ECHINOPSSecurity for governmental and classified defense networks

Smarter, Safer

>

THALES160, Boulevard de Valmy, BP 8292704 Colombes Cedex, France

Tel: +33 (0)1 46 13 22 29Fax: +33 (0)1 46 13 22 97

e-mail:Security@fr.thalesgroup.comwww.thalesgroup.com

- 08/20

11 - Thale

s reserves the right to modify the technic

al characteristics of the equip

ment w

ithout notice

.

THALES offers a full range of services to support users in the equipment deploymentand use phases:

>>

• System and system integration• Training• Installation/deployment of the equipment• Extended warranty

• Software upgrades• Customer call centre• On-site technical support• Maintenance

A complete and flexible service offer

>> A technical offerSECURITY

Encryption Secret Defense (France), EU Secret, NATO Secret encryption algorithm IPSec tunnel mode

Services Authentication Integrity control Anti‐replay Security declassification of the equipment via emergency erasure and/or CIK (Cryptographic Ignition Key)

Filtering Protocol and address filtering Auto-monitoring and security alarm relaying Flow distribution according to class of service (QoS)

Key Management Key lifetime and crypto period monitoring Up to 1,000 keys simultaneously managed by device

PERFORMANCE CHARACTERISTICSRate 100 Mbps Full Duplex

Latency <450µs (compatibility VoIP)Tunnels Up to 1,000 simultaneous encrypted Virtual Private Network (VPN) without loss of performance (throughput, latency)

Up to 1,000 two-way security policies (pairs of IP addresses or address groups)Redundancy Crypto unit redundancy: High-Availabiility

ADMINISTRATIONSupervision Network security supervision by SNMP V3

Management Remote device control (configuration, revocation, emergency erase, etc.) Generation and conditioning of secret elements Automatic key management and renewal Alarm offset

Man machine interface Graphic definition of security policies Management of several topologies (library ready to use with the choice of an active topology) XML import/export of topologies

Capacity Up to 1,000 devices managed by the Operating Centre Three versions available: desktop, rack 2U or 3U, tactical

High availability Capacity of Operating Centre redundancy Synchronized operations with redundant encryptors

NETWORKSIPv4 and IPv6 IPv4 and IPv6 networks compatibility

Multicast Multicast stream protectionLow bandwidth Compatible with low bandwidth networks (sensitive network: frame size setup)

INTERFACESKey interfaces Smart card reader

CIK connector Injection port for black keys (DS-101) compatible with the Data Tactical Carrier (DTC)

Network interfaces Two wire interfaces (RJ45 connectors) or two optical interfaces 100Base FX Compatibility IEEE 802.3, Ethernet V2, IPv4, IPv6

Console port One serial port (RS232-C interface, Female DB9)Erasure One pushbutton for emergency erase (operational with or without power supply)

STANDARDSTEMPEST NATO SDIP-27 Level A (AMSG 720B)

Others ROHS, Radionuclide, Amiante, REACHCE ElectroMagnetic and Low Voltage Compatibility

ENVIRONMENTMTBF > 100,000 hours (real usage experience)

Dimensions 92 mmH x 260 mmW x 432 mmDWeight 3.6 kg

T° Storage -20 to +65°CT° In service 0 to 40°C

Humidity 10 to 90% to 40°CAltitude In service: 0 to 4,270 m

In storage: 0 to 10,700 mPower supply AC 100-220V/47-63Hz

Command Centre

ECHINOPS, jointly developed with the Direction Générale de l’Armement (DGA), the French armament procurement agency, offers all the security functionalitiesnecessary to modern applications deployed on the communication networks:

Videoconference, VOIP: MulticastDevice and Operating Centre redundancy, High availability H24

Rate guaranteed and resources optimization (QOS)Satellite links and constraint network (low bandwidth)Rapid deployment on a new theatre of operations(management of multiple topologies)

LOCAL PROTECTIONECHINOPS is designed to resist any type of attacks: High authentication of administrator accessSoftware integrity checkProtection against signals and electromagnetic incriminating radiance Intrusion detection and emergency clearing(inviolability)Security events logging

NETWORK PROTECTIONECHINOPS integrates all network security functionalities:Authentication of communications originStream encryptionIntegrity controlAnti-replayNetwork architecture masking

ECHINOPS Operating CentreWith its Operating Centre, the ECHINOPS system offers innovative functionalities:

Graphical interface, immediate and controlled secure links activation Secure key distributionOptimization and support to operator ‘s role decisionKey renewal without human interventionTopologies library ready to use, also in XMLAutomatic display of lost links

PersonalizationCentre

Key GenerationCentre

ManagementCentre

Security for governmental and classified defense networks

Operating Centre

The ECHINOPS system effectively protects against monitoring, alteration andintrusion threats on communication networks:

Reinforced IPSec security protocol100 Mb/s full duplexAccreditations: Secret Défense/ EUSecret in 2008/ NATO Secret in 2011Simultaneous processing IPv4 and IPv6

Internet connectivity (NetworkAddress Translation NAT)Kit update between versionsLocal administration on devicesor centralised