|
CyProtect AG - Apani EpiForce Guardian Appliance |
zurück
zur CyProtect - Produkte -
Apani - Apani EpiForce Guardian Appliance
Apani EpiForce Guardian Appliance
EpiForce 2.2 Architecture Overview
The Guardian appliances from Apani Networks are hardware based Agents that secure TCP/IP network communications for a host computer or device. The Guardian operates as a bump-in-the-wire, automatically following security policies that are created by Administrators at EpiForce Admin Console.
The Apani Guardian appliances come in three configurations:
GDS1000
600+ Mbps is used for gigabit speed connections
GDS531
22 Mbps is used for higher speed connections
GDS320
13+ Mbps is primarily used to secure individual communications
Apani Guardian Features & Benefits
Plug-and-Play Ease of Use
The Apani Guardians require no software installation or end user training. The user simply inserts them between hosts and Ethernet network, and then all further operation is automatic. The Apani Guardian detects and assumes the protected host’s IP and MAC addresses and secures its communications.
Automatic Security Policy Distribution
Apani Guardians automatically contact the Apani EpiForce Admin Server at startup and whenever their addresses change, to request updated security policy information and digital certificates. Whenever an authorized System Administrator changes an applicable security policy, the change is sent immediately to the Apani Guardian, which dynamically implements it in real-time.
Automatic and Transparent Security
The Apani Guardians follow respective network security policies entirely in the background, automatically encrypting and blocking network communications as required. Network security is completely transparent to users. They run the same network applications as always – no training is required. Encryption keys are automatically changed at adjustable time intervals, without interference to ongoing communications. The Apani Guardians can be configured to block communications when they are reconnected to unauthorized hosts, even after a power cycle.
Support for NAT/Routers
Apani Guardians operate in ordinary IP networks and behind network address translators (NATs) with equal ease. Both static and dynamic NATs are supported. When they are behind NATs, Apani Guardians automatically download security policy changes at an administrator-configurable contact interval.
Support for DHCP
Apani Guardians are 100% compatible with DHCP and obtain and update IP addresses automatically from DHCP servers just like other IP network devices.
Encryption and Data Integrity Protection
The Apani Guardian automatically negotiates IPSec security associations with other Apani Guardians, Apani Universal Software Agents, and third-party IPSec products. Once a security association is established, Apani Guardians encrypt data and provide integrity protection for their network communications.
Apani Guardian Product Specifications
- X.509v3 certificate-based using the Digital Signature Standard (DSS)
- Transport Mode, Tunnel Mode and combined Tunnel/Transport
- Data encryption algorithms: AES (128-bit and 256-bit key), 3DES
- (168-bit key), ARCfour (128-bit key), and DES (56-bit key)
- Data Integrity Algorithms: HMAC SHA-1, HMAC MD5, and DES-MAC
- Automatic key generation and updating using IPSec standard
- Internet Key Exchange protocol (IKE, formerly ISAKMP/Oakley)
- Connection Types:Ethernet, dialup PPP, ISDN, Token Ring, FDDI and others
- IPSec Protocols: ESP and AH
- IPSec Key Options: Preshared Keys, Manual Keys
Haben Sie Interesse an Apani Lösungen? Bitte nehmen Sie mit uns Kontakt auf.
Copyright © 2000 - 2008 - CyProtect AG. - Alle Rechte vorbehalten.
Kontakt: info@cyprotect.com
- CyProtect AG, Schatzbogen 58, 81829 München
Tel. 089/420447-0 Fax. 089/420447-79 |
|
|
