NEWS & EVENTS | CAREER | CONTACT | DEUTSCH
About us | Products | Competencies | Partner | Support
HOME Products Trusted Infrastructure TrustedVPN
TrustedVPN_perspektive
TrustedVPN_frontal
TrustedVPNL_frontal
TrustedVPNL_perspektive

Endpoint Security Trusted Infrastructure
TrustedDesktop TrustedObjects Manager TrustedVPN
TrustedVPN Voice Encryption Systems Digital Line Interfaces
Technical Data Data Sheet [PDF]

TrustedVPN

Worldwide Networking for all your sites and personnel

The need for interconnecting workstations has become evident for companies of every size. VPN technology (Virtual Private Network) enables the secure exchange of data and VoIP phone calls between various sites via the public Internet. This combines the advantages of open and widely-used TCP/IP architectures with the security of formerly used leased lines.

Security as top priority

The use of the Internet as a backbone for company-internal communication results in considerable economic gains due to the efficient usage of existing public infrastructures. On the other hand, it comes with severely increased risks regarding the authenticity of communication partners as well as the confidentiality and integrity of the data exchanged. Hence, uncomprimising security is a substantial criterion for any VPN solution.

The unique characteristics

The TURAYA.TrustedVPN solution has been developed with two principal design goals in mind:

  • Hard-edged security and
  • Foolproof administration.

TURAYA.TrustedVPN provides a comprehensive state-of-the-art security infrastructure as a ready-to-run and fully automatic solution. The danger of inadequate configuration settings disappears to a large extent.

When managing the system one can fully focus on the higher level of system-wide logical trust relationships between networks and users, rather than administrating individual devices and their parameter settings.

The architecture

The solution consists of three main components:

  • The TURAYA.TrustedObjects Manager as the central management server for configuration, monitoring and provisioning
  • The TURAYA.TrustedVPN appliance as a VPN-Gateway deployable in several variations at the individual sites
  • The TURAYA.TrustedVPN software client can be used by road warriors to access the corporate resources

The VPN appliances are designed as completely closed systems which are administrated solely from remote. For their initial commissioning a base configuration for their external network connection needs to be created in the TURAYA.TrustedObjects Manager. This data set can then with one click be exported as a signed file onto a USB storage device. Attaching this device once at the individual VPN appliance is sole operation required locally.

Once the VPN appliance has been connected to the network, it will setup a TrustedChannel to the TURAYA.TrustedObjects Manager which will take over full control of this appliance. The TrustedChannel is a mutually authenticated and encrypted link and the management system has additionally confirmed the integrity of the VPN appliance by means of a “remote attestation” process prior to accept this new link.

According to the configuration requirements of the management system the TURAYA.TrustedVPN appliances provide IPsec tunnels for a peer-to-peer connectivity to other appliances and can optionally accept access requests from mobile users on the basis of their IPsec software clients. All key material used to secure such communication links are always generated within the VPN appliances and certified by the management system.

Security anchored in hardware

The management system and the VPN appliances are equipped with an embedded TPM chip (Trusted Platform Module) acting as security anchor which is fully integrated in the overall system architecture up to and including the application level.

More specifically, the TPM implementation addresses within the appliances:

  • The secure storage of private keys within individual appliances such that these keys will never leave the security chip and hence, the trustworthy mutual authentication of VPN gateways vis-à-vis the management station using the integrated PKI procedures
  • The trustworthy system bootup by performing a hardware based prior check of the signatures inherent to all essential software modules
  • The intangible encryption of persistent configuration data and firmware components

As a result, the total system monitors itself continuously and prevents all manipulations, whether they are attempted remotely or locally.

NEWS

Secure Browser “Browser in the Box“ now available for free

bitbox
PRODUCTS
Endpoint Security
TURAYA.TrustedInfrastructure
TURAYA.TrustedVPN
Voice Encryption Systems
Digital Line Interfaces
LOGIN | IMPRINT
© 2013 by Sirrix AG