Résumé du contenu de la page N° 1
®
Datacryptor Ethernet
User Manual
1270A450-005 June 2008
Résumé du contenu de la page N° 2
Datacryptor Ethernet User Manual Preface Page 2 THALES
Résumé du contenu de la page N° 3
Datacryptor Ethernet User Manual Preface Contents 1 Preface............................................................................................................................................5 Trademark Acknowledgements ............................................................. 5 Revision Status....................................................................................... 5 License Agreement and General Information.............................................. 6 Securit
Résumé du contenu de la page N° 4
Preface Datacryptor Ethernet User Manual Configure Dialog ...................................................................................... 43 Key Manager............................................................................................. 46 To commission a unit with the Commission button ................................. 46 Step 1: Installing a new Certificate Authority (CA)................................ 48 Step 2: Installing the authenticating CA:..........................
Résumé du contenu de la page N° 5
Datacryptor Ethernet User Manual Preface 1 Preface Trademark Acknowledgements Datacryptor is a trademark of Thales e-Security. ® ® Microsoft Windows XP and Windows 2003 are registered trademarks of Microsoft Corporation. All other logos and product names are trademarks or registered trademarks of their respective companies. ©2006-2008 Thales e-Security. All rights reserved. Copyright in this document is the property of Thales e-Security. It is not to be reproduced, modified, adapted,
Résumé du contenu de la page N° 6
Preface Datacryptor Ethernet User Manual License Agreement and General Information THALES e-SECURITY LTD. ("THALES") COMPUTER PROGRAM LICENSE AGREEMENT YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT (the "AGREEMENT"). FOR PURPOSES OF THIS AGREEMENT, “SOFTWARE” IS DEFINED TO INCLUDE COMPUTER PROGRAMS INTENDED TO BE RUN ON A WORK STATION, PC, OR SIMILAR MACHINE, AND INCLUDES THE CD-ROM OR OTHER MEDIA ON WHICH THE SOFTWARE IS CONTAINED. “FIRMWARE” IS
Résumé du contenu de la page N° 7
Datacryptor Ethernet User Manual Preface LIMITED WARRANTY The following limited warranty applies only to the Software and/or Firmware licensed hereunder. The hardware Machine is warranted pursuant to a separate Warranty set forth in the Machine documentation. The Machine documentation is contained on the CD-ROM, if any. During the first 90 days after receipt of the Software and/or Firmware by you, as evidenced by a copy of your receipt, invoice or other proof of purchase (the "Warran
Résumé du contenu de la page N° 8
Preface Datacryptor Ethernet User Manual The government agrees that it shall be bound by the terms and conditions of this license agreement, to the maximum extent possible under federal law. This license agreement, and the governments assent hereto, supersedes any contrary terms or conditions in other contract documents (such as any statement of work). EXPORT AUTHORIZATIONS You shall assume all responsibility for obtaining any required export authorizations necessary to export any Softwa
Résumé du contenu de la page N° 9
Datacryptor Ethernet User Manual Preface Security Advisory This unit is being shipped with a Universal Certificate Authority that is to be used for demonstration purposes only. USE OF THE DEVICE, AS INITIALLY CONFIGURED, IN AN OPERATIONAL ENVIRONMENT IS NOT RECOMMENDED. THALES e-SECURITY EXPRESSLY DISCLAIMS ANY AND ALL LIABILITY FOR DAMAGES, INCLUDING BUT NOT LIMITED TO CONSEQUENTIAL DAMAGES, RESULTING FROM USE OF THE UNIVERSAL CERTIFICATE OR ANY OTHER CERTIFICATE SUPPLIED BY THALES e-SEC
Résumé du contenu de la page N° 10
Preface Datacryptor Ethernet User Manual Contact Information SALES OFFICES Americas Europe, Middle East, Africa THALES e-Security, INC THALES e-Security LTD 2200 North Commerce Parkway Meadow View House Suite 200 Long Crendon Weston, Florida 33326 Aylesbury U.S.A. Buckinghamshire HP18 9EQ Tel: +1 954 888 6200 England Fax: +1 954 888 6211 Tel: +44 (0)1844 201800 Toll free within USA: Fax: +44 (0)1844 208550 +1 888 744 4976 e-mail: e-mail: emea.sales@thales-esecurity.com
Résumé du contenu de la page N° 11
Datacryptor Ethernet User Manual About This Document 2 About This Document Viewing this document in Adobe Acrobat PDF Viewer It is recommended that this PDF document is viewed at 100% size with text smoothing adjusted to suit your monitor. The viewing size is easily adjusted by the use of the Zoom toolbar; you may set 100% size, or simply click the Actual Size icon: Viewing at 100% will provide the best appearance of the images in this document. To change the appearance of the text, s
Résumé du contenu de la page N° 12
About This Document Datacryptor Ethernet User Manual This manual is organized into the following sections: Overview provides general information on the hardware and software. Background Information provides a brief introduction to the device and Ethernet Layer 2 technology and terminology. Installation describes how to install the Datacryptor Ethernet hardware and Element Manager Software. Connecting to Datacryptor Ethernet Units describes the main methods that can be used to connect th
Résumé du contenu de la page N° 13
Datacryptor Ethernet User Manual Overview 3 Overview The Thales Datacryptor Ethernet is a high speed, high bandwidth, integrated security appliance. The three models provide different transfer speeds; the 100 Mb Ethernet provides 100 Mbps, while the 1 Gig and 10 Gig Ethernet units offer encryption at Gigabit Ethernet Layer 2 transfer rates. The Datacryptor Ethernet units come in different case styles; the 100 Mb Ethernet and the 1 Gig Ethernet models are housed in a single unit height 19
Résumé du contenu de la page N° 14
Overview Datacryptor Ethernet User Manual Figure 3-3: Thales Datacryptor 1 Gig Ethernet Front Panel Figure 3-4: Datacryptor 1 Gig Ethernet Rear Panel Figure 3-5: Thales Datacryptor 10 Gig Ethernet Front Panel Figure 3-6: Datacryptor 10 Gig Ethernet Rear Panel Note: See The Front Panel LEDs in the Element Manager Reference section for full information on the LED indicators. Page 14 THALES
Résumé du contenu de la page N° 15
Datacryptor Ethernet User Manual Overview Product Features Installation Key management • Mount in any standard 19” rack • Diffie-Hellman key exchange or on a tabletop (groups 1, 2, and 5) Interfaces Encryption • The 100 Mb Ethernet has two • Advanced Encryption Standard RJ45 sockets for connecting to (AES): the Host and Network circuits FIPS 197 (256 bit keys) • The 1 Gig Ethernet and 10 Gig Management integrity Ethernet units have two SFP or • HMAC-SHA-1-96 (FIPS PUB 180-1): XF
Résumé du contenu de la page N° 16
Overview Datacryptor Ethernet User Manual Element Manager The Element Manager application provides a secure way to configure, manage, and upgrade the Datacryptor Ethernet. The program runs under various versions of Microsoft Windows operating systems. Please see the Software Requirements for a more detailed description of the environment required. The PC can connect to a Datacryptor Ethernet unit to manage it using the IP protocol over a standard 10/100 Ethernet connection. The PC can als
Résumé du contenu de la page N° 17
Datacryptor Ethernet User Manual Background Information 4 Background Information Datacryptor Ethernet Unit The Thales Datacryptor Ethernet units are high performance, integrated security appliances that provide encryption at high line speeds. The 1 Gig and 10 Gig Ethernet units operate at optical line speeds and have the added advantage that they can, over limited distances, use copper media. The device’s high-speed processing capabilities eliminate bottlenecks while providing data encryp
Résumé du contenu de la page N° 18
Background Information Datacryptor Ethernet User Manual Authenticate Management Data - The Datacryptor Ethernet uses the HMAC keyed hash variant of the SHA-1(Secure Hash Algorithm) to authenticate management data using SNMP v3. Security Terms Diffie-Hellman – Diffie-Hellman is a method for key exchange that allows two autonomous systems to exchange a secret key over an untrusted network without prior secrets. Diffie- Hellman groups define the strength supplied to the Diffie-Hellman calculat
Résumé du contenu de la page N° 19
Datacryptor Ethernet User Manual Installation 5 Installation This section will detail the installation of the hardware and software. Hardware installation is discussed first. Hardware Installation There are four steps in installing the unit: • Unpack the Shipping Carton • Mount the Unit • Connect the Cables • Power on the Datacryptor Unpack the Shipping Carton Remove all product components from the shipping carton and compare the contents to the packing list. Keep all packaging in
Résumé du contenu de la page N° 20
Installation Datacryptor Ethernet User Manual Airflow Make sure that there is sufficient flow of air around the Datacryptor so that safe operation is not compromised. Maintain a clearance of at least 3 inches (7.62 cm) at the sides of the Datacryptor to ensure adequate air intake and exhaust. If installing in an enclosed rack, make sure the rack has adequate ventilation or an exhaust fan. An enclosed rack with a ventilation system that is too powerful can prevent proper cooling by creating