AEP Net Remote
The AEP Net Remote extends the security, functions and features of AEP Net into the remote access domain. Like its big brother the AEP Net Remote provides both data confidentiality and source authentication for IP network traffic.
- AEP Net Remote datasheet 0.61MB
Government policy requires public sector organisations to offer home and mobile working to their workforce wherever possible. These bodies can now extend remote access to Classified data over a range of network access technologies including remote office LAN, broadband (over DSL or cable), and Ethernet-enabled WiFi, without the normal restrictions and overhead expenses. Net Remote delivers the throughput to satisfy a wide range of demanding applications, including VoIP and Video over IP.
Features
- Offers up to 10Mbps throughput (1464 byte UDP) and employing a modified version of the IETF IPSEC ESP tunneling protocol.
- encryption is at the IP layer offering an RJ45 network interface for onward connection to Internet router/modems or other network connections.
- Connects remote access PCs or Laptops onto to host networks or an AEP NET encrypted network via a Net hub encryptor.
- Enables flexible network architectures, providing a wide range of remote access security solutions.
- Net hubs can support up to 1000 Net remote units.
- Employs the same cryptographic network management tools as the Net VPN product (see AEP Net above); both remote access and network security gateway configurations can be managed from the same management station.
- Allows network managers to maintain high assurance cryptographic control of network membership (including central equipment registration and certificate revocation), and to manage Communities Of Interest (COIs).
Typical Uses and Deployment
AEP Net is available in different models suitable for applications in:
- UK Government
- EU Government
- US Government
- High Value Financial
- Pharmaceutical
- Other commercial applications
AEP Net can be deployed as an IP Security Gateway at the network interface or at the workstation to support highly secure end-to-end or data separation requirements
AEP Net and Net Remote are primarily used for backbone (point-to-point) network and remote access communications security, however as encryption is performed at the IP layer the products can be used to build very flexible solutions for Public Sector projects. AEP Net is also designed to provide data separation and reverse tunneling.
Examples of different applications include:
- Data separation between different protective markings over high-grade circuits (including compartments and caveats).
- Voice over IP (Net is being used on a classified pan European network for VoIP today)
- Mobile laboratories / incident rooms
- Protection CCTV or other remote sensing data
- Formal separation between different data strands over a common circuit to overcome need-to-know and data ownership issues.
Net Features and Benefits
The equipment offers a 10 base-t ethernet interface on the public network and a 10/100 base-t ethernet interface on the private network and operates at ethernet full wire rate. The IETF IPSEC standard ESP tunneling mode is used to provide packet level source identification and to hide private network structures, source IP address traffic volumes and to prevent attacks from the public network. The equipment appears as a network host on the public network, a router on the private network and the encryptor employs industry standard protocols. This means that the product set can be integrated into existing architectures seamlessly.
Management
The product set includes the cryptographic network management tools - UniCERT VPN Certification Authority - for authenticity certification, and the AEP Net Policy Manager for network configuration and control. These tools allow network managers to maintain high assurance cryptographic control of network membership (including central equipment registration and certificate revocation), and to manage Communities Of Interest (COIs).
Flexible, Scalable, Resilient
AEP Net has been designed to integrate into an IP environment like any other IP network product (e.g. router). As it encrypts at the IP layer it can be used for any application requiring packet protocol protection.
"If it can be routed it can be encrypted"
AEP Net encryptors are being used to protect not only computer-to-computer communications but also Voice over IP (VoIP), Video over IP and CCTV data over any number of communications infrastructures including ISDN, ATM, E1/T1, Satcom and Wireless ethernet Bridge transports.
The encryptor management is deceptively simple to operate given that the product is supported by very sophisticated PKI key management and encryptor management tools and can be used to administer networks of any size between 10 and 1000 units - even larger networks are possible depending on the network topography.
The product has been engineered to the highest standards for deployment on high availability and critical networks. Not only do units have a very long lifetime but there is also the option to deploy the units in resilient pairs. In resilient mode the encryptors maintain a heartbeat protocol across both the public and private interfaces and will swap to a backup unit whenever a data path drops. This can be used to supplement or in some cases replace routing protocols such as HSRP, RIP and EIGRP.
Private Network Defence
The use of ESP tunnels defends private networks against attacks from the public domain. The encryptor has been independently tested to defend against all known network attacks, including swamping.
Typical Network Architecture
The example shows all the components of an AEP Net encryption system. The encryptors protect communications between client sites and the server site, the configuration could be fully meshed or hub and spoke. A primary and backup resilient pair of encryptors is installed at the server site to guarantee continuity of service. The encryptor management center is connected to the WAN protected by an AEP Net encryptor in management mode.
Proven in Operation
AEP Net product set has been deployed widely to protect National and International scale networks in the UK and Europe. These implementations have proved the security, manageability, flexibility and robustness of the equipment.
