L3 Box S* VPN Gateway for RESTRICTED Communication - Secunet
09.01.2013 Views
Share Embed Flag

L3 Box S* VPN Gateway for RESTRICTED Communication - Secunet

L3 Box S* VPN Gateway for RESTRICTED Communication - Secunet

L3 Box S* VPN Gateway for RESTRICTED Communication - Secunet

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
secunet.com

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

( <strong>Box</strong> S)<br />

<strong>L3</strong> <strong>Box</strong> <strong>S*</strong><br />

<strong>VPN</strong> <strong>Gateway</strong> <strong>for</strong> <strong>RESTRICTED</strong><br />

<strong>Communication</strong><br />

As a <strong>VPN</strong> gateway, the SINA <strong>L3</strong> <strong>Box</strong> is a key component of the central IT infrastructure<br />

in high-security networks. The data exchanged between the SINA components is securely<br />

transmitted via encrypted <strong>VPN</strong> tunnels. SINA <strong>L3</strong> <strong>Box</strong>es connect public authority<br />

or corporate networks via public lines such as the Internet. Additionally, SINA <strong>L3</strong> <strong>Box</strong>es<br />

can be configured as cryptographic network access points <strong>for</strong> SINA clients to (terminal)<br />

servers.<br />

The SINA <strong>L3</strong> <strong>Box</strong> S and its predecessors, SINA <strong>Box</strong> LE, SINA <strong>Box</strong> 1U<br />

(5xLAN) and SINA <strong>Box</strong> 1000, are IP-based encryption systems approved<br />

by the German Federal Office <strong>for</strong> In<strong>for</strong>mation Security (BSI) <strong>for</strong> transmitting<br />

classified in<strong>for</strong>mation <strong>for</strong> both <strong>RESTRICTED</strong> and NATO <strong>RESTRICTED</strong><br />

classification levels. Just like its predecessors, the SINA <strong>L3</strong> <strong>Box</strong> S also<br />

serves national and international high security networks.<br />

Due to the increased temperature ranges, integrated touch display and a<br />

more modest power consumption the new SINA <strong>L3</strong> <strong>Box</strong>es S 30M, 200M<br />

and 1G are more flexible than the predecessors. Additionally the new SINA<br />

<strong>Box</strong>es S 200M, 1G and 3G are substantially lighter. The network interfaces<br />

can be fitted with SFP modules according to specific needs. This allows<br />

<strong>for</strong> a flexible adaption to the customer’s network infrastructure. Compared<br />

with the SINA <strong>Box</strong> 1000 the new SINA <strong>L3</strong> <strong>Box</strong> S 1G has a more compact<br />

design (19” 1U). Both models of the SINA <strong>L3</strong> <strong>Box</strong> S 3G are equipped with<br />

Benefits:<br />

» » Approved up to <strong>RESTRICTED</strong><br />

and NATO <strong>RESTRICTED</strong><br />

» » High data throughput<br />

» » High availability<br />

» » Increased temperature ranges<br />

» » State-of-the-art technology<br />

in complex security networks<br />

» » Network interfaces can<br />

be fitted with SFP modules<br />

according to customer<br />

requirements<br />

ten network interfaces each which makes them most suitable <strong>for</strong> use in<br />

complex central network nodes. A crypto per<strong>for</strong>mance of up to 3 GBit/s<br />

makes it the most powerful device of the SINA <strong>L3</strong> <strong>Box</strong>es S.<br />

The SINA <strong>L3</strong> <strong>Box</strong> S software version 3.3 (planned <strong>for</strong> Q4 2012) ensures<br />

the IPv6 ability.<br />

IT security concept<br />

The SINA <strong>L3</strong> <strong>Box</strong> S is based on an integrated IT security concept.<br />

In particular, this concept includes:<br />

▀▀ A▀hardened▀and▀intensively▀evaluated▀Linux▀system▀plat<strong>for</strong>m<br />

▀▀ Smart▀card▀technology<br />

▀▀ IPsec-based▀virtual▀private▀networks<br />

▀▀ Hardware▀and▀software▀scaled▀and▀configured▀according▀to▀approval▀<br />

requirements

<strong>L3</strong> <strong>Box</strong> S<br />

Secure system boot and operation<br />

Depending on the actual conditions of the IT infrastructure and projectspecific<br />

communications requirements, it is possible to use the SINA <strong>L3</strong><br />

<strong>Box</strong>es S with thousands of simultaneous security associations. Upon<br />

system start-up, the SINA <strong>L3</strong> <strong>Box</strong> S software is securely loaded from flash<br />

memory. All initial configuration data and security associations <strong>for</strong> the<br />

SINA <strong>L3</strong> <strong>Box</strong> are stored in a protected area of the SINA smart card. When<br />

a SINA <strong>L3</strong> <strong>Box</strong> is started, the security associations to the SINA Management<br />

and the communications-related SINA <strong>L3</strong> <strong>Box</strong>es are set up as IPsec<br />

<strong>VPN</strong> tunnels. If necessary, additional security associations or configuration<br />

data can be downloaded from the SINA Management. This greatly<br />

simplifies configuration, installation and hardware replacement with the<br />

SINA <strong>L3</strong> <strong>Box</strong>.<br />

Systems monitoring<br />

The SINA <strong>L3</strong> <strong>Box</strong>es log all system-monitoring relevant data during operation.<br />

The syslog data can be imported into network management systems<br />

<strong>for</strong> further processing and/or displayed as required. The new SINA <strong>L3</strong> <strong>Box</strong> S<br />

software version 3.3 (planned <strong>for</strong> Q4 2012) supports SNMP v2c.<br />

High availability<br />

Using redundant configurations it is possible to increase availability and<br />

safeguard against failure of SINA <strong>L3</strong> <strong>Box</strong>es. An automatic switchover<br />

mode triggers a second SINA <strong>L3</strong> <strong>Box</strong> to take over the functions of the<br />

failed SINA <strong>L3</strong> <strong>Box</strong>. The SINA <strong>L3</strong> <strong>Box</strong>es S 1G and 3G are equipped with<br />

redundant power supply units.<br />

Additional details and per<strong>for</strong>mance data<br />

* For further in<strong>for</strong>mation about the new naming concept refer to: www.secunet.com/en/sina.<br />

** For German national use only.<br />

*** Due to several different producer-specific product variations SFP modules are not included in the scope of delivery. E. g. the following modules can be loaded:<br />

Finisar FTLF8519P2BNL (optic fibre, Short Range, Multi Mode), Source SP-GB-LX-CDFH (optic fibre, Long Range, Single Mode) or 3COM 3CSFP93 RJ45.<br />

More in<strong>for</strong>mation:<br />

www.secunet.com/en/sina<br />

SINA_<strong>L3</strong><strong>Box</strong>S_V1_04/12_GB<br />

Satellite communication<br />

The use of SINA <strong>L3</strong> <strong>Box</strong>es requires IP-enabled transport networks, including<br />

satellite communication lines. Satellite optimisers support the effective<br />

use of the available bandwidth of the satellite lines.<br />

Management<br />

The SINA Management is used <strong>for</strong> central configuration of all SINA <strong>L3</strong><br />

<strong>Box</strong>es in the network. An integrated public key infrastructure (PKI) with<br />

the corresponding user management supports the main administrative<br />

processes, particularly the personalisation, generation and/or updating of<br />

keys and cryptographic parameters as well as the administration of associated<br />

PINs and PUKs on the smart cards.<br />

Approval-related construction classes<br />

SINA <strong>L3</strong> <strong>Box</strong> S<br />

Approval level <strong>RESTRICTED</strong>, NATO <strong>RESTRICTED</strong>, RESTREINT UE**<br />

Software versions 2.2<br />

3.3 (planned <strong>for</strong> Q4 2012)<br />

Authentication token SINA smart card<br />

SINA <strong>L3</strong> <strong>Box</strong> S 30M SINA <strong>L3</strong> <strong>Box</strong> S 200M SINA <strong>L3</strong> <strong>Box</strong> S 1G SINA <strong>L3</strong> <strong>Box</strong> S 3G 10Cu SINA <strong>L3</strong> <strong>Box</strong> S 3G 6Cu 4SFP<br />

General technical data<br />

Size 228 x 165 x 44,45 mm 19” 1 U 19” 1 U 19” 2 U 19” 2 U<br />

Weight 1.8 kg 7.8 kg 9 kg 12.5 kg 12.5 kg<br />

Power consumption<br />

Crypto hardware<br />

18 W 85 W 105 W 256 W 256 W<br />

Encryption per<strong>for</strong>mance approx. 30 MBit/s approx. 200 MBit/s approx. 1000 MBit/s approx. 3000 MBit/s approx. 3000 MBit/s<br />

Symmetric<br />

cryptography<br />

AES AES AES AES AES<br />

Asymmetric<br />

cryptography<br />

LAN connections<br />

EC-GDSA, EC-DH EC-GDSA, EC-DH EC-GDSA, EC-DH EC-GDSA, EC-DH EC-GDSA, EC-DH<br />

Network interfaces*** 4 x 10/100/1000 MBit Cu 4 x 10/100/1000 MBit Cu 4 x 10/100/1000 MBit Cu 10 x 10/100/1000 MBit Cu 6 x 10/100/1000 MBit Cu<br />

Temperature<br />

2 x 1000 MBit SFP<br />

2 x 1000 MBit SFP<br />

4 x 1000 MBit SFP<br />

Operation +5 °C to +40 °C +5 °C to +40 °C +5 °C to +40 °C +5 °C to +40 °C +5 °C to +40 °C<br />

Transport -20 °C to +60 °C -20 °C to +60 °C -20 °C to +60 °C -20 °C to +60 °C -20 °C to +60 °C<br />

Item number SB50.04 SB50.23 SB50.24 SB50.05 SB50.22<br />

secunet▀Security▀Networks▀AG<br />

Kronprinzenstraße▀30<br />

45128▀Essen,▀Germany<br />

Phone:▀ +49▀-▀201-▀54▀54▀-▀0▀<br />

Fax:▀ +49▀-▀201-▀54▀54▀-1000<br />

E-mail:▀ info@secunet.com▀<br />

www.secunet.com

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!