Using Omnisec 422 and 423 IP Encryptors Over BGAN



Similar documents
Secure Video- Conferencing using Omnisec

Using the Omnisec 525 fax encryptor over BGAN

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Using the PacStar 3500 over BGAN

Using a Firewall General Configuration Guide

Secure Network Design: Designing a DMZ & VPN

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Servicom G.R.I.P. Enabling Global Push-to-Talk over BGAN and Fleet Broadband Version

Secure Access Solutions for the Petroleum Industry. Secure. Easy. Protected. Access.

Introduction. Technology background

Using IPsec VPN to provide communication between offices

ICANWK406A Install, configure and test network security

Using IP VPN encryption solutions from Crypto AG over BGAN

Secure Network Access Solutions for Banks and Financial Institutions. Secure. Easy. Protected. Access.

Cornerstones of Security

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services

IPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. 1

Using the Nikon D2H WiFi camera over BGAN

Cisco Cisco 3845 X X X X X X X X X X X X X X X X X X

IP-VPN Architecture and Implementation O. Satty Joshua 13 December Abstract

Integrated Services Router with the "AIM-VPN/SSL" Module

ICAB5238B Build a highly secure firewall

Virtual Privacy vs. Real Security

Troubleshooting BGAN

November Defining the Value of MPLS VPNs

Steelcape Product Overview and Functional Description

Using DigiGone Sat-Chat over BGAN. Secure Video, VoIP, IM Chat and File Transfer Version 01

Avaya TM G700 Media Gateway Security. White Paper

SCADA SYSTEMS AND SECURITY WHITEPAPER

- Introduction to PIX/ASA Firewalls -

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

IPCOM S Series Functions Overview

Protecting your information

High Performance VPN Solutions Over Satellite Networks

VPN. Date: 4/15/2004 By: Heena Patel

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

CCNA Security 1.1 Instructional Resource

Integrated Services Router with the "AIM-VPN/SSL" Module

The Hybrid Enterprise. Enhance network performance and build your hybrid WAN

WAN Traffic Management with PowerLink Pro100

Firewalls. Outlines: By: Arash Habibi Lashkari July Network Security 06

Network Services Internet VPN

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper

Network Security Topologies. Chapter 11

HughesNet High Availability VPN

Technical papers Virtual private networks

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Radio Over IP (RoIP)

NEN Community REANNZ. Design Statement: NEN Edge Device

Optimizing Networks for NASPI

Professional Mobile radio. NEXIUM Wireless Mission-Critical LTE

Virtual Private Networks (VPN) Connectivity and Management Policy

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

A Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform

Firewalls, Tunnels, and Network Intrusion Detection

Enterprise VPNs: Choose Performance, Reliability, and Low Cost

Installing the Broadband Global Area Network (BGAN) Fixed Mount Kit

Efficient use of limited bandwidth and assuring response for mission-critical applications

Using Rsync for NAS-to-NAS Backups

WAN Failover Scenarios Using Digi Wireless WAN Routers

Secure, Remote Access for IT Infrastructure Management

EXPLORER. TFT Filter CONFIGURATION

Avaya G700 Media Gateway Security - Issue 1.0

Optimal Network Connectivity Reliable Network Access Flexible Network Management

NEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service

Cisco Mobile Network Solutions for Commercial Transit Agencies

8 Steps for Network Security Protection

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

8 Steps For Network Security Protection

iphone in Business Security Overview

ipad in Business Security

Cisco Integrated Services Routers Performance Overview

Wireless Encryption Protection

we secure YOUR network we secure network security English network security

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

Level 1 Technical Firewall Traversal & Security. Level 1 Technical. Firewall Traversal & Security. V3 Page 1 of 15

White Paper: Broadband Bonding with Truffle PART I - Single Office Setups

Using Innominate mguard over BGAN

ISG50 Application Note Version 1.0 June, 2011

Securing VoIP Networks using graded Protection Levels

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

secure For the ultimate in Cyber Defence TRL Technology

DMP Network Monitoring

Cisco SR 520-T1 Secure Router

Frequently Asked Questions

L2 Box. Layer 2 Network encryption Verifiably secure, simple, fast.

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Configuring a Lan-to-Lan VPN with Overlapping Subnets with Juniper NetScreen/ISG/SSG Products

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

Technical Support Information

CONNECT PROTECT SECURE. Communication, Networking and Security Solutions for Defense

How To Secure An Rsa Authentication Agent

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Cisco Which VPN Solution is Right for You?

MIP 5000 VoIP Radio Console VPN Solution Guide

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

ETHERNET WAN ENCRYPTION SOLUTIONS COMPARED

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Transcription:

Using Omnisec 422 and 423 IP Encryptors Over BGAN Version 02 29 th December 2009

Contents 1 Overview 1 2 Benefits to BGAN Users 1 3 Possible Application Scenarios 1 4 Typical Users 1 5 Product Range 1 6 Omnisec IP-based VPN over BGAN 2 7 Omnicrypt TM Security Architecture 3 7.1 Key and Network Management 3 7.2 Security Modules 3 7.3 Cryptography 3 8 Special BGAN Considerations 3 9 Required Equipment 4 10 Setting up an Omnisec IP VPN Connection via BGAN 4 11 Further Details and Support 5

1 Overview Satellite communications can be intercepted from almost anywhere. For this reason, protecting one s information against eavesdropping and intrusion is of paramount importance in such scenarios. In particular, users want the assurance that their site-to-site communications via the Internet are entirely secure. In addition, a single satellite connection should allow any IP application on the client computer to communicate securely across the corporate network. 2 Benefits to BGAN Users The Omnisec IP-based VPN offers the following benefits to BGAN users: A security solution built on Swiss-made IP Encryptors and convenient-to-use portable Security Modules, which provides maximum protection for all kinds of IP-based traffic over Inmarsat BGAN and the Internet Strong user authentication and proprietary 256-bit symmetric key encryption assures total confidentiality and guaranteed integrity of all data traffic from any IP-based application. 3 Possible Application Scenarios Secure e-mail or Intranet applications (HTML, FTP, Java, ) Secure fleet management Secure company-wide information management Secure videoconferencing or voice-over-ip 4 Typical Users Government agencies, such as Military and defense personnel Police and security forces Oil, gas, and mining organizations Large banking, financial, and multinational corporations 5 Product Range 1

Omnisec s family of IP Encryptors together constitute the Omnisec IP-based VPN a reliable Virtual Private Network solution offering the highest level of security. The Omnisec IP-based VPN establishes extremely secure site-to site communications for the exchange of e-mails, files, data, and voice over a corporate IP-based network or the Internet. Route-based VPN maximizes throughput by supporting redundant VPN communication paths with dynamic fallback mechanisms (VPN re-routing, relays) and load-sharing. Omnisec s high-quality devices integrate easily into existing networks including third-party products (e.g. firewalls, virus checkers, intrusion detectors), and provide appropriate scalability to ensure the desired performance. The IP Encryptor Omnisec 423 is a 19 rack-mountable device. Its acceleration hardware provides the necessary performance for deployment in major sites such as a headquarters. For lower-performance applications, the complementary Omnisec 422 is the choice. Single-system branches or mobile users can be securely connected using the IP Encryptor Omnisec 421. Please refer also to the solution sheet Using Omnisec 421 IP VPN Clients Over BGAN. 6 Omnisec IP-based VPN over BGAN Remote or mobile sites equipped with a BGAN terminal establish an encrypted satellite connection to an Inmarsat Ground Station. From there the secure communication continues via the Internet to other corporate sites, each equipped with a compatible IP Encryptor, Omnisec 422 or Omnisec 423. Any application within the headquarters network can thus be accessed remotely via satellite. 2

The headquarters typically also houses the Key Management Center (for generating the secret Master Keys and programming the Security Modules), and the firewall-protected Network Management Center (for configuring and monitoring all IP Encryptors in the network). 7 Omnicrypt TM Security Architecture The multi-barrier Omnicrypt TM Security Architecture, OSA, raises IP encryption to the highest level of security. The strength of OSA is based among other things on the following fundamental security building blocks: 7.1 Key and Network Management Secret bilateral Master Keys are generated either by means of the Built-in Key Equipment (BIKE) utility within the IP Encryptor Omnisec 422 or Omnisec 423 (for small networks), or by the Key Management Center application, Omnisec 711, in conjunction with the Security Module Programmer Omnisec 704 (for networks of any size). Efficient and flexible Network Management is assured by the Network Management Center, Omnisec 731, a decentralized client-server application. All network traffic is encrypted using short-lived symmetric 256-bit Session Keys, derived from the secret Master Keys. 7.2 Security Modules All the secret information required for encryption and decryption is safely contained in a proprietary Security Module (SM), which is mechanically locked into the IP Encryptor. The integrated microprocessor within the SM controls an electronic data store, which is protected both against read-out and tampering. 7.3 Cryptography The 256-bit symmetric encryption algorithms developed by Omnisec offer unsurpassed levels of security. 8 Special BGAN Considerations It is recommended to change the client computer s MTU size to a maximum of 1300 bytes in order to avoid network congestion within the satellite network. The reason to do so lies in the IP overhead added by the encryption process (up to 86 bytes per packet). Best performance is achieved when this setting is not only applied on the client end but also at the HQ site. Note: The MTU Size is set on the Omnisec Virtual Adapter Property Dialog under Ethernet Settings. When the MTU Size is set, any Path MTU Discovery features in the network devices can be turned off. This will stop the devices from checking the network for the best MTU size. Note: In Windows, the Path MTU Discovery is turned off (0 = false) by altering the value of the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDis covery. 3

9 Required Equipment Typical example: At least one IP Encryptor, Omnisec 422 or Omnisec 423, at the headquarters site (including one programmed Security Module per unit) At least one Omnisec 422 for the remote site (including a programmed Security Module) Key Management Center Omnisec 711 with SM Programmer Omnisec 704 (or BIKE utility for small networks) and two Network Security Modules (N-SMs) Network Management Center Omnisec 731, Omnisec 731 Firewall, two programmed Configuration Security Modules (C-SMs), and one programmed Personal Security Module (P-SM) BGAN terminal: Thrane & Thrane Explorer 500, or Explorer 700, or Hughes HNS 9201 with terminal adapter BGAN SIM card from the local Inmarsat service provider Videoconferencing system (if required). 10 Setting up an Omnisec IP VPN Connection via BGAN After initial programming of the Security Modules, proceed as follows to set up a BGAN connection with the IP Encryptors Omnisec 422 and 423. Start up Inmarsat LaunchPad to configure the BGAN terminal to register with the satellite network (for further assistance please consult the terminal s user guide) Check IP connectivity over the BGAN terminals by browsing a known website (e.g. www.omnisec.ch) Integrate the IP Encryptor in your network Use Ethernet cables to connect PORT 0 (Trusted) of your Omnisec 422 to the computer or in-house router and PORT 1 (Untrusted) via an Ethernet cable to the RJ-45 port of the BGAN terminal Insert the programmed E-SM into SM slot A (with help of the KESO key) Log in to the IP Encryptor as Configuration Manager with the appropriate PIN Work through the menu Connect to Management Center, setting the necessary IP parameters; the IP Encryptor is now ready to be finally configured from the Network Management Center Omnisec 731 Omnisec IP-VPN tunnels will be established from the remote LAN across the satellite link to the trusted corporate network, enabling the use of any IP-based application. 4

11 Further Details and Support Inmarsat Contact: E-mail: customer_care@inmarsat.com Omnisec AG Contact: E-mail: bgan@omnisec.ch Web: www.omnisec.ch/421 Postal address: Rietstrasse 14 CH-8108 Dällikon Switzerland Phone: +41 44 847 67 11 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information