internet, land mobile radio and phone virtually anywhere
internet, land mobile radio and phone virtually anywhere

NERC CIP COMPLIANT SECURE HIGH SPEED SATELLITE COMMUNICATIONS FOR ELECTRIC UTILITY CRITICAL NETWORKS

 

 

TWO SECURE OPTIONS ARE AVAILABLE

 

OPTION ONE

This service bundles together our high speed satellite data service ( 15mbs download and 4 mbs upload ) with our Security Overlay Service. To provide "end to end" security for utilities "critical networks".

Unlike VPN services over satellite internet, our system does NOT slow down with the use of our Security Overlay. Our customers receive full data transfer speeds.

 

 

OPTION TWO

NERC CIP COMPLIANT SECURE HIGH SPEED SECURITY OVERLAY DEVICE

NO MONTHLY SUBSCRIPTION  IS REQUIRED FOR THIS DEVICE

 

 

3eTI’s EtherGuard® L3 (3e-636L3) is a Layer 3 industrial Information Assurance (IA) appliance designed to protect critical infrastructure facilities from internal or external cyber attacks. Its versatile security platform delivers 180 Mbps IPSec/VPN performance, while it’s optimized system size, weight, and power (SWaP) design makes it the ideal solution for industrial installations.

EtherGuard L3 is more than a traffic encryption device; it also provides protections such as port authentication, access-control, and application level packet inspection. Unlike competitors, designed for general enterprise applications, EtherGuard L3 is specifically designed to provide strong cryptographic defense-in-depth protection for IP connected PLC (Program Logic Controller) devices to connect to IP networks.

Machine-to-Machine (M2M) Network Authentication EtherGuard L3 supports certificate based 802.1X port authentication protocol, simplifying the device authentication inherent in an industrial network’s M2M communications. When installed together with a PLC, authentication of each PLC can be managed in the same way as a personal computer in a Federal or DoD network. Additionally, the utility network authentication service can be conveniently integrated with the DoD’s PKI authentication infrastructure.

Deep Packet Inspection (DPI) Advanced Cyber Security Generic firewall devices only filter industrial protocols based on TCP or UDP ports. Many virus and cyber attacks use the same open ports for industrial protocol to penetrate a network. The application level DPI in EtherGuard L3 can stop this “ride-on” traffic through the open ports while only allowing intended industrial protocols to pass through. In addition to filtering industrial protocols, EtherGuard L3 can filter specific commands within an industrial protocol. This DPI function offers addition layer of protection to isolate vulnerability contamination on one PC and prevent it from affecting the industrial control functions.

Powered by DarkNode Technology Utilizing 3eTI’s proprietary DarkNode® technology, EtherGuard prevents an attacker from sweeping the network and discovering any devices and services present, their quantities and type, and hides the architecture of DCS or SCADA controllers from view. DarkNode creates an invisible layer on EtherGuard’s WAN network port to any active attacks or scans. By creating a secure ‘information-dark’ protective barrier that obfuscates any devices or services behind it, it makes it ideal for sensitive or critical device applications where leakage could weaken security

 

 

 

 

 

 

 

3eTI Hardware Device Specifications

SECURITY FEATURES

  •              Layer 3 encryption and decryption 

  •              ACL (Access Control List) Function 

  •              Deep packet inspection (DPI), can currently 
support BACnet, Modbus TCP, OPC, EtherNet/ IP and DNP3 control protocols and inbound commands, as well as their origin 

  •              Certificate based 802.1X port authentication 

  •              Certificate based IPSec/VPN key negotiation 


SECURITY

  •              AES 256, 192, & 128 bit (GCM, CCM & CBC) 

  •              HMAC SHA-1/2 per-packet hashing 

  •              IKEv2 Key Exchange 

  •              NSA Suite B GCM 256 & 128 options 


CERTIFICATIONS

  •              Common Criteria EAL4 certified 

  •              FIPS 140-2 Level 2 validated 

  •              FCC Part 15.107/109 unintentional 
emissions, class A 

  •              MIL-STD-167-1A, Type 1 

  •              MIL-STD-810E, Method 514.4, Category 8 – 
Ground Mobile 

  •              MIL-STD-810E, Method 507.3, Procedure 
III - Aggravated 


MECHANICAL

  •              Din rail mount 

  •              4.35” x 4” x 2.45” 

  •              2.2 lbs 


ENVIRONMENTAL

  •              Operational temperature: -40° to +75° C 

  •              Storage temperature: -40° to +80° C 

  •              MIL-STD-167A 

  •              MIL-STD-461E 

  •              MIL-STD-810E 

  •              FCC Part 15 Class A 


INTERFACES

4 Ethernet 10/100/1000 BASE-T ports:

            »  Encrypted Black Port 


            »  2 Unencrypted Red Ports 


            »  Local management Port 


POWER

  •              Power over Ethernet (POE) through Black or Red ports 

  •              20-50 VDC power input 

  •              Power consumption 8 watts 


PERFORMANCE

IPSec/VPN throughput up to 180 Mbps

LED INDICATORS

  •              Power 

  •              Self-test 

  •              Alarm 

  •              Data activity 

  •              Keyed 

  •              Diagnose 


DEVICE MANAGEMENT

  •              Web Server / HTTPS 

  •              SOAP Web-service via UltraVision 


TOOLS & UTILITIES

  •              Over the network firmware upgrade 

  •              Over the network re-key 

  •              Remote & local device reboot 

  •              Secure zeroization to factory default state 


OPTIONS

Application-based firewall with DPI license

Contact Us Today!

Home Office:

Global Data Specialists
11257 Red Bluff Lane

Fort Myers, Florida 33912
 

E-mail: info@globaldataspecialists.co

Special Facebook Promotion

Like us on Facebook and be registerd for our montly giveaway!

Print Print | Sitemap
© Global Data Specialists