- Critical infrastructure is defined as the collection of public and private services that are essential to sustain government, provide for a safe living environment, maintain day-to-day business, and secure a prosperous economy. They include both public and private enterprise services such as; government operations, banking and finance, telecommunications, emergency services, gas and oil, electric and energy, water, and transportation. Presidential Directive 63
Growth in cyber threat activity is driving the need to enhance protection of data networks serving key national, state, and local infrastructure. To help meet these threats, the North American Electric Reliability Corporation (NERC) has developed Critical Infrastructure Protection (CIP) standards, and military organizations specific Information Assurance (IA) requirements. A major focus for those providing these networks is limiting access to only authorized personnel, and ensuring rogue elements are unable to intercept and exploit network operation.
Engage developed the IP•Tube CEP platform for circuit to packet network deployments with heightened security requirements.
The IP•Tube CEP meets these enhanced security requirements by incorporating an isolated management plane into the architecture of the widely deployed and proven IP•Tube circuit to packet transport product family.
Separating management and payload data processing into separate hardware processors creates a security perimeter inside the IP•Tube CEP that prevents unauthorized or rogue access to functions affecting the payload data.
IP•Tube CEP security features include:
- Administrative policies for adding, removing, disabling and renaming authorized users; limiting user access to assigned commands; and enabling only desired port numbers.
- User authentication directly by the IP•Tube CEP or in conjunction with TACACS+ or RADIUS servers including RSA SecureID support for trusted compliance.
- An SSH command interface encrypting management traffic with powerful 256 bit symmetric keys and NIST based passwords.
- Support of the SNMPv3 protocol for secure connectivity to SNMP element managers.
- In addition, administrative accounting data can be reported to syslog servers with accurate timestamps provided by an NTP source.