The eXMeritus HardwareWall secure data transfer system is an off-the- shelf, cross domain solution used for interconnecting systems at different classification levels, from TOP SECRET//SCI//SAP to Unclassified, including the Internet.

sealuncheonΔιακομιστές

9 Δεκ 2013 (πριν από 3 χρόνια και 9 μήνες)

191 εμφανίσεις

Benefits:
• Supported in SELinux®
• Highly configurable and modular
• Allows interconnection of multiple classifications, programs, compartments and dissemination
controlled (NOFORN, REL, etc.) networks
• Rapid deployment of a proven system
• Easily integrated into existing systems and workflows
• Cost competitive to fit within budgetary constraints
• Allows local development of rule sets and integration of applications
• Complete solutions incorporating content review, data labeling, MAC, RBAC, audit and high-speed
one-way transfer using 10Gb Ethernet
Applications:
• File Transfer
- Secure data transfers from high to low, low to high, bi-directional
- Automated format and content review
- Digital signatures
- Third party utilities (e.g. virus scanning)
• Streaming data transfer
- Secure data transfers from high to low, low to high, bi-directional
- Automated format and content review
- Signed records or messages
Capacity:
• High-speed data transfer using commodity servers
• Multiple methods to achieve very high speed
- Scales by replication
- Scales by CPUs and interfaces
- Demonstrated ability to stripe across multiple channels
Hardware/Software:
• The HardwareWall is server independent
- Recommend Intel or AMD based platforms for fixed facility implementation
- 1-6U per server, 1-6 servers per implementation
- 2U bi-directional PL-5 appliance
- 1U 3-level bi-directional PL-5 appliance
• Can be customized based on your need and security requirements
• Operating System
- Deploys on operating systems supporting SELinux® (e.g. Red Hat Enterprise Linux®
or Debian®)
The eXMeritus HardwareWall secure data transfer system is an off-the-
shelf, cross domain solution used for interconnecting systems at different
classification levels, from TOP SECRET//SCI//SAP to Unclassified,
including the Internet.
Combining physical one-way transfer, mandatory access control, data labeling, content
review and multiple proxies, eXMeritus HardwareWall has been certified and successfully
deployed for high to low, low to high and bi-directional data transfers.
eXMeritus HardwareWall based solutions are certified and accredited at Protection
Levels 3, 4 and 5.
EXMERITUS HaRdWaREWaLL
®
SECURE DATA TRANSFER SySTEM

Business Processes Supported:
• Transfer Capabilities
- Push/Pull/Replicate/Broadcast
 - Bi-directional Flow, High to Low One-Way,
Low to High One-Way and within similar
classifications
• Cross Domain Service Implementation
• Drag/Drop
• Cut/Paste
• Proxying
Protocols Supported:
• Physical Layer
- 10/100/1000 Ethernet and 10 Gb Ethernet
- Serial (RS-422)
• Network Layer
- IP v4, IP v6 and IPsec
• Transport Layer
- TCP UDP
• Session Layer
- SSL and TLS
• Remote Layer
- SSH and Sockets
• File Services
- FTP, SCP, TFTP, SFTP, GridFTP
• Web Services
- HTTP and HTTPS including XML and SOAP
• Other
- SNMP, ICMP, NTP, XMPP
Data Formats and Interfaces
Supported:
• Data Formats
- Innovative and extensible content review
engine supports the transfer and review of
structured and unstructured data formats
including .DTD, .XLS, .NTF, .PDF, .TFD,
.WAV, .XML, .DOC, .TIF, .RTF, .TXT, .NITF,
.PPT, HDF4, HDF5, .TAR, .GZ, .ZIP, .BZ2,
.JAR and others
Certification and Accreditation:
• Department of Defense and Intelligence
Community systems accredited by multiple
agencies
• Meets IA Control requirements
• A Unified Cross Domain Management Office
Baseline Solution (approved for reuse)
Functional Capabilities:
• Content Scanning
- Supports Dirty Word Search
- Field Type Check
- Field Content Check
- Reliable Human Review Tools
- Content Filtering
- Virus Detection
- Digital Signature Verification
- XML Schema Verification
- Downgrade/Relabel of XML
- Third Party Content Filter
- Parse and release based on classification
tags
- File Type Check
- Data Integrity Check
• Non-Repudiation
- Implements non-repudiation through
verification of digital signatures for data
and two-sided certificate-based server
authentication
• Encryption
- Supports IPsec, SSL, TLS, HTTPS, SSH
and SFTP encryption
- Supports multiple encryption methods (AES
and RSA recommended)
- Uses OpenSSL software-based encryption
- Supports encryption of data at rest and in
transit
• Fail Safe
• Hardened OS
• Least Privilege
• Integrity Verification
• Failed Delivery Notification
• Rejected Data Manual Override
- Allows signed rejected data to be
resubmitted for signature-based override
• Flexible Data Labeling Formats
• Network Address Translation
• System Administration
- Supports local and remote Privileged User
access for User Account Management,
Creation and Update of Rules, Activation
of Rules, Configuration of Error Reporting,
Configuration of Audit, Audit Review
- Uses Role-Based Access Control,
Mandatory Access Control and
Discretionary Access Control
- SNMP Notification
- Remote Logging
• Auto log rotation
• Auto failover
• File identification
• Archive content scanning
• Signatures
- JAVA
- .JAR
- XML
HaRdWaREWaLL DESIGN
www.exmeritus.com


Product Information: 888-775-4390
sales@eXMeritus.com
BOEING is a trademark of Boeing Management Company.
eXMeritus HardwareWall® is a trademark of The Boeing Company
Linux® is a trademark of Linus Torvalds.
Fedora®_ and RED HAT® are trademarks of Red Hat, Inc.
Debian® is a trademark of Software in the Public Interest, Inc.
Copyright © 2010 Boeing. All rights reserved.
232341
Collateral
SCI Compartments
SaP Programs
REL/FGI Foreign
Other
Collateral
SCI Compartments
SaP Programs
REL/FGI Foreign
Other
U.S. Persons data
State, Local, Tribal
Federal Civil
Law Enforcement
Commercial & Licensed
Foreign
PL-3/PL-3
Annex e
PL-4
PL-5
PL-5 SABI
PL-5 SABI
PL-5
PL-4
PL-3/PL-3
Annex e
PL-2 OR
eQUIVALenT