Secure Video- Conferencing using Omnisec

Similar documents
Using Omnisec 422 and 423 IP Encryptors Over BGAN

Using the Omnisec 525 fax encryptor over BGAN

Using the PacStar 3500 over BGAN

Security and the Mitel Teleworker Solution

EXPLORER. TFT Filter CONFIGURATION

successstory Security for Diplomacy High Security for Embassy Networks

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Using DigiGone Sat-Chat over BGAN. Secure Video, VoIP, IM Chat and File Transfer Version 01

Using IP VPN encryption solutions from Crypto AG over BGAN

Deploying Secure Enterprise Wide IP Videoconferencing Across Virtual Private Networks

Video Conferencing over BGAN

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

R&S MKS9680 Modular Encryption Device Secure voice, fax and data transmission

Preparing Your IP network for High Definition Video Conferencing

Secure VoIP for optimal business communication

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Protecting your information

Troubleshooting BGAN

AT&T Connect Video Conferencing Functional and Architectural Overview. v9.5 October 2012

R&S IP-GATE IP gateway for R&S MKS9680 encryption devices

Security and the Mitel Networks Teleworker Solution (6010) Mitel Networks White Paper

Preparing Your IP Network for High Definition Video Conferencing

EXPLORER 100/110 Connecting to PC via USB

Servicom G.R.I.P. Enabling Global Push-to-Talk over BGAN and Fleet Broadband Version

CONNECT PROTECT SECURE. Communication, Networking and Security Solutions for Defense

Using Innominate mguard over BGAN

L2 Box. Layer 2 Network encryption Verifiably secure, simple, fast.

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

Radio Over IP (RoIP)

Using a Firewall General Configuration Guide

IP videoconferencing solution with ProCurve switches and Tandberg terminals

ReadyNAS Remote White Paper. NETGEAR May 2010

Wireless Encryption Protection

Applications that Benefit from IPv6

TLS and SRTP for Skype Connect. Technical Datasheet

R&S IP-GATE IP gateway for ISDN encryption devices

Internet and Intranet Calling with Polycom PVX 8.0.1

CCNA Security 1.1 Instructional Resource

IOCOM Whitepaper: Connecting to Third Party Organizations

Cisco Networks (ONT) 2006 Cisco Systems, Inc. All rights reserved.

Securing VoIP Networks using graded Protection Levels

Computer System Management: Hosting Servers, Miscellaneous

Assessing Telehealth Operational and Technology Security Risks to Privacy

Introduction to Security and PIX Firewall

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

SwiftBroadband and IP data connections

Cisco Integrated Services Routers Performance Overview

Secure telephony via classic and IP networks. office security solutions

TECHNICAL CHALLENGES OF VoIP BYPASS

Network Simulation Traffic, Paths and Impairment

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Using Zistos PNSC over BGAN

Introduction to

Managing Central Monitoring in Distributed Systems

CARRIER MPLS VPN September 2014

secure For the ultimate in Cyber Defence TRL Technology

SCADA. Supervisory Control and Data Acquisition. How to monitor and control your business operation in the most cost-effective way.

IPCOM S Series Functions Overview

Level 1 Technical Firewall Traversal & Security. Level 1 Technical. Firewall Traversal & Security. V3 Page 1 of 15

Observer Analysis Advantages

TANDBERG s Embedded MCU

CTS2134 Introduction to Networking. Module 07: Wide Area Networks

Librestream Onsight Mobile Collaboration with BGAN. Delivering high quality video and audio from the field over BGAN Version 1.0

DOMINO Broadband Bonding Network

Tunnel Routing. Preface. Challenge

Marratech Technology Whitepaper

Using GlobeCast Content Exchange over BGAN

White Paper. Traversing Firewalls with Video over IP: Issues and Solutions

High speed Ethernet WAN: Is encryption compromising your network?

SafeNet Network Encryption Solutions Safenet High-Speed Network Encryptors Combine the Highest Performance With the Easiest Integration and

Truffle Broadband Bonding Network Appliance

Secure Network Access Solutions for Banks and Financial Institutions. Secure. Easy. Protected. Access.

Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.

ETHERNET WAN ENCRYPTION SOLUTIONS COMPARED

CHAPTER 1 INTRODUCTION

CONNECTING TO LYNC/SKYPE FOR BUSINESS OVER THE INTERNET NETWORK PREP GUIDE

November Defining the Value of MPLS VPNs

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

EVALUATING NETWORKING TECHNOLOGIES

Network Considerations for IP Video

NATIONAL RESEARCH AGENCY CASE STUDY - CCTV NETWORK SERVICES

Across China: The State Information Center s Nationwide Voice-over-IP Network

Video Conferencing and Security

Smart Solutions for Network IP Migration

White Paper: Broadband Bonding with Truffle PART I - Single Office Setups

Intelligent Solutions for the Highest IT Security Requirements

How To Use Inmarsat M2M On A Sim Card

Virtual Privacy vs. Real Security

SAN/iQ Remote Copy Networking Requirements OPEN iscsi SANs 1

Efficient use of limited bandwidth and assuring response for mission-critical applications

Migration from TDM to IP in Public Safety Environments: The Challenge for Voice Recording

TraceSim 3.0: Advanced Measurement Functionality. of Video over IP Traffic

Secured Voice over VPN Tunnel and QoS. Feature Paper

Best Practices for Securing IP Telephony

Using the Nikon D2H WiFi camera over BGAN

VIDEOCONFERENCE. 1 Introduction. Service Description Videoconferece

How To Deliver High Quality Telephony Over A Network

The Hybrid Enterprise. Enhance network performance and build your hybrid WAN

Intelligent Solutions for the Highest IT Security Demands

Transcription:

Secure Video- Conferencing using Omnisec Version 01 27 th December 2009

Contents 1 Introduction 1 2 Benefits to BGAN Users 1 3 Typical Users 1 3.1 Omnisec IP Encryptor Family Products 1 3.2 Videoconferencing Scenario Over BGAN 2 4 Omnicrypt TM Security Architecture 3 4.1 Key and Network Management 3 4.2 Security Modules 3 4.3 Cryptography 3 5 Special BGAN Considerations 3 5.1 Quality of Service for Real-Time Applications 3 5.2 MTU Setting 3 5.3 Handling of the Security Module 4 6 Required Equipment 4 7 Further Details and Support 4

1 Introduction Satellite communications can be intercepted from almost anywhere. For this reason, protecting one s information against eavesdropping and intrusion is of paramount importance in such scenarios. Videoconferencing as an application, especially from remote or mobile locations connected via satellite, stands or falls on the ability to ensure that the communication via the Internet is entirely secure. 2 Benefits to BGAN Users The Omnisec IP Encryptor Family products form a secure IP-based VPN, offering the following benefits to BGAN users: A security solution built on Swiss-made IP Encryptors and convenient-to-use portable Security Modules, which provides maximum protection for worldwide communications over Inmarsat BGAN and over the Internet Remote or mobile users wherever in the world they may be are able to participate in a totally secure videoconference Strong user authentication and proprietary 256-bit symmetric key encryption assures total confidentiality and guaranteed integrity of all data traffic from any IP-based application. 3 Typical Users Traveling government agents Mobile military and defense personnel Police and security forces Oil, gas, and mining organizations Traveling private decision-makers of banking, financial, and multinational corporations.technical Details 3.1 Omnisec IP Encryptor Family Products Omnisec s family of IP Encryptors together constitute the Omnisec IP-based VPN a reliable Virtual Private Network solution offering the highest level of security. The Omnisec IP-based VPN establishes extremely secure site-to site communications, ideal for videoconferencing within a corporate IP-based network or via the Internet. 1

3.2 Videoconferencing Scenario Over BGAN The sample application scenario illustrated below shows how a mobile user or a remote site can use BGAN s streaming IP service at 256 kbit/s over the BGAN network and then over two ISDN connections, MLPS, EVPN or the Internet to the corporate headquarters. The bandwidth of the leased line connection to headquarters needs to correspond to the numbers of BGAN users working with streaming IP. Such a scenario can be altered to be used for secure video conferencing or voice-over-ip. A mobile user or remote site with a BGAN terminal makes an encrypted satellite connection to an Inmarsat Ground Station. From there the secure communication continues via the Internet to the corporate headquarters site, which is equipped with one of the other members of the IP Encryptor family, Omnisec 422 or Omnisec 423. A videoconferencing application establishes the secure decentralized meeting. The headquarters typically also houses the Key Management Center (for generating the secret Master Keys and programming the Security Modules), and the firewall-protected Network Management Center (for configuring and monitoring all IP Encryptors in the network). 2

4 Omnicrypt TM Security Architecture The multi-barrier Omnicrypt TM Security Architecture, OSA, raises IP encryption to the highest level of security. The strength of OSA is based among other things on the following fundamental security building blocks: 4.1 Key and Network Management Secret bilateral Master Keys are generated either by means of the Built-in Key Equipment (BIKE) utility within the IP Encryptor Omnisec 422 or Omnisec 423 (for small networks), or by the Key Management Center application, Omnisec 711, in conjunction with the Security Module Programmer Omnisec 704 (for networks of any size). Efficient and flexible Network Management is assured by the Network Management Center, Omnisec 731, a decentralized client-server application. All network traffic is encrypted using short-lived symmetric 256-bit Session Keys, derived from the secret Master Keys. 4.2 Security Modules All the secret information required for encryption and decryption is safely contained in a convenient, portable Security Module (SM). The integrated microprocessor within the SM controls an electronic data store, which is protected both against read-out and tampering. 4.3 Cryptography The 256-bit symmetric encryption algorithms developed by Omnisec offer unsurpassed levels of security. 5 Special BGAN Considerations 5.1 Quality of Service for Real-Time Applications Real-time applications (voice, video, ) normally require a minimum bandwidth and work with small UDP packets. Inmarsat offers a guaranteed IP streaming service over BGAN from the end user terminal to the Internet POP (Point of Presence). In order to maintain the required guaranteed speed from the Inmarsat core network to the headquarters site, it is recommended to use leasedline services (ISDN, MPLS, ) from a worldwide operation provider. The required leased-line bandwidth depends on the concurrent use of the provided bandwidth by multiple BGAN mobile users. Best results are achieved by limiting the application to work in 128 kbit/s streaming mode. Such a setup will work perfectly over a standard IP connection. QoS support requires a streaming 256 kbit/s connection. 5.2 MTU Setting Consider changing your client computer s MTU size to a maximum of 1300 bytes in order to avoid network congestion within the satellite network. The reason to do so lies in the IP overhead added by the encryption process (up to 86 bytes per packet). Best performance is achieved when this setting is not only applied on the client end but also at the HQ site. Note: The MTU Size is set on the Omnisec Virtual Adapter Property Dialog under Ethernet Settings. 3

When the MTU Size is set, any Path MTU Discovery features in the network devices can be turned off. This will stop the devices from checking the network for the best MTU size. Note: In Windows, the Path MTU Discovery is turned off (0 = false) by altering the value of the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePM TUDiscovery. 5.3 Handling of the Security Module As soon as the Security Module is inserted into your computer s USB port, all IP connectivity is cut off. You first have to authenticate yourself to the Security Module by entering your PIN or passphrase at this prompt. 6 Required Equipment Typical example: At least one IP Encryptor, Omnisec 422 or Omnisec 423, at the headquarters site (including one programmed Security Module per unit) One Omnisec 421 for the remote or mobile client computer (including a programmed Security Module) Key Management Center Omnisec 711 with SM Programmer Omnisec 704 (or BIKE utility for small networks) and two Network Security Modules (N-SMs) Network Management Center Omnisec 731, Omnisec 731 Firewall, two programmed Configuration Security Modules (C-SMs), and one programmed Personal Security Module (P-SM) BGAN terminal: Thrane & Thrane Explorer 500, or Explorer 700, or Hughes HNS 9201 with terminal adapter BGAN SIM card from the local Inmarsat service provider A professional videoconferencing solution, such as Tandberg, Polycom PVX, or VPoint_HD. 7 Further Details and Support Inmarsat Contact: E-mail: customer_care@inmarsat.com Omnisec AG Contact: E-mail: bgan@omnisec.ch Web: www.omnisec.ch/421 Postal address: Rietstrasse 14 CH-8108 Dällikon Switzerland Phone: +41 44 847 67 11 4

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information