and secured key storage.

Each SSL VPN appliance includes a Manager module, which is a solution for the management of network and security configurations. Designed for large-scale deployments, this solution allows granular and precise security management for each protected site. The administration system distributes the network configuration and security policy to the appliances located in the DMZ in order to protect the internal network.

Optionals modules

The Identity module is used to set up an authentication and permissionsmanagement system. It authorizes joint use of several authentication databases, and allows specification of the rejection policy for unknown users or erroneous passwords.
Identity supports the major authentication systems: LDAP directory, NTLM/SAMBA server, Microsoft’s Active Directory, RADIUS server, XELIOS, Identity server (NS One’s proprietary authentication and authorization solution).

Log Agent
NS One developed the Log Agent module to collect data from the various appliances deployed and to make the data available to a centralized Log* solution.
* Refer to the LOG One global supervision solution developed by
NS One

The Portal module allows non-technical users to create an application access portal, which is automatically generated by the administration interface after the user selects the remote access applications.


Online service partitioning

  • Tight barrier between the private network and the Internet. Rupture of protocol (proxy)
  • Supports all the Web servers and applications servers (Apache, IIS, SunOne, Websphere,etc)
  • The majority of the protocols are transported : http, https, ftp, Citrix, Pop, Imap, Telnet,etc

SSL acceleration of E-business applications

  • Coding of the HTTPS transactions (RSA, RC4, DES, 3DES, SHA, MD5) with one or more Crypto cards


  • Certificats X509 (including with HSM), LDAP annuary, Active Directory from Microsoft, Radius, Xelios

Application firewall to black attack attempts

  • Inspection of exchanged flows (headinf, URL and pages contents). Regular update of the attacks base
  • Association of white lists and black lists

Online services availability

  • Reduction of the risks of attacks per Deny of Services
  • Distribution of load of entering flows (several internal agents for an external agent)
  • Redundancy actif/passif of the agents (externals and internals)




  • Network partitioning
    Very restrictive firewalls configuration.
  • Application firewall
    Detection of attacks at the application level.
  • Simple implementation
    No intervention on client computers and no specific deployment.
  • Web enabled administration
    SSL access to all functions.
  • Access portal to applications
    Automatically generated by the administration interface.
  • Multi-protocol solution
    Relays protocols http, https, ftp, Citrix, POP, IMAP, telnet, etc.
  • High availability
    Double fault-tolerance through redundant architecture.

Ils nous ont fait confiance


Ag2r, AvBank, Axa Banque, Azur Assurance, Banque de France, Banque Populaire, BFT, BNP, Caisse d’Epargne, Crédit Agricole, Crédit Coopératif, Crédit Mutuel, GMF, HSBC, ING Direct, La Banque Postale, Macif, MMA, Société Générale, Sofinco,...