Client-Side Browser Switch

An intelligent Browser Switch is integrated into the client software on user devices.
When a user clicks a link or enters a URL, the Browser Switch checks the requested address against a whitelist. All approved intranet URLs are forwarded as usual. Any URLs not included in the whitelist are automatically redirected to the isolation server and passed to the browser app there.

The Browser Switch and its whitelist are managed by the company’s administrator via the Admin Cockpit.

The client software ensures that users cannot bypass the TARJA protection concept — i.e., they cannot access the public internet directly without going through the isolation appliance. 
 

Server-Side File Editing

Files downloaded from the internet can be safely viewed or edited directly on the isolation appliance. To do this, a new app box is created, an Office application is loaded into it, and the file to be edited is mounted into the app box.

Using the Office app, the user can open, edit, and save the file. If the file was infected and malicious code was executed during viewing or editing, the app box may be affected as a result. However, no real damage occurs, since the app box is automatically deleted once the Office app is closed. 
 

File Gateway

In many cases, it’s sufficient for users to safely view and edit data downloaded from the internet. However, some users may need to store specific files locally on their devices or upload local files to the internet — for example, as email attachments. The ability to exchange files between the isolation appliance and user devices is implemented via a File Gateway with integrated antivirus protection.

The system administrator can assign specific permissions to individual users or entire groups:

• Restrictable based on user roles
• Upload and/or download permissions can be defined
• MIME-based file type filtering
• Copy/paste functionality
• Printing files from the isolation appliance to the user’s local device