home » products » net » features and benefits
Net Features and Benefits

Network Integration

The equipment offers a 10 base-t Ethernet interface on the public network and a 10/100 base-t Ethernet interface on the private network and operates at Ethernet full wire rate. The IETF IPSEC standard ESP tunneling mode is used to provide packet level source identification and to hide private network structures, source IP address traffic volumes and to prevent attacks from the public network. The equipment appears as a network host on the public network, a router on the private network and the encryptor employs industry standard protocols. This means that the product set can be integrated into existing architectures seamlessly.

The use of an IETF standard transport protocol also allows the encrypted traffic to be routed across non-IP networks e.g. ATM, SMDS, Frame Relay, ISDN, Satcom, and Radio Links.

The product also provides DHCP bootp relay, Static and Dynamic source address NAT, secure SNMP and public and private network resilience protocols to assist integration into complex networks.

Management

The product set includes the cryptographic network management tools - UniCERT VPN Certification Authority - for authenticity certification, and the AEP Net Policy Manager for network configuration and control. These tools allow network managers to maintain high assurance cryptographic control of network membership (including central equipment registration and certificate revocation), and to manage Communities Of Interest (COIs).

Core Features

•		Built on ACCE technology
•		IPSEC Based IP Security Gateway
•		VPN operation - separates private and public networks
•		Both certificate and address based Community of Interest (COI) Management
•		Ethernet Full Wire Rate performance
•		PKI Infrastructure using Baltimore UniCERT and AEP Net Keyper HSM (optional)
•		Digitally signed certificate requests (Smart Card based initialization)
•		Automatic traffic key management using ISAKMP
•		Continuous Output Monitor for cryptographic integrity assurance (ED20M/EC20M)
•		Continuous Random Number Generation checks
•		Self Test Health Check on power-up
•		Secure Remote Management using AEP Policy Manager
•		Acts as a router to the private network and a host on the public network
•		Supports up to 1000 secure connections
•		10 base-t public and 10/100 base-t private Ethernet interfaces
•		Built on the tamper protective Crypto Kernel
•		Compromise control
•		Secure Audit and Accounting
•		NAT, DHCP and SNMP support
•		Small footprint allows desktop use and 19" rack-mounting
•		Integrated smart card reader, keypad, display

Flexible, Scalable, Resilient

AEP Net has been designed to integrate into an IP environment like any other IP network product (e.g. router). As it encrypts at the IP layer it can be used for any application requiring packet protocol protection.

"If it can be routed it can be encrypted"

AEP Net encryptors are being used to protect not only computer-to-computer communications but also Voice over IP (VoIP), Video over IP and CCTV data over any number of communications infrastructures including ISDN, ATM, E1/T1, Satcom and Wireless Ethernet Bridge transports.

The encryptor management is deceptively simple to operate given that the product is supported by very sophisticated PKI key management and encryptor management tools and can be used to administer networks of any size between 10 and 1000 units - even larger networks are possible depending on the network topography.

The product has been engineered to the highest standards for deployment on high availability and critical networks. Not only do units have a very long lifetime but there is also the option to deploy the units in resilient pairs. In resilient mode the encryptors maintain a heartbeat protocol across both the public and private interfaces and will swap to a backup unit whenever a data path drops. This can be used to supplement or in some cases replace routing protocols such as HSRP, RIP and EIGRP.

Private Network Defense

The use of ESP tunnels defends private networks against attacks from the public domain. The encryptor has been independently tested to defend against all known network attacks, including swamping.

Typical Network Architecture

The example shows all the components of an AEP Net encryption system. The encryptors protect communications between client sites and the server site, the configuration could be fully meshed or hub and spoke. A primary and backup resilient pair of encryptors is installed at the server site to guarantee continuity of service. The encryptor management center is connected to the WAN protected by an AEP Net encryptor in management mode.

Proven in Operation

AEP Net product set has been deployed widely to protect National and International scale networks in the UK and Europe. These implementations have proved the security, manageability, flexibility and robustness of the equipment.