Presentation is loading. Please wait.

Presentation is loading. Please wait.

EAGLE EAGLE - Functionalities Modular Ports : WAN PortSecured Port Twisted PairTwiited PairFX Multi Mode FX Single Mode FX Long Haul 1 RS232 Serial Port.

Published byJoel Charles Modified over 9 years ago

Similar presentations

Presentation on theme: "EAGLE EAGLE - Functionalities Modular Ports : WAN PortSecured Port Twisted PairTwiited PairFX Multi Mode FX Single Mode FX Long Haul 1 RS232 Serial Port."— Presentation transcript:

1

2 EAGLE

3 EAGLE - Functionalities Modular Ports : WAN PortSecured Port Twisted PairTwiited PairFX Multi Mode FX Single Mode FX Long Haul 1 RS232 Serial Port Serial Configuration Secure modem access Support of Autoconfigurations Adapter ACA11 Rest Button Reset Recovery Switch Eagle from Router mode to transparent mode

4 Redundant 24 V Power Supply (6-pin) Signaling Contact Din Rail mountable Operating temperature: 0°C - 60°C (temperature displayed in web interface) IP20, fanless redundant power supply 24 VDC indicator contact +24 V +24 V* EAGLE - Functionalities

5 Two Versions: EAGLE FW: Firewall EAGLE: Firewall w/VPN  Forwarding IP and ARP traffic only. Although it is possible to define multicasts statically, the nature of EthernetIP may render the Eagle unable to pass this traffic. EAGLE Family

6 Stateful Inspection Firewall Transparent Mode (multiclient & singleclient) Configurable Firewall Rules (95,000) Network Address Translation (IP Masquerading) 95,000 Rules can be created  Most often used rules shoule be defined first Plug-n-Play Operation EAGLE – Firewall Functionalities

7 Multipoint VPN VPN in transparent Mode IPsec DES Encryption IPsec 3DES Hardware Encryption with 168 bit AES Hardware Encryption with up to 256 bit Authentication with Pre-Shared Secret MD5, SHA-1 PPTP Point to Point Tunneling Protocol "Host to Host" & "Net to Net" tunnels using "Pre- Shared Secret" authentication methodology for "Eagle to Eagle" VPN's EAGLE – VPN Functionalities

8 "Host to Host" & "Net to Net" tunnels with X.509v3 Authentication certificates. Germany will provide X.509 certificates on request as well as providing secure storage of those certificates. L2TP/IPsec MS Windows VPN Client to Eagle Requires "Transport (L2TP Microsoft)" MS Windows VPN Client with Windows Update "L2TP/IPSec NAT-T" Requires "Transport (L2TP SSH Sentinel)" EAGLE – VPN Functionalities  Both of these methods also require the use of the X.509v3 Authentication certificates.

9 EAGLE – Management Basic Configuration via User Interface Web Interface Via HTTPS (Secure/encrypted Web page) SNMP v3 Encrypted Interaction Remote access is blocked by default and must be explicitly unlocked for access from the unsecured port. Save and load configuration both locally and remotely The relay state is a MIB variable. After a change of the relay state the Eagle send out a trap HiDiscovery Protocol DHCP Client or Server Time synchronization

10 Logins and passwords LoginPasswordSNMPv1SNMPv3 userpublicroro adminprivaterwrw IP configuration by Local via terminal or ACA HiDiscovery DHCP  Note: configurations are effective immediately! EAGLE – Basic Configuration

11 RS-232 unlock as third port explicitely Configure firewall rules for modem port Access to inner network only Maximum data rate:57,6 kbd EAGLE – Remote Access via Modem/RS-232

12 Update Via HTTPS Reset Afterwards: Press "R" Key for 1.5 seconds till status LED turns Yellow Web-Reboot The configuration is kept but new features are available EAGLE – Software Update

13 EAGLE – Limitations No Support for Rapid Spanning Tree No Support for VLAN's (Tagged packets Discarded) No Support for Prioritization No Support for X.509v3 Authentication Certificates Etherent IP multicasts not yet supported IGMP to be implemented

14 EAGLE - Models

15 EAGLE – FW Models

16

17 All packets forwarded to processor Only IP and ARP - depending on filters - forwarded Secure (trusted) net Transparent Mode

18 EAGLE needs IP address for management access from external (untrusted) network Limitation: no VPN in Multi Transparent Mode Secure (trusted) net Multi-Client Transparent Mode

19 Production cell as trusted net Access via dial-in per phone network - firewall only as protection network (remote access) trusted net Modem   Telecom network (remote access) DSL-Modems   Internet Production cell as trusted network Access via Internet - with VPN and firewall for protection trusted net Remote Diagnostics

20 2nd EAGLE as "dongle", with pre-shared secrets offering a simple solution n EAGLE's with identical secrets possible "dongle" Maintenance technician gets IP assigned via DHCP IP, IP per NAT mapped to trusted network DHCP IP trusted net network (untrusted) network (untrusted) Local Diagnostics

21 Application: Maintenance in Network Maintenance within a production network i.e. remote management of devices of the production cell EAGLE functions: DHCP server firewall Additional functions virus scanner should be installed on laptop production network Service PC service port firewall functions

22 Application: Separation Production from Backbone Separate production against office network and backbone office network firewall functions production network

23 Application: Secure Connection within Network 1 Secure connection between two production cells within a network Used function: VPN VPN – IPSec 3DES production network office network

24 Application: Secure Connection within Network 2 Secure connection between two production cells within a network Used function: firewall to production backbone firewall functions production network office network

25 Problem RSTP RSTP is not supported! EAGLE

26 Automation Network Internet risks Espionage - bugging of data Manipulation of data Interception of data Unauthorized Access to Network Remote User PC with Access to the Internet IP: xxx.yyy.zzz.ccc Robot IP: aaa.bbb.ccc.ddd Unsecure Remote Maintenance

27 Automation Network EAGLE Internet measures: VPN in Routermode mechanism: PPPoE DES 3DES AES Remote User Solution – Secure remote maintenance

28 Automation Network EAGLE Internet Remote User risks: Espionage Manipulation of data Unsecure access to automation network

29 Automation Network EAGLE Internet measure: Firewall mechanism: Access Rules Robot IP: aaa.bbb.ccc.ddd Remote User PC with Access to Internet IP: xxx.yyy.zzz.ccc Solution: Authorized access to end device

30 Factory 1 VPN Tunnel Internet Factory 2 Secure coupling of locations

31 Automation Network Office Network VPN Firewall Functions Secure coupling of production cells

32 Office Network Firewall Functions Automation Network Secure cell seperation

33 Automation Network Service PC Risk: Espionage - bugging of data Manipulation of data Unauthorized access - misuse External maintenance activity- Unsecure access to network

34 Automation Network Service PC Service Port with EAGLE measure: Firewall - Transparent Mode Mechanism: Access Rules Robot IP: aaa.bbb.ccc.ddd IP: sss.fff.bbb.ttt. Solution: Secure service port

Download ppt "EAGLE EAGLE - Functionalities Modular Ports : WAN PortSecured Port Twisted PairTwiited PairFX Multi Mode FX Single Mode FX Long Haul 1 RS232 Serial Port."

Similar presentations

DNA-A212 / DNA-A213 ADSL 2+ Modem/Router

DNA-A212 / DNA-A213 ADSL 2+ Modem/Router
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.

Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Wi-Fi Structures.

Wi-Fi Structures.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)

Similar presentations

Ads by Google