IP End-to-End WAN Security
The Cipher X 7200 is a member of TCC's family of high speed security systems that provide leading edge encryption, authentication and firewall protection for internetworking applications. The Cipher X 7200 offers centrally managed, end-to-end security across IP Wide Area Networks (WANs), and is the most advanced IP security solution available.Transparent Network Encryption
Protocol sensitive intelligence enables the Cipher X 7200 to provide complete end-to-end and transparent network security. The Cipher X 7200 accepts IP packets from a router or LAN and separates the header information, including addressing and the network management data (i.e. ICMP, RIP, ARP), from the user data. The Cipher X 7200 then encrypts only the user data and leaves the header information in the clear. After reconstruction, the packet is sent securely and transparently over the WAN. No network modification is required. The packet appears the same as any other non-encrypted packet processed by network routers and switches. Higher layer protocols, i.e., TCP, UDP, FTP, and Telnet are also transparent to the Cipher X 7200.Firewall Protection
The Cipher X 7200 provides multiple levels of network access protection to ensure that only authorized messages are permitted to transit to and from customer premises. Each virtual circuit is identified by the CipherX by its source and destination address or subnet address, and can be designated as plain, cipher, or blocked. All packets sent to an address designated as cipher have a crypto authentication code at the beginning of the user data field. If this code is missing or incorrect, the packet is rejected, thereby forming a firewall between the WAN and the router on the customer site.Additionally, a network protected by Cipher X 7200s can be segmented into several discretionary access groups. Individual IP addresses and subnets can be assigned as members of one or more groups, thus affording the system manager complete control over which nodes may communicate.
Features
- Protocol sensitive IP security
- Encryption, authentication and firewall
- Advanced key management
- Support for 1,024 simultaneous virtual circuits
- Allows up to 12 "discretionary access" groups
- Selective filtering of transport layer protocols
- Centralized management with KEYNET system
- Low packet latency and overhead
- Triple-DES and NIST approved and exportable DES
- Simple to operate, install and maintain
Processing Power
The Cipher X 7200 is designed to support high traffic IP users. Complex security operations are done efficiently and at high speeds to achieve a maximum data rate of 10 Mbps. Each Cipher X system can secure up to 1,024 simultaneous virtual IP circuits. Each virtual circuit, identified by the source and destination IP address, is protected independently with its own key. A Cipher X under full load is equivalent to 1,024 separate encryption units.Key Management
The Cipher X 7200 incorporates TCC's automated and highly secure key management system. Optimum protection is achieved by frequent and automated key changes. No couriers or user interaction is required. The high security of this system has resulted in the U.S. Government adopting it for their use as detailed in FIPS 171.At the start of a secure session between two IP nodes, a cryptographically authenticated process verifies the identity and rights of both parties. The initializing Cipher X 7200 generates a random session key to encrypt the user data. This key is encrypted and authenticated using a Key Encryption Key (KEK), and then transported over the IP network to a receiving Cipher X. These very long and secure KEKs ensure that the critical user data keys remain safeguarded during transport. The session key is used until a lack of activity between the nodes causes the session to shut down, or the automatic key change interval expires.
Cipher Site Manager
Cipher Site Manager (CSM) is a software application that enables Cipher X 7200 units to be easily configured through the terminal interface. CSM will run on any PC compatible computer, 386 or higher, under the WindowsTM operating system. The graphical user interface makes it easy to program IP addresses, run diagnostics, load keys and perform other basic configuration and troubleshooting operations. On-line help and context sensitive tips allow anyone familiar with Windows to immediately use the CSM program.KEYNET Centralized Management
TCC offers the most comprehensive centralized security management available. The KEYNET system can simultaneously manage all of TCC's Cipher X products including those on mixed networks such as: X.25, Frame Relay, and IP. Virtually anything an authorized user can do at the front panel of a Cipher X can be done remotely at the KEYNET system. This eliminates the need to train operators at each site, periodically send key couriers to all units, and downtime while waiting for a technician to clear errors or alarms. KEYNET saves money and keeps the network up and running.For optimum protection, KEYNET also establishes a unique secure link to each unit. All communication between the KEYNET and the CipherX 7200, such as key transporting, diagnostic commands and security configuration settings, are encrypted and authenticated. Network maintenance is also efficiently and simply managed with the KEYNET system's unattended auto poll mode.
All CipherX units in the network may be polled automatically saving the crypto officer's time and enhancing network uptime. All unit statistics as well as errors and alarms are collected, stored in logs, and displayed. A hot standby KEYNET is available to take over in case of a problem or during regular maintenance of the primary KEYNET.
Quality
TCC is dedicated to quality products and services. TCC is ISO 9001 certified. ISO 9001, granted to TCC by TUV, is the most stringent standard available for total quality systems in design/development, production, installation and servicing. The CipherX® 7200 in Use
The CipherX® 7200 may be installed either on the EthernetTM LAN side of the router (as shown on the left) or the WAN side (as shown on the right).
Technical Specifications
| APPLICATION | WAN security for IP Protocols Encryption, authentication, and firewall |
| CRYPTOGRAPHY | ANSI X9.52 Triple-DES algorithm |
| KEY MANAGEMENT | Triple-DES Algorithm
|
| OPERATION | Synchronous, full-duplex |
| DATA RATES | 9.6 Kbps to 10 Mbps full-duplex |
| VIRTUAL CIRCUITS | Up to 1,024 simultaneous virtual IP circuits Each IP or subnet address designated as Plain, Cipher, or Blocked A unique, random encryption key protects each circuit. |
| PACKET SIZE | To 4,096 bytes |
| MANAGEMENT PROTOCOL SUPPORT | RIP, ARP, ICMP, SNMP |
| STANDARDS | RFC 791, RFC 768, RFC 792, RFC 894 |
| SECURITY STANDARDS | FIPS 140-1, ANSI X9.52, ANSI X9.9, FIPS 171, FIPS 46-2 |
| USER INTERFACE | TCC's Cipher Site Manager application running on Windows PC. PC connects to Cipher X 7200 via serial asynchronous cable |
| NETWORK INTERFACES | Ethernet AUI or 10 base T |
| SYNCHRONIZATION | Automatic crypto sync recovery upon errored or dropped packet Error & spoof protected: Secure authentication prevents modification or playback attack |
| AUDIT LOGS | Battery-backed logs for alarms, errors, & security events Each entry is Time and Date Stamped. |
| EMI/EMC | FCC Part 15, Subpart B, Class B EN55022 89/336/EEC EN55082-1 1992, Generic Immunity IEC 801-2, ESD Susceptibility IEC801-3, Radiated Susceptibility-Electric Field IEC 801-4, Conducted Transients Susceptibility |
| SAFETY | ANSI/UL 1950 CSA C22.2 No. 950-M89 EN60950 IEC 950 |
| MBTF | Exceeds 30,000 hours @ +25o C ground benign |
| POWER REQUIREMENTS | AC Supply: Auto ranging: 85-265 VAC 50/60 Hz 20 Watts typical |
| TEMPERATURE AND HUMIDITY | Temperature and Humidity: 0o C to +50o C Operating -40o C to +80o C Storage Up to 90% Humidity, non-condensing |
| SIZE AND WEIGHT | Height: 1.75" (4.4 cm) 1U rack height Width: 16.5" (41.9 cm) without 19" rack mount ears Depth: 10.5" (26.7 cm) Weight: 15 lb (6.8 kg) |
| OPTIONS AND ACCESSORIES |
|
Copyright© Technical Communications Corporation 1999
Cipher X and KEYNET are trademarks of Technical Communications Corporation
Windows is a trademark of Microsoft Corporation
Ethernet is a trademark of Compaq Computers (formerly Digital Equipment Corporation).
All
specifications are subject to change without notice