Descrizione
Quantum-Safe Network Encryption Security
Quantum-Safe cryptography provides the ultimate protection in long-term data encryption security in a post-quantum world.
Provide unparalleled protection for data with long-term sensitivity and value with the addition of its Quantum Key Generation, Quantum Key Distribution (Quantum Cryptography) and Quantum-Safe Network Encryption features.
Assurance that your investment keeps pace with cryptographic advances.
BlackDoor DUO network encryptors ensure the protection of data in transit, offering the best combination of network performance with quantum-safe security.
The BlackDoor DUO platform encrypts Ethernet traffic up to 100Mbps Full Duplex (200Mbps aggregate wire speed) on local and storage area networks for data back-up and recovery, as well as on fully meshed global WAN networks for international operations.
Cost-Efficiency
Black encryptors provide excellent total cost of ownership through a combination of network bandwidth savings, ease of network management and reliability. Longevity, interoperability, backward compatibility, minimal installation and management costs and solution flexibility all contribute to a rapid return on investment. Other cost benefits include, low power consumption minimal rack space use and combined rack space/power utilisation efficiency.
The BlackDoor DUO Encryptor supports Point to Point and Multipoint information assurance configurations with unique dynamic keys.
It is designed for wireline or wireless backbone configurations and meets stringent security requirements while reducing overall network complexity in applications including:
• Department of Defense
• Homeland Security
• Telecommunications Providers
• Natural Gas & Electric Power Utility Companies
• Oil and Gas Companies
• Banking & Financial Services Institutions
• Transportation Agencies
• Public Safety Networks
The BlackDoor DUO Encryptor transparently encrypts Ethernet Voice, Video or Data packets, that are destined for a device located on a remote network or a different local network segment.
Data packets are AES encrypted at the Link, Network or Transport Layer and then tunneled, bridged or routed to the destination network.
At the destination network the packets are decrypted and the original Ethernet packets are securely delivered to the destination Ethernet device.
Layer 2 encryption ensures protection of all traffic on the network as well as concealing the network architecture.
It uses state-of-the-art AES 256 bit encryption, with the optional GCM mode providing data integrity on a per-packet level as well as confidentiality.
The transport security feature masks the data flows on the network to ensure that traffic patterns do not reveal critical information.
Point to Point “Plug-and-Encrypt” Installation
The BlackDoor DUO is a plug-and-encrypt installation for the payload of layer 2 and MPLS point to point network connections.
The payload of the Ethernet Packets entering the clear text LAN1 are AES encrypted and sent out LAN2 to the Egress Ethernet.
Ethernet packets AES decryption requires a unique 256 bit key.
The Change to Connectionless Networks
Ethernet networks are being used for larger scale networks and as a replacement for traditional telco data services.
Both private enterprises as well as service providers see the proliferation of Ethernet as a backhaul medium as an advantage for their network expansion.
However, Ethernet at this scale can also lead to potential issues as the network is no longer as secure as a connection-oriented infrastructure.
Security interfaces are required at all network access points to assure data packets as well as address information is encrypted and protected.
These interfaces might be less robust software solutions or for a higher level of network security, plug-and-play encryption appliances.
The Engage BlackDoor DUO offers an effective, easy-to-install solution to solve this problem.
It can be added to existing equipment sites for upgrade of security or it can be installed with new systems to add AES encryption to non-secure equipment.
It works in both point-to-point as well as point-to-multi-point configurations.
Management & Monitoring
BlackDoor DUO allows easy implementation and monitoring of enterprise wide security policies for audit and compliance.
Simple provisioning and scalable management are enabled, either locally or remotely via secure connections (inband or out-of-band).
Engage Black acts as the Certificate Authority by signing and distributing X.509 certificates to the encryptors, as well as accepting third party certificates.
It is compatible with SNMPv3 compliant network management tools (eg NetView, OpenView, Tivoli).
Flexible policy engine with secure local & remote provisioning & management (SNMP v3) In-field firmware upgrades SNMPv1/2 monitoring (read-only) Support for external (X.509v3) CAs CRL and OCSP (certificate) server suppor.t
Quantum-safe for long-term protection of Mission-critical data.
Compatible with P2P and multi-point architectures.
Quantum TRNG for high-quality encryption keys.
Quantum Key Distribution (QKD) server to ensure that the solutions are quantum-safe for the long-term protection of sensitive data.
This also ensures investment-protection of the encryptors.
Such quantum cryptography is provably secure, ensures anti-eavesdropping detection and provides long-term forward secrecy against brute force hacking and attacks by quantum computers.
Security & Encryption
Tamper resistance & anti probing barriers AES-GCM mode for integrity AES 128 or 256 bit keys IDQ Quantum Random Generator Support for Quantum Key Distribution Automatic seamless key management Policy based on MAC address or VLAN ID Encryption modes Certification.
Performance
Low overhead full duplex line rate encryption.
Latency (<1 microsecond per encryptor).
OSI Layer Encryption
It is important for an external encryption device to be able to handle encryption at multiple layers of the OSI model.
The BlackDoor DUO Encryptor can interface to all layers with an internal bridge and router and provides secure data encryption at common throughput levels.
Layer 2 (bridge): interfaces at Layer 2, non-local packets are encrypted above the MAC layer and then directed to the appropriate destination address by the internal bridge.
Layer 3 (router): interfaces at Layer 3, packets are encrypted above the Network Layer and then can be dynamically or statically routed to the destination network by the internal router.
Tunnel - Equipment Interface
Many times network to network security requires an encrypted ‘tunnel’ carrying Ethernet packets over a pre-defined network path.
The BlackDoor DUO permits user creation of a destination table, encrypts the entire incoming packet, and adds the appropriate destination address for correct network transport.
MPLS
The BlackDoor DUO Encryptor can provide "payload only" encryption for MPLS data packets, maintaining the MPLS labels but encrypting the data.
It is flexible enough to provide an encrypted ‘tunnel’ for point-to-point MPLS connections or can encrypt at Layer 2 or Layer 3 or both, easy to configure without any down time for network access equipment.
Advanced Encryption Standard
FIPS approved symmetric encryption algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information.
Caratteristiche
- Regulatory
- CE
- IEC60950
- EMC - CFR 47 Part 15 Sub Part B:2002, EN55022:1994+A1&A2, EN55024, ICES-003 1997, CISPR 22 Level A
- Management
- Telnet support with Edit and Paste Template Files
- Console Port for Out of Band Management
- SNMP support (MIB I, MIB II) with configured traps
- Remote configuration, monitoring, & reset
- Power
- 12-30 VDC, 1.0A
- Locking Connector
- Optional -48V 0.25 Amp
- Hot Standby
- Dimensions
- Dimensions: 9" (L) x 7.3” (W) x 1.50” (H)
- Optional Medeco Case
- TFTP Online Upgrade Capable (FLASH ROMs)
- Fully operational during upgrade
- Optional Extended Temperature Range available
- Environmental
- 0° to 132° F (-10° to 50°C) operating temperature
- Up to 90% operating humidity (non-condensing)
- Optional Extended Temperature Range available
- Encryption Algorithm
- AES 256-bit
- Fully Automatic composite keys management with Quantum Distribution
- Hardware Random Number Generator
- Full Duplex real time encryption
- LAN Network Interface
- Two 10/100/1GB Full Ethernet
- Auto negotiation or Configured Speed and Duplex
- LAN Network Protocols Supported
- IP, TCP, UDP, ICMP
- Telnet
- System Architecture
- Point-to-Point
- Point-to-Multi-Point
- Performance
- JUMBO Ethernet Packet capability (9KB MTU)
- Full Duplex 100Mbps
- Low latency
- In Process Key Updates
- Interfaces
- RJ45 electrical
Applicazioni
Quantum Proof Secure Conferencing Solution
Point-to-Point or Point-to-Multi-point Network Configurations
Point-to-Point or Point-to-Multi-point Network Configurations
The BlackDoor DUO transparently AES encrypts Ethernet networks with Ethernet Voice, Video or Data packets, that are destined for a device located on a remote network or a different local network segment, are AES encrypted at the Link, Network or Transport Layer and then tunneled, bridged or routed to the destination network.
At the destination network the packets are decrypted and the original Ethernet packets are securely delivered to the destination Ethernet device.
BlackDoor DUO Encryptor Applications
- AES Encryption for Layer 2/3 Payloads
- MPLS Data Payload Encryption
- Point-to-Multi-Point with Multiple Key Support
- Plug-and-Play Functionality
- Supports JUMBO Ethernet Frames
- 256 Bit AES Keys
- Supports QKD (Quantum Key Distribution)
- Low Latency (< 1ms)
The BlackDoor DUO Ethernet Encryptor meets the new security requirements and reduces overall network complexity for
- Department of Defense - Air Force, Army, Navy, Marines
- National, State and Local Governments
- Public Safety Networks
- Homeland Security
- Multi-Site Commercial Enterprises
- Banking and Financial Institutions
- Health Care Industries
- Natural Gas & Electric Power Utility Companies
- Transportation Agencies
- Closed Circuit TV
BlackDoor DUO enables Enterprises to achieve the stringent information security standards that are mandated by a variety of legislative actions, including the Health Insurance Portability and Accountability Act, Sarbanes-Oxley, California Database Security Breach Act, the Gramm-Leach-Bliley Act, EU Data Protection Directive and the Federal Information Security Management Act.
BlackDoor DUO enables Enterprises to prevent network attacks that seek to obtain or manipulate their most vital or profitable sources of information including:
- Customer Records
- Intellectual Property
- Marketing Plans
- Employee Files
- Accounting Forecasts
- Sales Strategies
- Source Code
- Formulae
- Financial Spreadsheets
Network to Multiple Network Access Points - Encryption with BlackDoor DUO Encryptor
Demand for interoffice bandwidth to support applications such as: VOIP, IPTV and Video on Demand, and the aggressive pricing from Ethernet Service providers are pushing Interoffice Ethernet into Multisite Enterprises.
Encryption is required at all network access points to assure sensitive payload and address information is encrypted and protected when it traverses service provider networks
Encryption is required at all network access points to assure sensitive payload and address information is encrypted and protected when it traverses service provider networks
Wireless Ethernet Encryption
One of the most economical means to establish Gigabit Ethernet connectivity between line-of-site locations is Wireless Ethernet with Gigabit interfaces.
The BlackDoor DUO facilitates encryption of the Egress Ethernet to externally located Wireless Gigabit and offloads encryption from the Radio and supports multi point installations.
The BlackDoor DUO facilitates encryption of the Egress Ethernet to externally located Wireless Gigabit and offloads encryption from the Radio and supports multi point installations.
Connectionless Network Protocol Security
Ethernet networks are being used for larger scale networks and as a replacement for traditional telco data services.
Both private enterprises as well as service providers see the proliferation of Ethernet as a backhaul medium as an advantage for their network expansion. However, Ethernet at this scale can also lead to potential issues as the network is no longer as secure as a connection-oriented infrastructure.
Both private enterprises as well as service providers see the proliferation of Ethernet as a backhaul medium as an advantage for their network expansion. However, Ethernet at this scale can also lead to potential issues as the network is no longer as secure as a connection-oriented infrastructure.
Security interfaces are required at all network access points to assure data packets as well as address information is encrypted and protected.
These interfaces might be less robust software solutions or for a higher level of network security, plug-and-play encryption appliances.
The Engage BlackDoor DUO offers an effective, easy-to-install solution to solve this problem.
The BlackDoor DUO can be added to existing equipment sites for upgrade of security or it can be installed with new systems to add AES encryption to non-secure equipment.
It works in both point-to-point as well as point-to-multi-point configurations at 200Mbps access speeds.
These interfaces might be less robust software solutions or for a higher level of network security, plug-and-play encryption appliances.
The Engage BlackDoor DUO offers an effective, easy-to-install solution to solve this problem.
The BlackDoor DUO can be added to existing equipment sites for upgrade of security or it can be installed with new systems to add AES encryption to non-secure equipment.
It works in both point-to-point as well as point-to-multi-point configurations at 200Mbps access speeds.
