Using Enhanced Security Features

Strong password enforcement

ETEPs with software version 1.6 or later can be configured to use strong password enforcement. The conventions used with strong password enforcement are far more stringent than those used with the default password management. To learn more about strong password enforcement, see “Configuring the Password Enforcement Policy” on page 103.

Strict authentication

With strict authentication, all communications between EncrypTight components is authenticated using certificates. To learn more about strict authentication and using certificates see “About Strict Authentication” on page 262.

Hardware Security Module

A hardware security module (HSM) is available as an option for your ETKMSs. HSMs provide tamper-proof storage for encryption keys and certificates. To learn more about working with an HSM, see “Working with Certificates and an HSM” on page 275.

Common Access Cards

EncrypTight supports the use of smart cards such as the Common Access Cards used by the U.S. Department of Defense. The use of smart cards provides user authorization in addition to certificate- based authentication. To learn more, see “Using a Common Access Card” on page 294.

About Strict Authentication

EncrypTight uses the Transport Layer Security (TLS) protocol for secure communication between the different components of the system (the management workstation, the ETKMS, and the PEPs). EncrypTight can use either:

TLS with encryption only

TLS with encryption and strict authentication enabled

When strict authentication is enabled, all TLS communications between EncrypTight components is authenticated using certificates. Authenticating the communications between components provides an extra level of security. Optionally, you can also set up the system to validate certificates by checking Certificate Revocation Lists (CRLs) or by using the Online Certificate Status Protocol (OCSP).

Strict authentication is available for ETEPs with software version 1.6 or later. Strict authentication is disabled by default. After you install certificates on all of the devices that you are going to use, you can enable strict authentication.

CAUTION

Do not enable strict authentication before you install certificates on all of the EncrypTight components. Doing so can lead to errors and communication failures.

A certificate is an electronic document that contains a public key that corresponds to the private key of the entity named as the subject of the certificate. Certificates can be generated by the entity itself (self- signed) or they can be issued by a certificate authority (CA). A CA is a trusted organization that authenticates certificate applications, issues and revokes certificates, and maintains status information about certificates. CA-signed certificates help establish a chain of trust. Keys and certificates are stored in an encrypted, password-protected keystore.

262

EncrypTight User Guide

Page 260 Page 262
Page 261
Image 261
Black Box ET0010A, ET1000A, EncrypTight, ET0100A manual About Strict Authentication
Page 260 Page 262

EncrypTight, ET0100A, ET0010A, ET1000A specifications

The Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are advanced solutions designed for secure data transmission and network management, catering to modern enterprise needs. These tools integrate cutting-edge technologies to enhance connectivity, security, and efficiency within various environments.

The Black Box ET1000A is primarily a high-performance Ethernet over Twisted Pair (EoTP) solution. It enables users to extend Ethernet signals over long distances using existing twisted-pair cabling without sacrificing speed or reliability. With support for speeds up to 100 Mbps, this device is ideal for organizations looking to upgrade their existing infrastructure without extensive rewiring. Key features include plug-and-play installation, which simplifies deployment, and versatile compatibility with both legacy and modern ethernet networks.

The ET0010A model takes connectivity a step further by providing seamless integration with fiber optics. This device supports transmission distances that far exceed traditional copper solutions, making it a perfect fit for larger facilities or multi-building campuses. Its built-in Ethernet switch enhances network efficiency by providing multiple ports for device connectivity, thus facilitating greater data flow.

EncrypTight technology is a notable feature across these Black Box models, offering advanced encryption capabilities to safeguard sensitive data during transmission. With military-grade encryption protocols, EncrypTight ensures that corporate information remains secure from potential eavesdroppers. This technology is essential for businesses operating in regulated industries or that handle confidential customer information.

The ET0100A model combines intelligence with monitoring features to provide users with comprehensive network insights. It boasts built-in diagnostic tools that enable IT professionals to troubleshoot issues quickly and efficiently. Additionally, it features real-time performance monitoring, allowing users to analyze bandwidth usage and optimize network performance accordingly.

In conclusion, the Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are powerful tools that embody the latest in data transmission and network management technologies. With their unique features—including extended connectivity capabilities, robust encryption technologies, and real-time monitoring solutions—these devices cater to the growing demands of businesses seeking to enhance their network infrastructure while ensuring robust security and efficiency. Integrating these tools into any organization’s operations can fundamentally improve both performance and data protection, making them indispensable in today’s digital landscape.
Top Page Image Contents