| |
 Home / Products / CipherOptics SG1001 |
|
| |
CipherOptics SG1001
Gigabit Ethernet Data Protection
Gateway
Securing IP traffic
Moving from private, leased lines to IP networks makes sense
for organizations looking to reduce costs while responding to
the need for increased bandwidth, caused by the convergence
of data, voice and video onto a single network. However, this
move makes your network more vulnerable to security breaches,
including eavesdropping, tampering and denial-of-service
attacks. IP was designed for resiliency and ease-of-use, not
security. Mitigating the risks and eliminating the
vulnerabilities of your IP transport network is the most
significant protection necessary for ensuring data
integrity.
Locking your data in
transit
Your firewalls, intrusion detection systems (IDS),
anti-virus software and other perimeter security technology
do their part in preventing many outside threats from
entering your network through your Internet gateway. But what
about your data—the core of your business—once it
travels from one site to another over an IP network? The only
way to protect that data is to encrypt it while in transit,
because even private lines are vulnerable to people with
access. The CipherOptics SG1001 network security appliance
protects data in transit between sites while it travels over
Gigabit-speed IP networks.
IPSec at Gigabit speed
Using IP Security Protocol (IPSec), the CipherOptics SG1001
network security appliance is the only solution that provides
full-duplex, Gigabit speed protection—all with virtually
no latency— providing safe passage for all of your
business-critical information, whether it’s data, voice
or ideoconferencing. And, because it is a purpose-built
appliance, it outperforms other encryption options, such as
multi-purpose devices and router acceleration blades, in both
price and performance. While these solutions may have
encryption capabilities, they also have side-effects, most
notably high cost, high latency, complex installation and
management, and they reduce network performance.
Fast, simple, transparent
Because it is an appliance and not a multi-purpose device,
the CipherOptics SG1001 makes network security simple. No
complicated network or router reconfiguration required. It
easily integrates into your existing network, without
consuming valuable netwok resources. With simple installation
and policy set-up, the CipherOptics SG1001 can be installed
in minutes, operating transparently to ensure that all of
your data in transit is locked down.
Security best practices for
regulatory compliance
By having the CipherOptics SG1001 integrate easily into the
network while at the same time being able to manage it
separately, you can build a robust security infrastructure
that will help withstand the scrutiny of a security audit. In
fact, it is an integral part of best practices to encrypt all
sensitive data in transit. The flexibility of the
CipherOptics SG1001 also makes it a valuable tool in ensuring
industry best practices for compliance with such regulations
as Graham-Leach-Bliley, California SB1386 and HIPAA.
| Technical
Specifications |
IPSec Modes
• Tunnel mode
• Encapsulated Security Payload (ESP)
• Authentication Header (AH) |
Encryption and Integrity
• AES: FIPS 197
(128, 192, 256 bit keys)
• 3DES: ANSI X.952 (168 bit keys),
standard CBC mode
• HMAC-SHA-1-96
• HMAC-MD5-96 |
|
Authentication and Key
Management
• Diffie-Hellman
groups 1, 2 and 5
• X.509 v3
digital certificates
• Digital
Signature Standard (DSS)
• Internet Key
Managerment (IKE)
• Manual keys |
Device Management
• Secure
management interfaces (CLI and browser)
• Out-of-band
management
• Secure download
of software updates
• SNMP v2c MIB
managed object support
• Optional
certificated authentication |
Network Support
• IEEE 802.3
• VLAN tages
• MPLS labels
• Jumbo frame support
• PMTU
• Dead peer detection
• Optical loss pass-through |
Performance
• Throughput: Up to 1.8Gbps full-duplex Gigabit
Ethernet with AES or 3DES
• Concurrent
IPSec tunnels: 8,000
• Security
Associations: 16,000 |
Interfaces
• Two full-duplex
Gigabit Ethernet ports with GBIC interfaces (single
mode or multimode)
• Management: 10/100 Ethernet and RS-232 |
Environmental
• Operating
Temperature: 0° to 40°C
• Operating
Humidity: up to9% non-condensing
• Operating
Altitude: -200 to 10,000 feet AMSL |
Physical
• Tamper-evident
chassis
• Footprint: 4" H x 17" W x 15"
D
• Rack mountable
in standard 19" rack
• Power:
115-240VAC @ 50/60 Hz, autosensing
• Weight:
10 lbs |
|
Regulatory
• Emissions: FCC Part 15 to Class B
Specifications, EN61000-3-2: 1995, EN61000-3-3: 1999,
EN61000-4-2 through 4-6, 4-11: 1995
• Safety:
IEC 60950 (UL), CSA-C22.2 No. 60950-00, EN 60950 for
the participating European nations, EN 90950 for all
country deviations |
Certification
• FIPS PUB 140-2
Level 2 validated |
|
|
Features
 |
Protect data in transit over untrusted IP networks |
|
|
High-performance, hardware-based AES & Triple-DES
encryption |
|
|
IPSec encryption (100 Mbps and Gigabit) |
|
|
Introduce virtually no latency |
|
|
Integrate transparently into existing IP networks |
|
|
Have received FIPS 140-2 Level 2 validation |
|
Application Note
Whitepaper
Datasheet
Related Products
 |
|
