Scribd Logo
Upload

Welcome to Scribd!

  • Stealth Intro

    Uploaded by

    gary_stringfellow
    62 views28 pages
    The Unisys Stealth Solution is a transformational way to protect network data. It starts by using certified encryption, then bit-splits data as it moves through the network. Multiple Communities of interest can share the same network without fear of access.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The Unisys Stealth Solution is a transformational way to protect network data. It starts by using certified encryption, then bit-splits data as it moves through the network. Multiple Communities of interest can share the same network without fear of access.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    62 views28 pages

    Stealth Intro

    Uploaded by

    gary_stringfellow
    The Unisys Stealth Solution is a transformational way to protect network data. It starts by using certified encryption, then bit-splits data as it moves through the network. Multiple Communities of interest can share the same network without fear of access.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 28

    The Unisys Stealth Solution

    for Network

    Preserving right to know and need to know


    on whatever network is available.

    © 2009 Unisys Corporation. All rights reserved.


    The Original Problem

    Existing multiple WAN 1 DC 1

    networks
    • Complex DC 2

    • Difficult and expensive WAN 2


    to manage
    DC 3

    WAN 3

    Data Center GIG LAN Infrastructures Users

    © 2009 Unisys Corporation. All rights reserved. Page 2


    Stealth Consolidated Network

    DC 1

    DC 2

    LAN / WAN /Wireless

    DC 3

    Stealth
    Network Appliance

    Data
    • Confidentiality
    • Integrity
    • Availability

    Page 3
    What is the Unisys Stealth Solution?

    The Unisys Stealth Solution is a


    transformational way to protect your network data.

    It starts by using certified encryption, then


    bit-splits data into multiple slices as it moves through the network.

    But more than that, the Stealth Solution allows multiple communities
    of interest to share the same network without fear of another group
    accessing their data or even their workstations and servers.

    The result is a much simpler network infrastructure,


    increased agility to react to new opportunities,
    and enhanced security of your network data.

    © 2009 Unisys Corporation. All rights reserved. Page 4


    R2
    Security Group, Domain, or Community of
    Interest Defines Data Access

    1 3

    2 2 1 1 2 1 3 3 3

    Community of Interest 1 A community of interest can


    Community of Interest 2 be anything the customer
    Community of Interest 3 defines it to be.

    © 2009 Unisys Corporation. All rights reserved. Page 5


    Multiple Communities or Domains Can
    Safely Share Data

    1 3

    2 2 1 1 2 1 3 3 3

    Community of Interest 1
    Community of Interest 2
    Community of Interest 3

    © 2009 Unisys Corporation. All rights reserved. Page 6


    The Rest of the Devices Remain Cloaked
    from Unauthorized Eyes

    1 3

    2 2 1 1 2 1 3 3 3

    Community of Interest 1
    Community of Interest 2
    Community of Interest 3

    © 2009 Unisys Corporation. All rights reserved. Page 7


    Encrypt Everything by Community of Interest

    • Deploy a simplified consolidated network infrastructure that


    separates devices and data into communities of interest
    • Community of interest based on identity of individual or
    server, controlled by site’s identity management system
    • When a user’s role changes, change the identity
    management system, not the network configuration
    • FIPS 140-2 certified
    – “Under evaluation” for EAL 4+


    Stealth Delivers Defense-Level Encryption

    Clear text TCP/IP Packet

    Stealth Hdr … G(01000111) … Clear text

    … S(01010011) … Encrypt (AES-256)

    © 2009 Unisys Corporation. All rights reserved. Page 9


    Data Is Split at the Bit Level

    Clear text TCP/IP Packet

    Stealth Hdr … G(01000111) … Clear text

    … S(01010011) … Encrypt (AES-256)

    Parsed into slices

    … 100 … … 00 … … 111 …

    © 2009 Unisys Corporation. All rights reserved. Page 10


    Stealth Sends Data through the Network
    Encrypted slices
    … 100 … … 00 … … 111 …

    NIC

    Destination device
    NIC
    Parsed Intranet

    © 2009 Unisys Corporation. All rights reserved. Page 11


    Resilience

    • Stealth can be configured to add redundant data to the


    slices: M of N
    – The encrypted data is parsed into N slices, and it requires
    any M of them to restore the data

    – Each bit of the encrypted packet is added to more than one


    slice
    – Original data can be recovered with fewer than the total
    number of slices
    – Example: only need any 3 of 4 slices to recover the data

    Page 12
    Reliability / Integrity

    • Cryptographic Module : SecureParser® by Security First


    Corp.
    – FIPS 140-2 certified AES-256 Encryption
    – Unique patented bit-level splitting
    – FIPS certified authentication (SHA-1)
    • Insures record was not tampered with

    Stealth Bandwidth Implications

    • While Stealth adds some overhead to the network in order to


    provide its security and sharing features, in most environments
    Stealth will not have a significant impact on the network
    bandwidth available to either a user or a server.
    • When possible, Stealth combines all of the slices into a single
    packet which reduces overhead and does not change the number
    of packets on the network. Stealth does this only if M=N and the
    resulting slices all fit into a single packet.
    • In a typical network environment with 800 byte packet and 3 of 3
    parsing, Stealth will add about 20% overhead.

    © 2009 Unisys Corporation. All rights reserved. Page 14


    Sharing Is Simpler

    • Access policies and


    governance enhanced
    • Password rules remain as
    defined
    • Users restricted to only
    applications and
    services in assigned
    workgroup

    © 2009 Unisys Corporation. All rights reserved. Page 15


    Stealth Session Keys Are Self-Managed

    Stealth creates and manages Session Keys


    • Encryption-Session Key and Split-Session


    Key
    • Short term—for the current session only
    • Never stored in non-volatile memory
    • No key management actions required by
    operations
    Entire key process invisible to users

    © 2009 Unisys Corporation. All rights reserved. Page 16


    Sending an Open Session Request
    Over a Stealth Network

    Encryption
    Open Session Request Split Key
    Key
    AES-256 Encryption using Workgroup Key

    Encrypted Open Session Request

    Parsed using
    Workgroup Key

    Slice 1 Slice 2 Slice 3

    • The server attempts to regenerate and decrypt the open


    session request using each of its Workgroup Keys
    • Session success = same Workgroup Key = server attempts to open the
    reverse connection back to the workstation with a different pair of Session
    Keys
    • Session failure = Workgroup Key does not match = no response returned to
    the workstation

    © 2009 Unisys Corporation. All rights reserved. Page 17


    Simpler Provisioning Translates to Rapid
    Deployment

    Application

    OS
    7. Application Network Stack
    6. Presentation
    5. Session
    4. Transport
    3. Network
    2. Link
    Stealth
    1. Physical
    NIC

    © 2009 Unisys Corporation. All rights reserved. Page 18


    The Stealth Appliance Is Your Gateway to
    the Non-Stealth World

    Internet

    © 2009 Unisys Corporation. All rights reserved. Page 19


    Stealth Lowers Costs

    •By consolidating infrastructure, Stealth reduces the cost of


    acquisition, support, and the FTEs to manage them

    Stealth conserves

    • Space
    • Weight
    • Power
    • Heat Generation

    © 2009 Unisys Corporation. All rights reserved. Page 20


    Stealth in the DoD Network

    LAN / WAN /Wireless

    Stealth
    Network Appliance

    Data
    • Confidentiality
    • Integrity
    • Availability

    Page 21
    Commercial Network
    Stealth in the DoD Network l or
    y s ica
    h
    t ip le p
    u l
    t h m
    w i
    u e s s in
    i s s o r k a w s
    e t w , l
    Sam cal n e a r e a t io n s
    i l
    log ealth C l LAN / WAN /Wireless
    r e g u
    • H nanci n a w it h
    i io n c e
    • F ucat plia
    Stealth

    d com tices
    Network Appliance

    • E c
    t o p r a Data
    due b e s t • Confidentiality
    a n d • Integrity
    • Availability

    Page 22
    Server Outsourcing Today
    Customer A Unisys Outsourcing Facility

    Customer A
    Tier 1 Virtual Server
    Customer A
    Tier 2 Virtual Server
    Virtual Servers
    Customer B Customer B
    Virtual Server
    Customer B
    Virtual Server

    Customer A Customer B

    © 2009 Unisys Corporation. All rights reserved. Page 23


    Stealth and Server Outsourcing (Phase 1A)
    Customer A Unisys Outsourcing Facility
    Stealth Protected

    Customer A
    Tier 1 Virtual Server
    Customer B
    Virtual Server
    Virtual Servers
    Customer B Customer B
    Virtual Server
    Customer A
    Tier 2 Virtual Server

    Stealth Network Appliance

    Stealth Ensures:
    •Customer A can only communicate with Customer A Tier 1 VS
    •Customer A Tier 2 VS can only communicate with Customer A Tier 1 VS
    •Customer B can only communicate with Customer B Virtual Servers
    Customer A Customer B

    © 2009 Unisys Corporation. All rights reserved. Page 24


    Stealth and Server Outsourcing (Phase 2)
    Customer A Unisys Outsourcing Facility
    Stealth Protected
    Customer A
    Tier 1 Virtual Server
    Customer B
    Virtual Server
    Stealth Network Appliance Virtual Servers
    Customer B Customer B
    Virtual Server
    Customer A
    Tier 2 Virtual Server

    Stealth Ensures:
    •Customer A can only communicate with Customer A Tier 1 VS
    •Customer A Tier 2 VS can only communicate with Customer A Tier 1 VS
    •Customer B can only communicate with Customer B Virtual Servers
    Customer A Customer B

    © 2009 Unisys Corporation. All rights reserved. Page 25


    Security Risks Distract Organizations from
    Focusing on Objectives

    Need to

    • Promote sharing
    • Extend the enterprise
    • Strengthen agility
    • Ensure trust

    © 2009 Unisys Corporation. All rights reserved. Page 26


    Stealth Delivers the Right Information to the
    Right People at the Right Time

    •Protects data-in-motion for LAN, WAN, and wireless


    networks
    •Improves agility
    •Provides value and cuts costs

    © 2009 Unisys Corporation. All rights reserved. Page 27


    The Unisys Stealth Solution

    Questions?
    UnisysStealthSolution.com
    Stealth@Unisys.com

    © 2009 Unisys Corporation. All rights reserved.

    You might also like