The Sectéra In-Line Network Encryptor (INE) is specifically designed to support IP/Ethernet operating over standard commercial networks requiring U.S. Government Type 1 security. It protects all levels of data, including Government Classified up through TS/SCI by providing confidentiality, data integrity, peer identification, authentication and mandatory/discretionary access control services.This device is software configured using the new Sectéra INE Configuration Manager and is keyed using material supplied by the U.S. Government's Electronic Key Management System (EKMS), for Type 1 product. Physical and electronic key distribution is supported. Utilizing General Dynamics' Advanced INFOSEC Machine (AIM) technology, the Sectéra INE provides a high assurance security design approach as well as a very flexible application set defined by the software. The Sectéra In-Line Network Encryptor is fully software re-programmable. It allows the introduction of new features, algorithms and software maintenance.
The Sectéra INE is compatible with the Network Encryption Systems (NES) already in service. It also has been designed to meet the new U.S. Government standards for security and network operations based on the Internet security and key management protocols IPsec/IKE. The architecture has been designed to be software upgradeable to the future High Assurance IP Interface Specification (HAIPIS).
Photo courtesy General Dymanics
SPECIFICATIONS
Manufacturer:
General Dymanics, Scottsdale Arizona
Physical Characteristics:
Width: 8.25"
Height: 4.75"
Depth: 12.5"
Weight: Under 12 poundsOperator Interface:
32 Character 2 line liquid crystal display
12 Key Numeric Keypad
Multi-color LED status indicator
Datakey port KSD-64A or PKA64KCEnvironmental:
-30 degrees C to +65 degrees C storage
0 degrees C to +45 degrees C operatingCommunications Interfaces:
Up to 20 Mbps aggregate data throughput
2 RJ-45 10/100 Base T
2 DB-9 Serial PortsPower
External power supply
AC Input: 90 - 250 VAC auto-sensing at 47 to 63 HZ single phase
Certification:Certification:
TEMPEST Approved
Tamper Protected
Controlled Cryptographic Item (CCI) rating
UL1950
FCC Part 15 Class BAddressing:
1000 destination INE identities (maximum)
64 IP host addresses (or ranges) or MAC addresses behind each INE (maximum)Protocols:
Common Protocols
Ethernet MAC (Version 1.0 or 2.0)
ANSI/IEEE 802.3 MAC, 802.2 LLC (with SNAP extension per RFC 1060 and RFC 1042)
Address Resolution Protocol (ARP) per RFC 826
Reverse Address Resolution Protocol (RARP)
Internet Control Message protocol (ICMP) "PING" echo reply
Broadcast and MulticastLegacy Protocols
DoD IP per MIL-STD-1777
SDNS Security Protocol 3
SDNS Key Management protocolNetwork Management Agent for SNMP Management
SNMP V3 Capable
Provides manageable agents on both the host (RED) and network (BLACK) interfaces
Operates with standard SNMP Network Management Stations
Supports most standard objects defined inMIB-11
Supports TCP Transport as a private MIBKey Management:
Meets Secure Data Network Standards (EKMS)
Supports both physical and electronic key distribution
Single Crypto Ignition Key (CIK) support
Pre-Placed keys (Future Release)The Type 1 encryption provided by the Sectera In-Line Network Encryptor (INE) is part of the Department of Defense Defense in Depth strategy. Type 1 encryption is only one portion of the overall defense in depth. A comprehensive network Information Assurance strategy involving Defense in Depth is required to ensure secure and reliable protection for sensitive and classified information.
Sectéra is a trademark of General Dynamics.
Reference: http://www.gd-decisionsystems.com/sectera/ine/main.html
July 22/02