As enterprise networks go 'borderless' some networks need to remain secure, and separated into levels of classification...
from Top Secret to Unclassified. One Australian company is working to bring the benefits of anywhere/anytime/anydevice networking to Government Secure and Classified environments while maintaining network security compliance.
M5 Network Security (M5NetSec) is a division of M5 Networks Australia, a fully Australian-owned company established in 2003. Head quartered in Canberra, M5NetSec provide cyber security services to Defence departments and ministries, corporate entities, and governments. Beginning with a focus on IT consulting within some of most secure Australian government networks, M5NetSec has now embarked on an aggressive programme of Network Security product design which is already turning heads within the security industry.
In May 2011 M5 Networks attended the AusCERT2011 conference on the Gold Coast with a number of their new hardware devices, including the SCS-200 and SCS-400. These devices allow the connection of remote users to highly classified networks over unsecured ADSL, 3G, Wi-Fi and Ethernet connections. Utilising multi-bearer and multi-path redundancy, the hardware devices can be deployed in minutes and provide touch screen configuration for non-technical users.
The benefits of a simple to configure but highly secure remotely manageable device should not be underestimated. Whether it's the deployment of military personnel in a remote location with satellite upkink, access to classified networks from a Government minister via Australian residential ADSL2+ or a police site office for catastrophe management in the city, the ability to provide secure communications with multiple concurrent self-healing IP uplink paths in a ruggardised unit is impressive.
Built specifically for mobile users the SCS-200 allow one to four users access to highly secure, classified and unclassified networks simultaneously from anywhere in the world using multiple concurrent uplink networks via Wi-Fi, 3G, Satellite, Ethernet and ADSL.
Suitable for military, governmental and commercial use (the device is especially useful within utilities networks) the device is lightweight and rugged, has in-built suspicious and malicious activity detection capabilities, is crypto-agnostic, and can be powered by AC, DC or an inbuilt battery.
Two intuitive touch screen interfaces allow the end user to easily configure the system on-site without the need for expensive technical specialists, and the unit features an inbuilt GPS which allows for the physical tracking of the device itself.
By comparison the SCS-400 is a headquarters 'first-in' device with support for up to 150 directed connected users with a self-healing, self-forming IP meshed network utilising two embedded Cisco ESR-5940 routers, up to two security domains per case and concurrent connectivity options of Ethernet, BGAN Satellite, 3G (4G upgradeable), Wi-Fi (client and hotspot), ADSL, HSS and Cellular radio.
Catering for a large number of deployment scenarios, the SCS-400 provides optional capacity to run virtual systems such as email, file, WAN optimisation and other software on board via a dual core Intel i7 powered VMWare ESX environment. SSD disk arrays are also available in the platform, providing onboard storage capabilities within the ruggardised IP65-rated enclosure.
A number of hardware components make this device stand out, including the M5 developed mini-pci ADSL module and the LED port identifiers on the SCS-400. A consistent focus on simplicity in the software design and a professional robust feel to the products reflect the quality of these devices.
Further hardware development is in progress with the team prototyping both a smaller unit for single user deployments (SCS-100) as well as an innovative SCADA protection and intrusion detection device called ‘SPIDA’.
The SPIDA provides high-grade network security and encrypted VPN to often harsh SCADA environments with an array of in-built security features which includes an integrated Sourcefire Snort IDS. At only 600 grams the SPIDA includes an ADSL port, internal 3G/4G and Wi-Fi with optional external antenna. Three multi-role Ethernet ports provide both internal and external communications.
Clearly utilities environments would benefit from such a device, which also supports common SCADA protocols such as MODBUS (TCP) and OPC.