Intelligent Solutions for the Highest IT Security Demands

Similar documents
Intelligent Solutions for the Highest IT Security Requirements

Technology for data security on the move

L2 Box. Layer 2 Network encryption Verifiably secure, simple, fast.

successstory Security for Diplomacy High Security for Embassy Networks

we secure YOUR network we secure network security English network security

Securing VoIP Networks using graded Protection Levels

Two-Tier Firewall genugate. Robust Security for Networks

TrustWay: the high security solution

Secure telephone communications with Voice over IP from Crypto AG

HANDBOOK 8 NETWORK SECURITY Version 1.0

High Speed Encryption Made in Germany

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Company profile secunet Security Networks AG

ICANWK406A Install, configure and test network security

Seamless ICT Infrastructure Security.

Unified Communications in a Nutshell. beronet. communication without borders

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Training courses 2015/2016

Accessing and sending data securely across security domains

WHITE PAPER. Mobile Document Management. with eakte2go*

R&S IP-GATE IP gateway for R&S MKS9680 encryption devices

Virtual Private Networks

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Huawei One Net Campus Network Solution

Protecting your information

Network System Design Lesson Objectives

ARCHITECTING HIGH-SECURITY SYSTEMS FOR MULTILATERAL COOPERATION

Security Policy Revision Date: 23 April 2009

A Model-based Methodology for Developing Secure VoIP Systems

Building integrated services intranets

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

Reference Guide for Security in Networks

Secure VoIP for optimal business communication

IT Architecture FOR DUMHIE5* by Kalani Kirk Hausman. and Susan L. Cook WILEY. Wiley Publishing/ Inc.

Network Services Internet VPN

Building Robust Security Solutions Using Layering And Independence

Product Information = = = sales@te-systems.de phone

How To Protect Your Data From Harm With Safenet

Recommended IP Telephony Architecture

ISG50 Application Note Version 1.0 June, 2011

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Best Practices: The Key Things You Need to Know Now About Secure Networking Layer 1 (SONET), Layer 2 (ATM), and Layer 3 (IP) Encryption Technologies

ICAB5238B Build a highly secure firewall

Trainings Version 2011

Firewall and VPN Investigation on Cloud Computing Performance

CompuMobile. Technical whitepaper Mobile Encryption. English

The All-in-One Support Solution. Easy & Secure. Secure Advisor

Rohde & Schwarz R&S SITLine ETH VLAN Encryption Device Functionality & Performance Tests

SpiderCloud E-RAN Security Overview

Implementing Deep-Secure guards in NATO Information Exchange Gateways

SCADA SYSTEMS AND SECURITY WHITEPAPER

Cisco Which VPN Solution is Right for You?

LCOS 9.10 Feature Notes

Building A Secure Microsoft Exchange Continuity Appliance

Case Study for Layer 3 Authentication and Encryption

OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border

Best Solutions for Biometrics and eid

Common Criteria Security Target For XenApp 6.0 for Windows Server 2008 R2 Platinum Edition

VMware View 4 with PCoIP I N F O R M AT I O N G U I D E

Why a Reverse Proxy with My Instant Communicator for mobiles??

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

SVN5800 Secure Access Gateway

Information Technology Security Guideline. Network Security Zoning

Local-Area Network -LAN

Developing Network Security Strategies

Huawei esight Brief Product Brochure

R&S MKS9680 Modular Encryption Device Secure voice, fax and data transmission

Windows in a Browser Secure Remote Access with HOB RD VPN

HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK

SSL VPN vs. IPSec VPN

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

Secure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity

Europol Public Information VACANCY NOTICE

secure For the ultimate in Cyber Defence TRL Technology

Out-of-Band Management: the Integrated Approach to Remote IT Infrastructure Management

Cornerstones of Security

Security Technology: Firewalls and VPNs

Secure Video- Conferencing using Omnisec

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

A Web Broker Architecture for Remote Access A simple and cost-effective way to remotely maintain and service industrial machinery worldwide

Technical papers Virtual private networks

Secure telephony via classic and IP networks. office security solutions

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0

Using Entrust certificates with VPN

IT service for life science

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

VS-NUR FÜR DEN DIENSTGEBRAUCH (RESTRICTED)

OCR LEVEL 3 CAMBRIDGE TECHNICAL

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Decision on adequate information system management. (Official Gazette 37/2010)

Remote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6

ADM:49 DPS POLICY MANUAL Page 1 of 5

Ingate Firewall/SIParator SIP Security for the Enterprise

Ensuring the security of your mobile business intelligence

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security


6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Transcription:

Intelligent Solutions for the Highest IT Security Demands

3 Information security from the architects of modern cryptographic systems SINA (Secure Inter-Network Architecture) enables the protected processing, storage, transfer and soon also a full audit trail of classified information and other sensitive data. The portfolio comprises various SINA clients, gateways and link encryptors as well as the SINA Management. All SINA products have successfully been in service with national and international customers over a number of years. The idea for the project originally arose from the demand for secure communication within local networks in the context of the German federal government s move from Bonn to Berlin. Furthermore, there was a general need for encryption tech nology at Internet Protocol (IP) level for protecting secret material that would be suitable for use in secure communication across wide area networks (WAN). The German Federal Office for Information Security (BSI) outlined the broad concept for SINA towards the end of the 1990s. In December 1999, the BSI awarded secunet Security Networks AG with the development of the SINA product series. The essential idea behind this security architecture is the comprehensive protection of data classified at various levels, both locally and during transfer via open networks. SINA arose from the aspiration to create solutions that were consistent with the exceptional security requirements of national and international ministries, public authorities, the armed forces and private companies entrusted with classified materials. As a security partner of the Federal Republic of Germany, secunet takes these specifications fully into account in designing and manufacturing its product range. Our secure network architecture has made considerable advances over the past decade and has continued to set new standards in the high security market. All SINA products undergo a strict evaluation process conducted by the BSI. Before any product can be approved, all of its components are subjected to thorough and comprehensive testing. SINA products are consequently guaranteed to comply with the highest security standards.

4 5 Modular system architecture for high security Holistic security SINA s holistically designed architecture makes it the intelligent solution for virtually all requirements in the area of high security; with its sheer range of performance, it is uniquely positioned in the global market. All SINA products comply with the highest reliability standards and are constantly undergoing further development. SINA ensures confidentiality of processing and communication at all national classifi ca tion levels and for all conceivable scenarios. Approved by the official authorising body SINA is the only IPsec-based cryptographic system that has been approved for use up to the highest national classification level of STRENG GEHEIM by the ultimate authority in Germany for IT security, the German Federal Office for Information Security (BSI). Furthermore SINA has also obtained approvals at international level up to and including NATO SECRET and SECRET UE. SECRET CONFIDENTIAL RESTRICTED

6 7 Powerful encryption What makes SINA so powerful? Multiple levels of security The decisive advantage of SINA is the processing and storage of differently classified data by a single device. The capacity for strict separation of multiple virtual sessions (Multi-Level Separation) is at the heart of this intelligent IT architecture. Data with different classifications can be used locally, having been cryptographically secured with virtualised operating systems, as well as centrally in server areas protected by SINA Box. All communication with central server or terminal server areas is always secured by means of a VPN (IPsec). Confidentiality anywhere, any time SINA technology is adaptable to individual requirements for protection. No matter where you may be or what time of day it is, you will always be able to work securely and effectively. In your office, at a remote terminal or while you are out and about. SINA provides maximum data security for almost all important communication channels, including IP telephony (VoIP), video conferencing, satellite links, WLAN and mobile telephony. Your confidential data is safe and secure at all times, wherever you may be. And regardless of how and where you as a public authority or private sector company may wish to communicate. Applications At the top level of the SINA security layers are applications of varied classification that are strictly separated from each other. These contain widely available guest operating systems and applications encapsulated in virtual computers (PCs) on the one hand, and terminal-client functionalities on the other. IT security functions Numerous highly sophisticated security modules that have been staggered at multiple levels deep in the system (e.g. IPsec encryption, access control, firewall functionality, intrusion protection) guard SINA against external threats. Secure system platform The software foundation of SINA technology is the severely pruned SINA Linux, which has been functionally hardened and intensely evaluated for security. Embedded in the system platform are a Smartcard as its cryptographic anchor and the cryptographic file systems. SINA is a holistically sophisticated system technology with security components that work optimally in combination with each other. Hardware platform The hardware, which has been dimensioned and configured to conform to classified information approval standard, comes in special design types that offer protection against eavesdropping (TEMPEST) and manipulation, as well as cryptographic modules and appropriate hardening. It further contains firmware that has been evaluated for security.

8 9 Scenarios for use SINA Box Server areas which stores public, military or classified data 00111010101000111101010101010101011010101010111110101001010111110 00111010101000111101010101010101011 SINA Virtual Workstation Notebook SINA Thin Client SINA Virtual Workstation Desktop SINA One Way Gateway 2 Firewall Data Processing Center with SINA L2 Link Encryptor LAN Foreign Administrative Office 0011101010100011110101010101010101101010101011111010100101011111010111110101001010 0011101010100011110101010101010101101010101011111 LAN Foreign Operational Region LAN Public Authority / LAN Enterprise LAN Military 001110101010001111010101 00111010101000111101 001110101010001111 001110101010001111010101 00111010101000111101 001110101010001111

10 11 SINA Box SINA Virtual Workstation SINA Box as a VPN gateway is the central core component in high-security networks. The data that is exchanged between SINA Boxes, or indeed between SINA clients and SINA Boxes, is transmitted securely via socalled cryptographic VPN tunnels. SINA Boxes are used to connect government bodies and private company networks via public connections, e.g. the internet. SINA Boxes additionally serve as cryptographic network access points to permit access by SINA clients to (terminal-) server areas. SINA Box has been acknowledged as the standard solution for many years now. SINA Virtual Workstation (SINA VW) can be used as both a mobile or stationary client. SINA VW users can work anytime securely and conveniently in their familiar operating environment (e.g. MS Windows) online as well as offline, at the office or on the way. Working in different security zones is made possible by the parallel operation of multiple guest systems (e.g. simultaneously in a classified network and the Internet). This all-round security concept means that SINA VW is able to offer considerably more than a conventional cryptographic device, i.e. Smartcard, VPN, hard drive encryption, interface control and a secure operating system. Guest operating systems such as Linux or MS Windows and all sensitive data are always separately and securely stored in their own cryptographic file systems. n Established in complex high-security networks n High performance n High availability n Parallel operation of virtualised and separately classified MS Windows or Linux guest systems SINA Box 1 HE n SINA Management in online operation n Mobile, highly secure processing, transfer and storage of sensitive data STRENG GEHEIM (Germany) NATO SECRET (NATO) SECRET UE (EU) SINA Virtual Workstation ThinkPad T410 n Consolidating multiple PCs of different classified networks in one single work station n Encryption of hard drives and networks GEHEIM (Germany) NATO CONFIDENTIAL (NATO) RESTREINT UE (EU) SINA Box 1000 SINA Box B 3G SINA Virtual Workstation Desktop SDIP 27A SINA Virtual Workstation Desktop Zone 1 SINA Virtual Workstation S Rocky III+ SINA Box H/P SDIP 27A SINA Box H IP 54 SINA Box 2 SDIP 27A

12 13 SINA Thin Client SINA L2 SINA Thin Client is a client that does not use a hard drive. It communicates with servers via so-called Remote Desktop Protocols. This exceptionally lean-dimensioned client is just an I/O-Device for graphics, mouse, keyboard and sound. Data is transferred encrypted to the terminal server, which then process the original data processing and saving. The SINA L2 link encryption series offers components of unprecedented performance for the secure exchange of information in networks on link layer. LAN connections via public links carry the risk of data being read or manipulated by unauthorised persons. SINA L2 reliably encrypts data without impairing in any way the functioning or performance of the LAN applications. SINA L2 operates at transmission speeds of up to 10 GBit/s. n High data throughput n Readily integrated without any alteration to network infrastructure n Established in complex high security networks SINA L2 10000 n Maintenance-free operation SINA Thin Client n Simultaneous processing of classified data in up to six thin client sessions with just one client n Consolidating of work stations with multiple PCs of different classified networks in one single thin client VS-NfD (Germany) NATO RESTRICTED (NATO) RESTREINT UE (EU) SINA L2 1000 SINA L2 100 STRENG GEHEIM (Germany) NATO SECRET (NATO) SECRET UE (EU) SINA One Way Gateway 2 SINA One Way Gateway 2 is a black/red gateway. It consists of a data diode together with a black and a red server. The gateway permits only unidirectional data transfer from a public or low-level source network (classified as black ) to a higherlevel destination network (classified as red ). The system thus facilitates the transfer of public data that has been sourced from the internet into a network classified as SECRET. The uniquely secure functionality of the SINA One Way Gateway 2 ensures that no information from a red destination network flows in the opposite direction. SINA Thin Client SDIP 27A n Highly secure unidirectional data transfers in classified networks n Automatic error correction allows the abandonment of a return channel SINA One Way Gateway 2 n High data throughput n Common Criteria EAL 7+ Certification GEHEIM (Germany) NATO SECRET (NATO)

14 SINA CORE advances to a new dimension In the ten years or so that SINA has been in development, we have supplied more than 26,000 SINA components to our customers. Almost 9,000 systems have been equipped with PEPP encryption technology based on the Pluto chip. In 2011, we will be incorporating SINA CORE a new technology that is cryptographically interoperable with PEPP into all relevant SINA products. The performance of the whole SINA product family will be significantly boosted by this new development. What are the functional and operational benefits of this new encryption technology? SINA CORE is n more flexible:» New cryptoalgorithms can be loaded in the field.» Instead of just one class of device (e.g. H/P), three classes can now be supported on one SINA CORE module.» The encryption modules are enabled for online updating in respect of cryptographic device classes, algorithms and parameters. n more compact:» The compact design of the SINA CORE modules with integrated optical network card facilitates significantly smaller hardware platforms. Working closely together, BSI and secunet have performed outstanding development work on SINA and created a highly successful product series. As an official security partner of Germany, we focus our ongoing development activities stringently on the outstanding requirements and current needs of our customers. Dr. Rainer Baumgart, Chairman of the Board secunet Security Networks AG n more powerful:» Boosting approx 180 MBit/s, the new SINA Box H performs significantly better.» Security connections with other SINA components can be established more than ten times as fast. n more robust:» We have incorporated our extensive experience of military application to make a product that is now suitable for use in more tough environments. Obviously, we intend to continue providing servicing and product care for our existing PEPP technology. Have we sparked your interest in the SINA product range, and would you like to find out more about our high-security solutions? We will be very happy to advise you on how your public authority or private company can best use our products. Give us a call any time. We will be delighted to arrange a personal consultation. SINA CORE 100 Fx SIMO SINA CORE M100R with token

secunet Security Networks AG Kronprinzenstraße 30 45128 Essen, Germany Phone: +49-201-5454-0 Fax: +49-201-5454-1000 SINA-Sales-HoSi@secunet.com www.secunet.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information