Intelligent Solutions for the Highest IT Security Requirements



Similar documents
Intelligent Solutions for the Highest IT Security Demands

L2 Box. Layer 2 Network encryption Verifiably secure, simple, fast.

successstory Security for Diplomacy High Security for Embassy Networks

we secure YOUR network we secure network security English network security

Securing VoIP Networks using graded Protection Levels

Two-Tier Firewall genugate. Robust Security for Networks

ICANWK406A Install, configure and test network security

Company profile secunet Security Networks AG

Secure telephone communications with Voice over IP from Crypto AG

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

High Speed Encryption Made in Germany

Protecting your information

HANDBOOK 8 NETWORK SECURITY Version 1.0

TrustWay: the high security solution

Training courses 2015/2016

WHITE PAPER. Mobile Document Management. with eakte2go*

Accessing and sending data securely across security domains

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Reference Guide for Security in Networks

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Network Security Administrator

CHIS, Inc. Privacy General Guidelines

Unified Communications in a Nutshell. beronet. communication without borders

ICAB5238B Build a highly secure firewall

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

R&S IP-GATE IP gateway for R&S MKS9680 encryption devices

Using Entrust certificates with VPN

Recommended IP Telephony Architecture

Common Criteria Security Target For XenApp 6.0 for Windows Server 2008 R2 Platinum Edition

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

The All-in-One Support Solution. Easy & Secure. Secure Advisor

Cisco Which VPN Solution is Right for You?

Associate in Science Degree in Computer Network Systems Engineering

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

Case Study for Layer 3 Authentication and Encryption

Europol Public Information VACANCY NOTICE

Building integrated services intranets


Product Information = = = sales@te-systems.de phone

Network Services Internet VPN

VS-NUR FÜR DEN DIENSTGEBRAUCH (RESTRICTED)

Information Technology Security Guideline. Network Security Zoning

IT Networking and Security

Versatile remote access. Product white paper

Secure VoIP for optimal business communication

secure For the ultimate in Cyber Defence TRL Technology

Ensuring the security of your mobile business intelligence

White Paper on Consumerisation and BYOD

CH ENSA EC-Council Network Security Administrator Detailed Course Outline

SpiderCloud E-RAN Security Overview

Implementing Deep-Secure guards in NATO Information Exchange Gateways

Huawei One Net Campus Network Solution

Chapter 1 The Principles of Auditing 1

Embedded Virtualization & Cyber Security for Industrial Automation HyperSecured PC-based Control and Operation

Building A Secure Microsoft Exchange Continuity Appliance

Chip PC Thin-Clients Solutions for Remote Home/Business Connectivity Using PPTP ADSL Modem

Building Robust Security Solutions Using Layering And Independence

The Protection Mission a constant endeavor

Why a Reverse Proxy with My Instant Communicator for mobiles??

Out-of-Band Management: the Integrated Approach to Remote IT Infrastructure Management

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Firewall and VPN Investigation on Cloud Computing Performance

A Model-based Methodology for Developing Secure VoIP Systems

Developing Network Security Strategies

SVN5800 Secure Access Gateway

Remote Desktop solutions. CAS genesisworld with Remote Desktop solutions

Using Omnisec 422 and 423 IP Encryptors Over BGAN

Virtual Private Networks

Windows Remote Access

Control scanning, printing and copying effectively with uniflow Version 5. you can

Fundamentals of Network Security Graphic Symbols

Current and Future Research into Network Security Prof. Madjid Merabti

HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK

Cisco Virtual Office Unified Contact Center Architecture

Get Better Protected... Secure data sharing made possible with Updata s Encryption Overlay Service.

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

SCADA SYSTEMS AND SECURITY WHITEPAPER

ISG50 Application Note Version 1.0 June, 2011

Implementing Cisco IOS Network Security v2.0 (IINS)

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

Secure Video- Conferencing using Omnisec

Security Policy Revision Date: 23 April 2009

Embedded Java & Secure Element for high security in IoT systems

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Security Technology: Firewalls and VPNs

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

Secure telephony via classic and IP networks. office security solutions

Transcription:

Intelligent Solutions for the Highest IT Security Requirements

3 Information security from the architects of modern cryptographic systems SINA (Secure Inter-Network Architecture) enables the protected processing, storage, transfer and also a full audit trail of classified information and other sensitive data. The portfolio comprises various SINA clients, gateways, link encryptors, SINA Workflow as well as the SINA Management. All SINA products have successfully been used by with national and international customers for a number of years. The idea for the project originally arose from the demand for secure communication within local networks in the context of the German federal government s move from Bonn to Berlin. Furthermore, there was a general need for encryption tech nology at the Internet Protocol (IP) level for protecting secret material that would be suitable for use in secure communication across wide area networks (WAN). The German Federal Office for Information Security (BSI) outlined the broad concept for SINA towards the end of the 1990s. In December 1999, the BSI awarded secunet Security Networks AG with the development of the SINA product series. The essential idea behind this security architecture is the comprehensive protection of data classified at various levels, both locally and during transfer via open networks. SINA arose from the aspiration to create solutions that were consistent with the exceptional security requirements of national and international ministries, public authorities, the armed forces and private companies entrusted with classified materials. As a security partner of the Federal Republic of Germany, secunet takes these specifications fully into account in designing and manufacturing its product range. Our secure network architecture has made considerable advances over the past decade and has continued to set new standards in the high security market. All SINA products undergo a strict evaluation process conducted by the BSI. Before any product can be approved, all of its components are subjected to thorough and comprehensive testing. SINA products are consequently guaranteed to comply with the highest security standards.

4 Modular system architecture for high security Holistic security SINA s holistically designed architecture makes it the intelligent solution for virtually any requirement in the area of high security; with its sheer range of performance, it is uniquely positioned in the global market. All SINA products comply with the highest reliability standards and are constantly undergoing further development. SINA ensures confidentiality of processing and communication at all national classifi ca tion levels and for every conceivable scenario.

5 Approved by the official authorising body SINA is the only IPsec-based cryptographic system that has been approved for use up to the highest national classification level of STRENG GEHEIM by the ultimate authority in Germany for IT security, the German Federal Office for Information Security (BSI). Furthermore SINA has also obtained approvals at inter national level up to and including NATO SECRET and SECRET UE. SECRET CONFIDENTIAL RESTRICTED

6 Powerful encryption Multilevel Security The decisive advantage of SINA is the processing and storage of differently classified data using a single device. The capacity for strict separation of multiple virtual sessions (Multi-Level Separation) is at the heart of this intelligent IT architecture. Data with different classifications can be used locally, having been cryptographically secured with virtualised operating systems, as well as centrally in server areas protected by SINA Box. All communication with central server or terminal server areas is always secured by means of a VPN (IPsec). Confidentiality anywhere, any time SINA technology can be adapted to specific protection requirements. No matter where you are or what time of day it is, you will always be able to work securely and effectively in your office, at a remote terminal or while you are out and about. SINA provides maximum data security for almost every significant communication channel, including IP telephony (VoIP), video conferencing, satellite links, WLAN and mobile telephony. Your confidential data is safe and secure at all times, wherever you may be. And regardless of how and where you as a public authority or private sector company may wish to communicate. Applications At the top level of the SINA security layers are applications of different levels of classification that are strictly separated from each other. These contain widely available guest operating systems and applications encapsulated in virtual computers (PCs) on the one hand, and thin-client functionalities on the other. IT security functions Numerous highly sophisticated security modules that have been staggered at multiple levels deep in the system (e.g. IPsec encryption, access control, firewall functionality, intrusion protection) guard SINA against external threats. Secure system platform The software foundation of SINA technology is the severely pruned SINA Linux, which has been functionally hardened and intensely evaluated for security. Embedded in the system platform are a Smartcard the cryptographic anchor and the cryptographic file systems. Hardware platform The hardware, which has been dimensioned and configured to conform to classified information approval standards, comes in special design types that offer protection against eavesdropping (TEMPEST) and manipulation, as well as cryptographic modules and appropriate hardening. Furthermore it contains firmware that has been evaluated for security.

7 What makes SINA so powerful? SINA is a holistically sophisticated system technology with security components that work optimally in combination with each other.

00111010101000111101010101010101011010101010111110101 8 Scenarios for use Server areas storing public, military or classified data SINA L3 Boxes SINA Workstation Notebook SINA Terminal SINA Workstation Desktop SINA One Way Firewall Data Processing Center with SINA L2 Link Encryptor LAN Foreign Administrative Office 00111010101000111101010101010101011010101010111110101001010 LAN Public Authority / LAN Enterprise 001110101010001111010101 0011101010100 001110101010001111010101 0011101010100

9 001010111110 00111010101000111101010101010101011 0011101010100011110101010101010101101010101011111 11111010111110101001010 LAN Foreign Operational Region LAN Military 0111101 001110101010001111 0111101 001110101010001111

10 SINA L3 Box SINA L3 Box as a VPN gateway is the central core component in high-security networks. The data that is exchanged between SINA L3 Boxes, or indeed between SINA clients and SINA L3 Boxes, is transmitted securely via so-called cryptographic VPN tunnels. SINA L3 Boxes are used to connect government bodies and private com- pany networks via public connections, e.g. the internet. SINA L3 Boxes additionally serve as cryptographic network access points to permit access by SINA clients to (terminal) server areas. SINA L3 Box has been acknowledged as the standard solution for many years now. Established in complex high-security networks High performance High availability SINA Management in online operation Approval up to and including: STRENG GEHEIM (Germany) NATO SECRET (NATO) SECRET UE (EU) SINA L3 Box S 30M SINA L3 Box S 200M SINA L3 Box S 1G SINA L3 Box S 3G SINA L3 Box H R 200M SDIP 27A (planned for 2013) SINA L3 Box E 400M Zone 1 SINA L3 Box H 200M Zone 1 SINA L3 Box H 200M SDIP 27A

11 SINA Workstation SINA Workstation can be used as both a mobile or stationary crypto-client. SINA Workstation users can work when they need to, using their usual operating environment (e.g. MS Windows), with complete security and convenience, online as well as offline, in the office or on the road. Working in different security zones is made possible by operating multiple guest systems in parallel (e.g. simultaneously in a classified network and the internet). This all-round security concept means that SINA Workstation is able to offer considerably more than a conventional cryptographic device, i.e. Smartcard, VPN, hard drive encryption, interface control or a secure operating system. Guest operating systems such as Linux or MS Windows and all sensitive data are always separately and securely stored in their own cryptographic file systems. Parallel operation of virtualised and separately classified MS Windows or Linux guest systems Mobile, highly secure processing, transfer and storage of sensitive data Consolidating multiple PCs on different classified networks in one single work station Encryption of hard drives and networks Approval up to and including: GEHEIM (Germany) NATO CONFIDENTIAL (NATO) RESTREINT UE (EU) SINA Workstation E Desktop Zone 1 SINA Workstation H Desktop Zone 1 SINA Workstation H Desktop SDIP 27A SINA Workstation H R Notebook Zone 1

12 SINA Terminal SINA Terminal is a crypto-client that does not use a hard drive. It communicates with servers via so-called Remote Desktop Protocols. This exceptionally lean-dimensioned client is just an I/O device for graphics, mouse, keyboard and sound. Data is transferred in encrypted form to the terminal server, where the actual data processing and storing is carried out. Established in complex high security networks Simultaneous processing of classified data in up to six thin client sessions using just one client Work stations with multiple PCs in differently classified networks consolidated in one single thin client Approval up to and including: STRENG GEHEIM (Germany) NATO SECRET (NATO) SECRET UE (EU) SINA Terminal E Desktop Zone 1 SINA Terminal H Desktop Zone 1 SINA Terminal H Desktop SDIP 27A

13 SINA L2 Box The SINA L2 Box series offers components of unprecedented performance for the secure exchange of information in networks at the link level. LAN connections via public links carry the risk of data being read or manipulated by unauthorised persons. SINA L2 Boxees reliably encrypt data without in any way impairing the functioning or performance of the LAN applications. SINA L2 Boxes operate at transmission speeds of up to 10 GBit/s. High data throughput Readily integrated without any alteration to network infrastructure Maintenance-free operation Approval up to and including: VS-NfD (Germany) NATO RESTRICTED (NATO) RESTREINT UE (EU) SINA L2 Box S 1G SINA L2 Box S 10G SINA L2 Box S 100M SINA One Way SINA One Way is a black/red gateway. It consists of a data diode together with a black and a red server. The gateway permits only unidirectional data transfer from a public or low-level source network (classified as black ) to a higher-level destination network (classified as red ). The sys- tem thus facilitates the transfer of public data that has been sourced from the internet into a network classified as SECRET. The uniquely secure functionality of the SINA One Way ensures that no information from a red destination network flows in the opposite direction. Highly secure unidirectional data transfers in classified networks Automatic error correction enables the elimination of a return channel High data throughput Common Criteria EAL 7+ Certification Approval up to and including: GEHEIM (Germany) NATO SECRET (NATO)

14 SINA Workflow Previous registries for classified information only addressed the classic, paper-based classified document world. This meant that, while it was possible to create classified documents by electronic means, it was only possible to collect them in the form of printouts because there were no approved electronic registries for classified information. In addition, there was a lack of a consistent cryptographically supported implementation of the need to know principle in classified information processing. Until now, the market has not offered any solutions that met the requirements of the encryption instructions for classified information. This means that, for example, approval and co-signatory processes (workflows) are almost all implemented through organizational measures. The SINA Workflow system solution ensures a secure, consistent and compliant implementation of specific businesses processes involving classified information. SINA Workflow applies as soon as the data is generated and stays with the process right up to document destruction. This modular system solution also supports the import and export of classified data and is prepared for the exchange of classified data across all domains. SINA Workflow is a network of secure workplaces with SINA Workstations and scalable SINA Workflow servers with integrated electronic registry for classified data. SINA L3 Box SINA Workflow network SINA L3 Box Storage systems SINA Workflow server SINA Workstation

Working closely together, BSI and secunet have performed outstanding development work on SINA and created a highly successful product series. As an official security partner of Germany, we focus our ongoing development activities stringently on the outstanding requirements and current needs of our customers. Dr. Rainer Baumgart, Chairman of the Board secunet Security Networks AG Have we sparked your interest in the SINA product range? Would you like to find out more about our high-security solutions? We will be very happy to advise you on how your public authority or private company can make best use of our products. Give us a call at any time. We will be delighted to arrange a personal consultation.

secunet Security Networks AG Kronprinzenstraße 30 45128 Essen, Germany Phone: +49-201-5454-0 Fax: +49-201-5454-1000 SINA-Sales-HoSi@secunet.com www.secunet.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information