Secure Sockets Layer remote access vendor Whale Communications is coming out with a set of features for its e-Gap Remote Access gear intended to make it safer to use unsecured machines to connect with corporate servers.

The equipment follows the model that other SSL remote access vendors use: a remote user connects to an SSL proxy via a standard Web browser, authenticates, and establishes an SSL session that is proxied to the target server for e-mail and Web-based applications.

This architecture can be used for remote access from corporate machines or it can be used to make remote access possible from virtually any Internet-connected PC. In the latter case, users may log on from Internet kiosks, view documents, then go on their way. The danger lies in what traces of their activity are left behind on the PC and whether that is exploited by the person who uses the machine next.

To help prevent this type of security breach, Whale's e-Gap Remote Access Advanced Edition offers a feature called Attachment Wiper that purges any documents that may have been downloaded during a session with an e-Gap appliance. That includes cookies, completions of forms that may include data such as credit-card numbers and the history of the session.

Using the feature requires the browser to allow the download of an ActiveX agent that does the work when the session is over. If the browser won't allow it, the e-Gap can be set to block any downloads to that machine. The policy is known as Can't Wipe, Can't Download, says Whale's CEO Elad Baron.

The Advanced Edition can also issue a cookie to an employee's home computer to signal that the machine is more secure than a machine in a kiosk. That cookie triggers a more liberal access policy for the home machine than would be allowed on an untrusted machine such as one in a kiosk, Baron says.

Another security feature is a time-out warning so sessions don't get broken inadvertently. For example, if someone is writing a long e-mail, their Microsoft Exchange session might timeout for inactivity. But e-Gap will signal the user with a dialog box warning that the session is about to expire. Clicking on the box refreshes the session. Whale is developing a database of common applications for which it will issue such warnings.

Tim Greene is senior editor at Network World.