Enigmätron-C
High-Security Data Encryption Equipment
Enigmätron-C, High-Security Data Encryption Equipment
Description
Valiant’s Enigmätron-C is a high-security data encryption device that provides tunnel-less data encryption, including Ethernet frame encryption for Layer 2 networks, IP packet encryption for Layer 3 networks, and Layer 4 data payload encryption for IP and MPLS networks. The Enigmätron-C offers full-duplex encryption at speeds up to 12 MBits/s @ AES-256 algorithm.
Valiant’s Enigmätron-C is an easy-to-use encryption device with extremely advanced firewall features that may be installed to secure RTUs, SCADA Terminals, Smart Grid distribution systems. The Enigmätron-C may also be installed in centrally managed encryption networks consisting of multiple branch offices edge installations to secure installation such as Point-Of-Sale Terminals, ATM Networks.
Data Sheet
Power Point Presentation (PPS)
The Enigmätron-C also includes a 4 port integrated Ethernet switch which allows a connection of up to 4 Terminals, such as RTUs etc. thereby reducing the cost by avoiding the need to deploy additional Ethernet switches at the network edge.
The Enigmätron-C uses Group Encryption technology to provide scalable encryption without tunnels while encryption is enabled and active. Tunnel-less encryption also allows networking and application monitoring and services such as QoS to operate transparently without modification.
Access to Enigmätron-C is password protected with advanced firewall capabilities that meet and exceed NERC as well as all mandatory requirements of Password Protection and Control as provided in the GR-815-CORE-2 specifications. Enigmätron-C can optionally be managed centrally from a RADIUS Server to provide enhanced levels of access security and central password management and control.
Features and Highlights
- Interoperable with Valiant's Enigmätron-X
- Encryption product family
- Encrypted throughput up to 12 Mbps
- Per-frame/packet authentication
- Seamless scalability
- Infrastructure neutral
- Transparent to network and applications
- Easy installation and management
Applications
- Point-to-point and Point-to-Multi-Point Encryption links
- Utilities – Oil & Gas production, pipelines, electric generation, transmission and distribution
- Remote node on SCADA multi-drop networks
- Law Enforcement
- Retail – Stores, Point-of-Sale terminals, Credit Card machines
- Financial institutions, corporate links, branch offices, ATM machines
- VLAN – Supports multiple VLANs through an external IP network
- Supports voice and video over public and/or private networks
- For home use, hotels and secured applications over unsecured public transmission networks
Security
- Public and Private Key management
- GR-815-CORE-2 complaint Password Protection
- SNMP V2 and SNMP V3
- Radius Authentication options for un-matched security
- Remote network monitoring
- Firewall with Black-list and White-list options
Comprehensive Data Protection
- IPsec site-to-site networks
- MPLS meshed networks
- Metro Ethernet and VPLS networks
- Voice and video over IP applications
Performance
- Encrypted throughput: 12 Mbps - bidirectional.
- Encrypted latency: <4 ms* per hop
*Measured with 512 byte packets with L3 encryption enabled. Latency may vary with packet size.
Encryption and Secure Communication Protocols
- Encryption: 128-AES, 192-AES and 256-AES
- IPSec (RFC 2401) for Layer 3 Encryption
- Authentication (Message Integrity): HMAC-SHA-256-96 (FIPS 180-3, FIPS 198)
- Signature generation and verification: RSASSA-PS, RSASSA-PKCS v1.5, X.509, DSA FIPS 186-2
- Management session authentication: RSA, DSS
- Security Key Exchange Manual, or Automatic, programmed interval key rotation
- Group keying with SSL/TLS (bilateral authentication) based on certificates
- X.509 Certificates
- Certificate revocation: OCSP (RFC 2560), CRL (RFC 5280)
Firewall and Security:
- Secure Boot
- Firewall Security
- Exclusion Policy -Access Control based on Black List,
- Inclusion Policy - Access Control based in White List IP address based, MAC address based, IP Domain.
- Password Protection with password strength monitor.
- Resistance to Denial of Service Attack
- Non-volatile Access Log with capability to "fingerprint" all successful and failed log-in attempts and keep a log of the IP and MAC addresses of all successful and failed logins / login attempts.
- Alarm Generation in the event of 3 consecutive failed log-in attempts (wrong user name or Password).
- Option to generate an E-Mail Alert for Event and Alarm
- RADIUS Password Authentication
- SSH (Secure Access Control) with encrypted Password Protection
Network Support:
- Ethernet
- VLAN tag preservation
- MPLS tag preservation
- IPv4
- IPv6 (Layer 2 Ethernet encryption mode)
- Secure NTP
Policy Selector Options:
- Source or destination IP address
- Source or destination port number
- Protocol ID (L3 and L4 options)
- VLAN ID (L2 option)
Device Management and Alarm Monitoring:
- Command Line Interface - Telnet, SSH
- SNMPv2 Alarm Monitoring
- Alarm condition detection and reporting (traps and SNMP alarm table)
- Syslog
- Audit Log
Indicators:
- System Status LED (Encryption On/ Off Status)
- Power LED
Environmental:
- Operational: Temperature -20C to +60C (-4F to 140F)
- Humidity: Up to 95% R.H. (Non-condensing at 50C)
- Cold start: temperature -10C
- Maximum Operational Humidity: 95% R.H. (Non-condensing)
Regulatory:
- Emissions: As per CISPR 22 / EN55022 Class A
- CE and FCC: Part 15 Subpart A
- Immunity: EN55024, En61000
Physical:
- 19-Inch, Industrial Chassis and optional Small Form Factor (SFF) Chassis
- Height x Depth x Width: 44 mm x 250 mm x 482 mm
- Weight: 3 Kgs
- Power: 1+0 and 1+1 Redundant Power Supply Options.
- -100~240V AC, 50/60Hz; -48V DC; 110V DC
- Power consumption: 9W at maximum load
- MTBF: ≥ 280,000 hours with dual redundant power supplies
Interfaces:
- Four 10/100 RJ45 locally switched network interfaces to the local (trusted) network
- One 10/100/1000 RJ45 network interface to the remote (untrusted) network
- Integrated four-port Ethernet switch
- Auto MDI/X (straight or crossover Ethernet cable correction)
- USB serial port for local access and configuration.