Organisations across the public and private sectors increasingly need to provide their employees with remote access to corporate data and applications from home or whilst travelling. However, sensitive information leaving the corporate network boundary must be protected from interception and attack, especially where sensitive personal or company data, intellectual property or national security are concerned. Moreover, a lost or compromised laptop PC could offer attackers a vector into the corporate network itself.
Ultra Electronics AEP Networks Net Remote encryptor is a hardware VPN (virtual private network) client that offers an exceptional level of assurance where security is paramount.
Key business benefits
Net Remote can be deployed as a stand-alone solution for remote access, or as a remote access adjunct to an existing site-tosite VPN using Net encryptors. Communications continuity and disaster recovery options are available. For mobile personnel, AEP Networks offers solutions integrated with our Ultra Communicate line of multi-bearer communications modules – please refer to our SecComm solutions for further details.
Unlike traditional software VPN clients, the security of which is ultimately dependent upon the underlying PC platform, Net Remote is a dedicated encryption device that operates completely independently of the user’s PC.
This makes it immune to the zero-day exploits that are discovered every month in PC operating systems, web browsers and other common software applications. Furthermore, Net Remote retains no sensitive key material whilst disconnected or switched off, so it has no special storage requirements and presents no particular security threat if lost or stolen. Once the user has authenticated to the Net Remote, it connects securely to the central VPN concentrator (provided by a Net 20M or Net 100M encryptor) and ensures that all data to and from the PC is constrained to this secure tunnel and fully encrypted. Net Remote offers high throughput and low latency to satisfy a wide range of demanding applications, including the use of voice and video. It can also play a vital role in emergency or disaster recovery scenarios where workers need speedy secure access to their corporate systems from home or a temporary location.
Net Remote can be used wherever there is a wired Ethernet connection available, such as with home broadband services, hotel networks, office LANs and satellite terminals. It provides a highly scalable solution with flexible configuration options, allowing organisations to maximise their ROI (return on investment) as their business needs evolve. It is supported by a sophisticated management platform, purpose-designed to facilitate rapid roll-out and system evolution, enabling user communities of all sizes to be managed from the centre.
Certified by the UK Government’s CAPS (CESG Assisted Products Service) up to Enhanced Grade level and approved by the EU Council to protect CONFIDENTIEL UE, the government versions of Net Remote use special algorithms to meet national policy requirements across a wide range of secure systems. For the private sector, the commercial version combines the strength of the public-domain AES encryption algorithm with the flexibility and ease-ofdeployment expected by enterprise customers.
Net Remote in operation
Each IP packet is encrypted in its entirety, encapsulated inside a new packet (based on the IPsec ESP tunnelling protocol) and sent to the concentrator, which extracts and decrypts the payload before forwarding it to the appropriate server. The encryptors generate the necessary encryption keys and exchange them securely using an asymmetric key exchange protocol; they also generate their own signing keys to provide source authentication. A customer-specific CA remotely certifies the public signing keys and issues CRLs (certificate revocation lists) based on X.509 PKI standards under the control of an authorised administrator. The VPN topology is centrally defined using AEP Networks sophisticated Net Policy Manager application, with configuration information being automatically pushed out to all the encryptors. This tool also provides a full range of device management, monitoring, auditing and accounting functions.
Network integration and management
|Sustained encrypted traffic throughput †
|Remote access users per concentrator
|Net 20M Concentrator: 100 (10 concurrent)
Net 100M Concentrator: 1,000 (100 concurrent)
|10/100 Mbps Ethernet
|10/100 Mbps Ethernet
|Operating: 5 to 40°C
|25 – 90% (non-condensing)
|0.9kg (including power supply)
|External, universal in-line AC power supply
100 – 240V, 50 – 60 Hz, 21 – 28 VA
|EN 60950-1, UL 60950-1, CSA 60950-1
CB Certificate (IEC 60950-1)
|EN 55022 Class B, EN 55024
EN 61000-3-2, EN 61000-3-3
FCC CFR 47 Part 15 Class B
|> 50,000 hours, based on British Telecom HRD5 standard
† Typical full duplex values – actual throughput and latency vary with algorithm and packet size