Products.

Netgard™ Encryption Suite

Quick-to-Deploy Alternative to Type-1 for Secret & Below Environments

The Netgard™ Encryption Suite is a secure network product family designed to enforce a centrally-defined security policy for the flow, encryption, and audit of data packets transferred between network nodes. It utilizes NSA-approved Suite B encryption algorithms to provide security, while releasing the user from the logistical burden of traditional Type-1 solutions.


The Netgard Encryption Suite delivers a unique implementation of cryptographic technology with highassurance, policy-based enforcement for data protection and integrated security controls essential to threat mitigation in the network environment. It is an ideal solution for:

  • Rapid deployment situations
  • Unattended operations
  • High-risk environments
  • Commercial interoperability situations
  • Multiple security level networks & cross domain environments


The company’s Dynamic Communities of Interest (COI) products are the first to support a next-generation approach for building more flexible, mission-suitable, need-to-know capabilities into classified environments. The capabilities of the Netgard products allow COIs to be set up, modified and torn down, all in real-time -- enabling a highly flexible implementation of COIs in ever-changing environments.

Netgard Manager
The Netgard Manager allows administrators to define several key attributes within the environment such as labels, users, locations, COIs and data. The policies for the different attributes are checked as they are being submitted to ensure that they do not conflict with other policies established within the system. For example, if the user administrator added a user with the rights to view “U.S. Only” information, and the COI Administrator attempted to add that same user to a COI that contained Coalition data, the Netgard Manager would block this operation and notify the COI administrator that the user was not eligible for the particular COI. The Netgard Manager seamlessly integrates with Netgard hardware and software.

Features: 

 

IPMEIR Compliance (planned 4Q11)
  • FIPS 140-2
  • Common Criteria
IPSec VPN
  • AES-128/192/256, 3K-3DES algorithms
  • Packet authentication using HMAC-SHA-1/SHA-2/MD5
In-Band Dynamic Network Management
  • Agile Communities of Interest (COI)
  • Manage up to 500 devices
IPv4/v6
  • Support for v4/v6 translation
Less than 15 second boot time
Remote zeroize
Self-generated Key
Support for Over-The-Network-Keying
8000+ Security Associations
Benefits: 
  • Non-CCI: Releases users from the logistical burden of Type-1
  • Self-Generated Key: FIPS-certified PRNG creates symmetric keys, eliminating burdensome key management requirements
  • Dynamic Communities Of Interest (COI): Securely organizes network resources for the purposes of data sharing and communication on-the-fly 
  • Port Filtering: Controls which port/application connections are permitted
  • Protocol Filtering: Controls which network protocols are allowed for communications
  • Mandatory Access Control (MAC): Restricts access and propagation at the data level
  • Discretionary Access Control (DAC): Restricts who and from where the network object may be accessed
  • Dead Peer Detection (DPD): Determines if the connecting peer is still healthy
  • Object Reuse: Prevents the inadvertent release of residual data typically in unused fields or at the end of a packet buffer 
  • Identification and Authentication (I&A): Securely verifies the user’s identification and establishes authorization for access
  • Auditing: Monitors and records verifiable, security-relevant operations
  • Over The Network Keying (OTNK): Controls Pre-Shared Key (PSK) lifetime; at a user-configured time period, pushes new PSKs to all devices
  • Ease of Installation: End devices can be installed in minutes by untrained personnel 
  • Software Upgrade: Automated upgrade of multiple devices with no loss of keys or configuration
  • Dynamic Network Management:  Allows total control and instantaneous policy changes over all devices in the network
  • PKI Support: Supports CAC-based authentication and Non-Person Entity (NPE) X.509 certificates
  • Advanced VPN Features: Supports NAT-traversal and DHCP on all interfaces
  • Common IP Security Option (CIPSO): FIPS-188-compliant IP labeling support
Specifications: 

Product Specifications

  • Dimensions: 6” x 5.5” x 1.5” 
  • Weight: 2 lbs 
  • Power: 20 watt max 
  • Interfaces: 2x 10/100/1000
  • Base-T Speed: 300+ Mbps full-duplex