> From Firewalls-Owner @
GreatCircle .
COM Tue Nov 2 14:27:24 1993
> Date: Tue, 2 Nov 1993 09:59:36 -0500
> From: David Post <dep @
galileo .
siemens .
com>
> To: firewalls @
GreatCircle .
COM
> Subject: Ethernet data encryptors
> Sender: Firewalls-Owner @
GreatCircle .
COM
> Content-Length: 231
>
>
> Hi All
>
> I have heard rummors about ethernet data encryptors that can selectivly
> (on IP address) encrypt the data portion of a packet. Does anybody
> have any information on this type of product.
>
> Thanks
>
> Dave Post
> dep @
siemens .
com
>
Verdix (who has the only NSA B2 evaluated LAN product) also has a board level
product that replaces the ethernet/token ring card in your PC, SUN, RS/6000,
etc. that will selectively (based on IP address) encrypt (using
DES) TCP and UDP data portions of packets. On top of encryption it also
computes a MAC on the ip addresses, tcp ports/udp ports, and the tcp/udp
data portions of the packet. The MAC is recomputed and checked on the
receiving end and will only be given to the host if the MAC is computed
matches the MAC in the packet.
Note that since we are encrypting the TCP/UDP data portions of the packet you
can still use your current routers (CICSO/Wellfleet, etc.). Since
this device is also the network card you can continue to use your current
applications (since they never see that the packet was encrypted beacuse
it is decrypted before the destination host system has access to the packet).
If you want more information on this beast, you can contact Mary Lou Hensley
or Jack Moore (Verdix sales people for the secure products division) at
703-318-5800
Well enough of this sales stuff, I have to go back to work and create some
new security stuff :-)
Tim Williams
Senior Engineer
Verdix Secure Products Division
|
|
