Contact Legal Notice
english | deutsch
CorporateKnowledgeProductsSolutionsConsultingPartnerSupport
VPN-SystemsVoice EncryptionVoIP Interface-Cards
Sirrix.TrustedVPN HQ

Gehäuse.V1
Sirrix is the first vendor worldwide to combine ultimate security with extreme simplicity within a VPN solution thus setting a landmark for a change towards a 3rd generation in this technology.

 

The most essential innovations of the TrustedVPN-appliances are comprised of:

  • Hardware crypto-module for key generation and storage (TPM)
  • Trusted Boot based on hardware-based security anchor
  • Remote Attestation for integrity check of all relevant stacks
  • Sealed storage of firmware and configuration data
  • Central and foolproof management system

The implementation utilizes an integrated security chip, standardized as “Trusted Platform Module” (TPM). It acts as trust anchor and securely generates encryption key pairs and tamper protects reliably the private key part. Using the TPM as trust anchor enables the Trusted Boot implementation, making it impossible to manipulate the system’s software or to attack its integrity. Finally, the encryption of the firmware and configuration data of the appliance is perfectly protected by the TPM chip.

The Sirrix.TrustedVPN Boxes will autonomously establish their VPN tunnels according to the requirements derived from the central configuration data base. They provide as well certain router and firewall functionality and can optionally support mobile users employing a VPN software client. Finally they support an IPsec based connectivity mode for the connection with 3rd party VPN devices.

The Sirrix.TrustedVPN Box carries only extremely limited persistent configuration data. These are its own IP address, network mask and gateway address plus the Host name of the Sirrix.TrustedObjects Manager and the Sirrix Root Certificate. All other configuration data will be pushed down by the Management Console and be "lost" after any shutdown of the appliance.

 

   

Technical Data

  • IPsec protocol
  • Crypto-algorithms (default values):
    AES-256 encryption
    SHA-256 hash-procedure
    Diffie-Hellman KE (4096 Bit)
    RSA-certificates (4096 Bit) 
  • Dead Deer Detection
  • Perfect Forward Secrecy (PFS)
  • NAT-Traversal method
  • Support of dynamical IP-addresses
  • 4 x Gbit-Ethernet-Port
 Linie More Information:

 

 

 

 

 
© 2010 by Sirrix AG Anmelden