• DE
  • Main Menue

Secure Internet Access with secunet safe surfer

It is impossible to imagine everyday office routine without obtaining information via the Internet. The risks resulting from malware which may attack the workstation while you surf are often accepted as a necessary evil. The alternative is to generally block Internet access and only permit it on special PCs which are not connected to the internal network.

With secunet safe surfer, we have developed a solution which allows your staff to surf the World Wide Web securely and conveniently from their respective workstations. As a result of an intelligent encapsulation of the web browser, malware can no longer penetrate your internal network and reach the clients. The browser runs on a dedicated, highly secure surf server. The user only receives a representation on screen of the sites visited.

The secunet safe surfer works very well via WAN segments. It is possible to integrate external sites connected via narrowband to the central secunet safe surfer systems: Representations of the data on screen are compressed for transmission. Network loads are reduced to a minimum by means of caching algorithms. 

If malware infects the surf server, the malware can only survive for a few hours at most. Then the automatic reinstallation program starts which overwrites the manipulations by reinstalling the server system, thus rendering them harmless.

The safesurfer video

Secure surfing now convenient

The solution was implemented on the basis of the ReCoBS concept which was developed at the German Federal Office for Information Security (BSI). It consists of various Open Source components which are intelligently combined to allow secure and convenient surfing on the World Wide Web. 

In order to achieve optimum performance, the surf server should be redundant. This may not prevent minor delays which occur in the case of multimedia applications; however, when the user visits sites without these sophisticated features, practically no difference is noticeable to unsecured Internet access.

Files downloaded from the Internet are automatically sent to the user via e-mail so that any malware it may contain is detected by the standard virus scanners of the mail server. The same applies to documents to be printed. In this way, convenient work is possible without compromising security.

Additional security features

However, just separating the web browser and the internal network is not sufficient to ensure protection against attacks from the Internet. For this reason, secunet has developed additional security features:

  • Avoidance or anonymisation of user data
    No internal user data is stored on the surf server. The user profiles are created anonymously, making assignment to their owners impossible.
  • Separate logging
    The log data on events on the surf server are logged to an admin server by means of the syslog. This is separated from the surf server by means of a packet filter. This makes it difficult for potential attackers to cover their tracks.
  • Change root environment
    The user only has the authorisations which are absolutely necessary; for example, the user cannot view the configuration files of the operating system, which also keeps them safe from potential attackers.

Managed Security Services

Our Experts Maintain and Operate your Security Systems



Get directly into contact with our specialist division.

Contact form


Factsheet safe surfer