Secure Systems Network Encryption Unit

The Network Encryption Unit (NEU) family of products are high-speed, RISC-based hardware devices that have been engineered to provide authentication, access control, data integrity and encryption services between nodes or work groups during the transmission of data over local or wide-area networks. All data traveling between secure nodes must go through an NEU at each end of the transmission. In the Semaphore system architecture, the NEU is a principal component of the Semaphore Network Security System (NSS). NEUs are able to secure multi-vendor networks consisting of PCs, VAXs, UNIX workstations, Apple Macintoshes, mainframes and printers. The NEUs recognize and simultaneously support most popular LAN Layer 2 and Layer 3 protocols including: TCP/IP, Xerox IDP, Novell IPX, Apple DDP, NetBIOS, NetBeui, DEC LAT and DECNet Phase IV (including VAX Cluster and PATHWORKS).

When the NEUs are added to a network, the user is not required to make any changes to other equipment or software installed on the network. The node-oriented Network Encryption Unit family consists of several models of Network Encryption Units, each one specifically designed to satisfy different security needs in an enterprise-wide network environment:

NEU-WG - is a work group encryption unit that protects a small group of up to 15 nodes on an Ethernet network.

Features of the NEU-WG

Security Services
Each Network Encryption Unit implements four security services:

  • Authentication: to confirm the identity of the source node and detect unauthorized nodes attempting to masquerade as an authorized source address.
  • Access Control: to prevent unauthorized network resource use, including limiting or preventing access via the network to file servers, printers, workstations, mail servers and communications services.
  • Data Integrity: by calculating encrypted data packet integrity check values to detect attempted attacks on data, or errors in the transmission of encrypted data.
  • Data Confidentiality: by encrypting the data using the Data Encryption Standard (DES) to prevent unauthorized data disclosure.

    Functional Description of the NEU-WG
    The NEU-WG is placed between the network and up to 15 nodes to be protected on an Ethernet LAN segment. The nodes can be PCs, workstations, servers, minicomputers, mainframes and printers. Data transmission to/from the protected nodes on the LAN segment is directed through the NEU-WG which is transparent to the network and the user of the protected node. The operation of the NEU-WG is managed by the Semaphore Network Security Center (NSC). The NSC is a software application that enables a network administrator to configure NEU-WGs, audit security-relevant events and set security parameters including: crypto periods, access controls and protocol filtering. Utilizing RSA public key technology, the NSC automates the key management and distribution process by sending unique access control information to each NEU-WG enabling them to generate and distribute encryption keys among themselves. Thousands of encryption keys are automatically generated and securely distributed without operator or user involvement. The NSC permits the network administrator to choose from three levels of protection for each NEU-WG; from Level I securing only defined connections, to Level 3 securing all data transmission through the NEU-WG. Configuring the NEU-WG to the network requires that certain operating parameters be invoked on the NEU-WG front panel, which consists of:

    The LCD panel allows the network administrator to immediately recognize the operational status of the unit. Utilizing an internal program, each NEU-WG has a front panel key option which enables local administrators to initiate diagnostics on the NEU-WGs in their area of responsibility. In addition, an administrator is able to perform normal network maintenance and see all packets in the clear by temporarily disabling data traffic to or from an NEU-WG using a crypto ignition key.

    Compliance with Standards
    The Semaphore Network Encryption Unit family uses the two leading cryptographic standards:

    The use of RSA and DES ensures that the NEU provides maximum protection for the end-to-end transmission of data. The NEU could accommodate other cryptographic algorithms to meet global market demands.

    Flexible Support and Training
    Wang Laboratories provides tailored support programs designed to meet customer needs. Training programs to provide customized instruction are available at the customer's site, or at Wang Laboratories, Inc. facilities.

    NEU-WG Specifications

    Wang Federal, Inc.
    MCLEAN, VIRGINIA 22102-4299
    TEL (800) 356-4038

    Wang Federal, Inc., reserves the right to change specifications without prior notice. Copyright 1995 Wang Federal, Inc.