Manuals / Angenieux / Computer Equipment / Switch

Angenieux 1270A450-005 user manual Background Information, Datacryptor Ethernet Unit

Models: 1270A450-005

1 134

Download 134 pages 58.04 Kb

Page 17

4 Background Information

Datacryptor Ethernet User Manual

Background Information

4 Background Information

Datacryptor Ethernet Unit

The Thales Datacryptor Ethernet units are high performance, integrated security appliances that provide encryption at high line speeds. The 1 Gig and 10 Gig Ethernet units operate at optical line speeds and have the added advantage that they can, over limited distances, use copper media. The device’s high-speed processing capabilities eliminate bottlenecks while providing data encryption and integrity.

It is ideal for bandwidth intensive, latency sensitive applications that demand security and speed, such as site-to-site VPNs, and the transfer of imaging over the network. It provides secure transport over private or public networks.

Figure 4-1. An Example of a Site to Site Ethernet Layer 2 connection

A site-to-site VPN application is shown above. The Thales Datacryptor Ethernet is deployed on either side of the connection, securing the data transmitted across the untrusted public network. Data is sent from a web server through to the host network. It is then encrypted by the Datacryptor Ethernet for secure transfer over the public network, where a second Datacryptor Ethernet decrypts the data at its destination.

Gigabit Ethernet Technology Overview

The Gigabit Ethernet technology used by the 1 Gig and 10 Gig Ethernet units is the latest specification in the IEEE 802.3 Ethernet standard series. This standard allows the transmission of data at one or ten Gigabit per second transmission speeds (1 Gbps or 10 Gbps). However the speed is usually designated as 1,000 Mbps or 10,000 Mbps, as appropriate, to comply with the standard method of showing Ethernet network speeds.

Ethernet Layer 2 Services

Ethernet Layer 2 security services include:

Encryption - The Advanced Encryption Standard (AES) algorithm is a symmetric block cipher capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits. The Datacryptor uses 256 bit keys.

1270A450-005 - June 2008

Page 17

Image 17

Angenieux 1270A450-005 user manual Background Information, Datacryptor Ethernet Unit, Gigabit Ethernet Technology Overview

Contents

User Manual 1270A450-005 JuneDatacryptor Ethernet Preface Datacryptor Ethernet User ManualPage THALESInstallation Contents6 Connecting to Datacryptor Ethernet Units About This DocumentPreface Revision Status 1 PrefaceTrademark Acknowledgements License Agreement and General Information PURCHASES BY OR FOR THE FEDERAL GOVERNMENT LIMITED WARRANTYDatacryptor Ethernet User Manual PrefaceHardware Warranty EXPORT AUTHORIZATIONSGENERAL General RequirementsSecurity Advisory SALES OFFICES Contact InformationPRODUCT SUPPORT CENTERS asia.sales@thales-esecurity.comThe following conventions are used in the body text of this document 2 About This DocumentIntroduction to this Manual This manual is organized into the following sections Product Images 3 OverviewFigure 3-1 Thales Datacryptor 100 Mb Ethernet Front Panel Figure 3-2 Datacryptor 100 Mb Ethernet Rear PanelFigure 3-4 Datacryptor 1 Gig Ethernet Rear Panel Figure 3-3 Thales Datacryptor 1 Gig Ethernet Front PanelFigure 3-5 Thales Datacryptor 10 Gig Ethernet Front Panel Figure 3-6 Datacryptor 10 Gig Ethernet Rear PanelProduct Features Element Manager 4 Background Information Ethernet Layer 2 ServicesDatacryptor Ethernet Unit Gigabit Ethernet Technology OverviewOther Terms Security TermsHardware Installation 5 InstallationRack-Mounting Instructions Ambient temperatureMaintenance Cabling RequirementsAirflow Mechanical LoadingPort To Cable the DatacryptorCabling Supplied ByFigure 5-1 Datacryptor Panel Connectors Power on the DatacryptorRequirements Software InstallationError AlarmInstallation Procedure IP Parameter Configuration via a Serial Connection 6 Connecting to Datacryptor Ethernet UnitsUsers PortSerial Port Parameter CommandValue DescriptionExamples Dial Up NetworkingAdding a Unit to Element Manager 1270A450-005 - June Connecting to Datacryptor Ethernet UnitsDatacryptor Ethernet User Manual Connecting to Datacryptor Ethernet Units Page Direct Invocation of Front Panel Viewer Command Line ParametersC\Program files\Thales e-Security\Element Manager Dc2k.exeDatacryptor Ethernet User Manual Main Window 7 Element Manager ReferenceFile Main Window Pull-down MenusEdit ViewDatacryptor Icons Toolbar IconsTools HelpTo change an icons description, IP address, or connection method To connect to a Datacryptor unitFront Panel Viewer 100 Mb Ethernet Front Panel Viewer 1 Gig Ethernet Front Panel Viewer Datacryptor Ethernet User ManualElement Manager Reference 10 Gig Ethernet Front Panel Viewer Bootstrap Version Firmware numberThe Front Panel LEDs User Key MaterialIndicator Light StateThe Front Panel Viewer buttons Legacy File Configure DialogEnable Enhanced Security Minimum Password LengthPassword Format Check Password LifetimeDefaults Password History LengthSecuring the Settings Inactivity TimeTo commission a unit with the Commission button Key ManagerDatacryptor Ethernet User Manual Step 1 Installing a new Certificate Authority CA Element Manager Reference Step 2 Installing the authenticating CADatacryptor Ethernet User Manual Step 3 Setting the unit name Step 4 Generating a Certificate Element Manager Reference Change Password Dialog Login DialogLogs Window Datacryptor Ethernet User Manual Properties Dialog The General Tab Element Manager Reference The Diagnostics Tab Loopback The IP Management Tab Agent Configuration Tab Configuring SNMPTo add a new SNMP community SNMP CommunitiesTo delete an SNMP community To edit an SNMP communitySNMPv3 Users TypeTo add a new SNMP trap manager Traps TabElement Manager Reference Add Trap Manager dialog for SNMPv3 Adding SNMPv3 Trap ManagersTHALES Element Manager ReferencePage To delete an SNMP trap manager To edit an SNMP trap managerElement Manager Reference IP Route ConfigDatacryptor Ethernet User Manual THALESThe Security Tab Advanced Setting RIP Compatibility The RIP TabMetric Generate Authentication EntriesPassword Ethernet Comm Tab for the 1 Gigabit Datacryptor The Ethernet Comm Tab for 1 and 10 Gigabit DatacryptorsElement Manager Reference The Ethernet Comm Tab for 100 Mb Datacryptor Element Manager Reference The Ethernet Encryption Tab The Expert Tab The Ethernet Tunneling Tab Element Manager Reference Rule Type MAC Address The Environment Tab Appendices Appendix A Device MaintenanceLithium Battery Power SuppliesAppendix B Loading Datacryptor Unit Software Operations during Serial Code Loading Appendix B Loading Datacryptor Unit Software Appendix B Loading Datacryptor Unit Software Operations during Ethernet Code LoadingDatacryptor Ethernet User Manual Datacryptor Ethernet User Manual Appendix B Loading Datacryptor Unit SoftwarePage THALES1270A450-005 - June Datacryptor Ethernet User ManualAppendix B Loading Datacryptor Unit Software Completing the Upload Dimensions Appendix C Product SpecificationsInterfaces Electrical/MechanicalEnvironmental Specifications Appendix D Environmental & RegulatorySafety/Emissions/Immunity RegulatoryEuropean Notice Interference-Causing Equipment Standard Compliance Notice CanadaAppendix E SFP and XFP Interfaces Appendix F Preventing Electrostatic Discharge Symptom Appendix G TroubleshootingExplanation and Possible Solutions SymptomSymptom Fan/Heat Monitor AlarmExplanation and Possible Solutions SymptomDescription Appendix H SNMP MIB SupportMIB Name Description MIB NameDescription MIB NameStandard Traps Appendix I Log and SNMP Trap NumbersLog Trap Errors Hardware Log Trap Errors Software Key Errors Audit ErrorsDatacryptor Ethernet User Manual Log Trap Errors HardwareAppendix I Log and SNMP Trap Numbers Appendix I Log and SNMP Trap Numbers Datacryptor Ethernet User ManualLog Type CodeDatacryptor Ethernet User Manual Log Trap Errors SoftwareAppendix I Log and SNMP Trap Numbers Appendix I Log and SNMP Trap Numbers Datacryptor Ethernet User ManualLog Type CodeDatacryptor Ethernet User Manual Key ErrorsAppendix I Log and SNMP Trap Numbers Appendix I Log and SNMP Trap Numbers Datacryptor Ethernet User ManualLog Type CodeLog Type Appendix I Log and SNMP Trap NumbersCode TrapLog Type Appendix I Log and SNMP Trap NumbersCode TrapDatacryptor Ethernet User Manual Appendix I Log and SNMP Trap NumbersLog Type CodeAppendix I Log and SNMP Trap Numbers Datacryptor Ethernet User ManualLog Type CodeDatacryptor Ethernet User Manual Appendix I Log and SNMP Trap NumbersLog Type CodeAppendix I Log and SNMP Trap Numbers Datacryptor Ethernet User ManualLog Type CodeDatacryptor Ethernet User Manual Appendix I Log and SNMP Trap NumbersLog Type CodeAppendix I Log and SNMP Trap Numbers Datacryptor Ethernet User ManualLog Type CodeLog Type Appendix I Log and SNMP Trap NumbersCode TrapAppendix I Log and SNMP Trap Numbers Datacryptor Ethernet User ManualLog Type CodeDatacryptor Ethernet User Manual Appendix I Log and SNMP Trap NumbersLog Type CodeAppendix I Log and SNMP Trap Numbers Audit ErrorsDatacryptor Ethernet User Manual Appendix I Log and SNMP Trap NumbersLog Type CodeAppendix I Log and SNMP Trap Numbers Datacryptor Ethernet User ManualLog Type CodeTHALES Appendix I Log and SNMP Trap NumbersDatacryptor Ethernet User Manual Appendix I Log and SNMP Trap Numbers Datacryptor Ethernet User ManualLog Type CodeDatacryptor Ethernet User Manual Appendix I Log and SNMP Trap NumbersLog Type CodeAppendix I Log and SNMP Trap Numbers Datacryptor Ethernet User ManualLog Type CodeDatacryptor Ethernet User Manual Appendix I Log and SNMP Trap NumbersLog Type CodeAppendix I Log and SNMP Trap Numbers Datacryptor Ethernet User ManualCiphertext Ciphertext Stealing CTS Command Line Interface CLI Appendix J Glossary of TermsAdvanced Encryption Standard AES Bits per Sec bps Block cipher Certificate Certification Authority CA Cipher block chaining CBCElement Manager EM Encrypted data Encryption Framing Hash Message Authentication Code HMAC Integrity IP Key MACFront Panel Viewer FPV Hash Function MAC address Message Digest #5 MD-5 Netmask Peer Plaintext Private KeySFP SNMP Transform X.509 Public Key Cryptography Public Key Data Public Key encryptionPublic Key Set Replay Prevention Secret Key Secure Hash Algorithm SHA