Stealthphone CryptoRouter

← Back

Stealthphone CryptoRouter

Stealthphone CryptoRouter

Stealthphone CryptoRouter

Cryptorouter MTT-GW provides security of secret and confidential information in corporations and state organizations (embassies, ministries of foreign affairs, governmental structures, police, financial area and medical institutions).

When secret and confidential information (voice, files, video, etc.) is transferred over the Internet between different offices of your corporation, it can be intercepted by malicious persons.

A super strong crypto hardware device – Cryptorouter MTT-GW combining several technologies (crypto security, firewall, etc.) is used to secure secret and confidential information.

Our company has developed Cryptorouter MTT-GW for guaranteed security of the information transferred over public communication channels (the Internet network).

Cryptorouter MTT-GW provides security of secret and confidential information in corporations and state organizations (embassies, ministries of foreign affairs, governmental structures, police, financial area and medical institutions).

When secret and confidential information (voice, files, video, etc.) is transferred over the Internet between different offices of your corporation, it can be intercepted by malicious persons.

CryptoRouter.jpg

A super strong crypto hardware device – Cryptorouter MTT-GW combining several technologies (crypto security, firewall, etc.) is used to secure secret and confidential information.

Our company has developed Cryptorouter MTT-GW for guaranteed security of the information transferred over public communication channels (the Internet network).

Cryptorouter MTT-GW’s range of software-hardware solutions consists of 4 devices: MTT-GW SA2/ SA6/ AM2/ AM8 designed for small companies (up to 10 persons) as well as corporations (from 150 persons) with different encryption speed (from 0,16 Gb/sec to 3,5 Gb/sec). Cryptorouter MTT-GW was developed for using in multi-service communication networks (to transfer voice, data, video, etc.).

In Cryptorouter MTT-GW the service data is transferred over the special channel in an encrypted mode which makes impossible interception of control by malicious persons’ equipment.

The special channel – is an additional logical communication channel created between two cryptorouters and encrypted on different keys, not on the keys where secret and confidential information is transferred.

That is why Cryptorouter MTT-GW is the most reliable security device capable to secure your information maximally effectively.

Crypto security of Cryptorouter MTT-GW is based on the key pair – a private key and the certificate of public key.

It means that to encrypt and decrypt information its own private key and the certificates of public keys of all devices, with which communication is established, are installed on every Cryptorouter MTT-GW.

Security of the transferred confidential information using Cryptorouter MTT-GW.

Secret information sent from one office is encrypted in Cryptorouter MTT-GW and transferred over the Internet network already encrypted.

In another office the encrypted information is received, decrypted using Cryptorouter MTT-GW and transferred to the recipient to the internal (local) network.

Therefore a maximum security of the transferred secret and confidential information is guaranteed -even if a malicious person intercepts information, he will not be able to use it as it is encrypted.

Corporate local network security using Cryptorouter MTT-GW.

Firewall and the system for detection and prevention of intrusions are used in Cryptorouter MTT-GW to secure confidential information inside your local network against of unauthorized access by malicious persons.

Firewall prevents hackers of intruding into the secured network while the system for detection and prevention of intrusions checks all the coming traffic for accordance to the defined rules and blocks the un-authorized traffic.

Advantages and main functions of Cryptorouter MTT-GW:

      • Traffic routing;

      • Crypto security of communication channels;

      • Integrity control of the transferred information;

      • VPN-server for remote clients access;

      • Firewall and network segmentation;

      • Separate service data channels;

      • Intrusion detection and prevention system.

The main advantage of Cryptorouter MTT-GW in comparison with competitors is creation of the special communication channel for transferring the service data.

In Cryptorouter MTT-GW the service data is transferred over the special channel in an encryption mode, which makes impossible interception of control by malicious persons’ equipment.

In addition, Cryptorouter MTT-GW is ideal for videoconference communication. 

Cryptorouter MTT-GW includes the range of software-hardware solutions characterized by different productivity and number of network interfaces with the same functional features. The basic range includes 4 hardware platforms. You can see in the table below a short comparison of their features.

SA6.png

AM8.png

AM2.png

MTT-GW SA2 is the smallest representative of the range which can be packaged with 1 or 2 Ethernet ports and is designed for connecting remote personal working places or small offices (from 2 to 10 persons) to the system of encrypted communication.

MTT-GW SA6 is a convenient solution for small and medium offices or small enterprises (up to 50 persons). MTT-GW SA6 has 6 Ethernet ports and provides productivity to 420 Mb/sec in encryption mode.

MTT-GW AM2 is a highly-efficient solution which can have up to 22 Ethernet ports. We recommend using it for connecting to the encrypted communication network of medium and big companys’ offices or medium size enterprises (up to 150 persons).

Thanks to the module construction of the chassis, MTT-GW AM2 can be packaged by different types of network interfaces (BaseT, SFP, SFP+) depending on consumer needs.

MTT-GW AM8 is the most highly-efficient solution in the range which provides up to 3,5 Gb/sec speed of information transfer in the encryption mode. MTT-GW AM2 has a module construction of the chassis and may be packaged by different types of network interfaces (BaseT, SFP, SFP+), with the whole number to 64 ports. We recommend to use MTT-GW AM8 for connecting to the encrypted communication network of big company’s offices and medium and big enterprises (from 150 persons).

All Cryptorouter MTT-GWs employ a wide range of functional capabilities providing high quality service for high-priority traffic, for example for videoconference communication. The main mechanisms guaranteeing quality service in MTT-GW are QoS, CoS, Policy-Based Routing (PBR), Shaping, Bandwidth. All of them provide a part of functional capabilities for high quality service and maximum efficiency. As a rule, it is needed to use several mechanisms simultaneously.

Apart of this, it should be noted that Cryptorouter MTT-GW is not responsible for the quality of videoconference communication. The quality of videoconference communication is formed of the features of channels used for holding a video conference, settings of all the network equipment where a signal goes through and settings of the videoconference communication itself. The main advantage of Cryptorouter MTT-GW in providing a secure video conference communication is the fact, that using Cryptorouter MTT-GW doesn’t have an impact on the quality of the video conference. Therefore, if the quality of a video conference was high initially, the security providing by encryption on Cryptorouter MTT-GW will not worsen its quality (if the features of communication channels are sufficient).

The equipment of MTT-GW range provides functionality for crypto security (encryption). To encrypt or decrypt information, the encryption keys should be installed on Cryptorouter.For its operating the equipment of MTT-GW range use a key pair – a private key and the certificate of a public key.

To encrypt and decrypt information the own private key and the certificates of all devices, the connection is established with, should be installed on Cryptorouter. How to get a private key and the necessary certificates of the public keys of other devices? For this purpose the infrastructure of public keys (PKI) should be developed in the network.

The main role of PKI is creating and distributing the key pairs. The process of a key pair development is the following:

A private key and a request for generation a public key are created on Cryptorouter. Then the request for generation a public key is transferred to the certification authority, where the certificate of a public key is granted.

The certification authority is a special software-hardware complex which is the part of PKI. As a rule, the certification authority is created on the central object. The main purpose of the certification authority is to create the certificates of public keys based on the requests, distribute and acknowledge validity of the created certificates.

The created certificates are sent to all the devices in MTT-GW network from the certification authority. For operating of MTT-GW equipment it is offered to use the MTT-PKI infrastructure of public keys, fully compatible with all the equipment of the range.

Functionality of Cryptorouter MTT-GW allows significantly increase the whole productivity of crypto processing using a crypto farm. The principle of cascading (parallel placing of several encryption devices united in one logical encryption channel with the help of MTT-GW devices with high efficiency of routing) is used to create a crypto farm. The crypto farm created in this way allows getting the total logical encryption channel with efficiency up to 100 Gb/sec.

Type of device

Cryptorouter with embedded firewall

Hardware platform, fulfillment

Desktop, RM 19’ – 1U, 2U, 4U

Design modularity

Depends on the hardware platform, the modules change ONLY interface configuration

OS environment

Own

Types of supported network interfaces

Ethernet 10/100/1000 TX/FX, Ethernet/SFP 10 000 TX/FX, SFP, E1

Maximum number of supported interfaces

Up to 64

Used IP stack

Own

Efficiency

Up to 12 000 000 pack/sec

Speed of traffic processing in encryption mode

Up to 16 000 Mb/sec

Speed of traffic processing in firewall mode

Up to 90 000 Mb/sec

Basic functionality of firewall

NAT, PAT, Statefull Firewall, IPSec NAT Traversal, Filtration – over protocols, addresses and sender/receiver ports, time, field TOS/DSCP, contain of data field (byte-by-byte comparison), status of connection, status of flag SYN

Used algorithms of crypto processing

Own, IPSec

Routing

Static, RIP, RIPv2, OSPF, BGP

Mechanisms of the service quality

QoS, CoS, Policy-Based Routing (PBR), Shaping, Bandwidth

Multicast delivery

DVMRP, IGMP, Protocol Independent Multicast sparse mode (PIM SM)

Supported services and protocols

ICMP, Telnet, SNMP, DHCP, DHCP-Relay, DHCP-Proxy, DNS, SNTP, HTTP, HTTP-Proxy, FTP, LLDP, mandatory marks MCBC

Diagnostic tools for measuring capacity and quality of the channel

NetPerf, IPerf, Agent SLA

VPN creation

GRE, GRE tap, PPTP, L2TP; DiSec (based on symmetric key system); IPSec (based on the public key infrastructure)

Control tools

CLI, WEB-interface, SNMP, SSH

Availability of proprietary protocols

DiSec, data transfer protocol between devices within the hardware cluster

Reservation

VRRP, hardware cluster with configurable time of switching of 2-5 sec

Performance monitoring of versions and configurations

Possible to install and store several OS copies, configuration storage is independent of OS, possible to choose the saved configuration for operating of device; Experimental launching of configurations with return to the saved one according to timer

Availability of IPS/IDS

Embedded

Capability of channel aggregation and load balancing

Bonding (Round robin, Automatic Source Destination, TCP Connection Source Destination, Destination IP Address, Destination MAC Address), Briging

Events recording and debugging

Tracing of datagrams, system protocols, alarm signal, mirroring, syslog, NetFlow

Have a question?

Submit your question on website and our specialist will call you back within 24-hours and answer your question. If you want to know more about our products, you can apply for a full-course training at your work place.

Submit question
Request training