Ravlin IPSec Card
Complete Windows NT 4 .0 Based Secured Communications Solution
Providing Integrated Hardware and Software Security Solutions for Secure Virtual Private Networking
(VPN)
RedCreek provides Windows NT 4.0 server users with the means to incorporate the latest network security
features quickly and easily. Secure communications over Intranets/Extranets and secure Remote Access are
easily implemented using the Ravlin IPSec Card for the Windows NT 4.0 Server platform.
The Ravlin IPSec Card advances the state of IPSec networking and server communications in two very
important and innovative ways. For the first time users can implement Internet Protocol Security Standard
encryption (IPSec) and authentication on an NT 4.0 Server or workstation. Also, this IPSec capability is
based on a new VPN form factor. All the functionality associated with RedCreek's standalone Ravlin 10 VPN
hardware device has been implemented on a PCI base card that is simply installed into an NT server just
like an Ethernet card.
Internet Protocol Security Standard (IPSec) is a framework of open standards for ensuring secure
private communications over public networks like the Internet. Based on standards developed by the
Internet Engineering Task Force (IETF) IP Security Working Group, IPSec is an industry-driven standard
that ensures confidentiality, integrity, and authenticity of an IP network. IPSec is a key component of
this standards-based, flexible solution for deploying a network-wide security policy.
The Ravlin IPSec Card allows private communications over any network, including the Internet, without
performance degradation. It turns an NT Server from a commerce web terminal server into a secure commerce,
secure web, and secure terminal server for VPN tunnels. It also allows NT-based firewalls to do both
thorough access control and IPSec encrypted tunnels from one platform.
Secure Intranets & Extranets
Ravlin IPSec Card
The Ravlin IPSec Card is a Network Interface Card (NIC) that can transparently encrypt, authenticate,
manage, and route datagrams over LANs and WANs. The VPN process allows private communications over any
network, including the Internet, without performance degradation. Electronic commerce servers can
outsource processor-intensive encryption and authentication. Terminal servers, network computers and
communication servers running telephony applications can use real-time encryption and authentication to
enhance privacy and reduce network usage costs.
Hardware encryption accelerates the encryption and decryption of sensitive data on servers, access
routers, and network computers. This makes it possible to encrypt and decrypt files on hard drives,
diskettes, or shared servers without the processing and network performance degradation usually associated
with encryption.
The Ravlin technology is based on IPSec standards developed by the Internet Engineering Task Force.
IPSec is an industry driven standard that ensures confidentiality, integrity, and authenticity of an IP
network.
Hardware
The Ravlin IPSec Card is based on the Ravlin CryptoCore™ technology and the Intel i960
processor. It provides 45 Mbps buffer-to-buffer speeds and uses a 10/100 Base-T Ethernet Controller. The
system image resides in flash memory, and can be remotely updated at runtime.
Software
The Ravlin IPSec Card uses standard off-the-shelf parts and standard security and network protocols for
future interoperability with other IPSec standard products. It is interoperable with the RedCreek Ravlin
4, Ravlin 10, RavlinSoft remote access client, and Ravlin RADIUS Authentication.
Secure Remote Access
RavlinSoft
The Ravlin IPSec Card is interoperable with RavlinSoft, a software client application that provides the
same security as a Ravlin hardware unit. RavlinSoft runs on Windows 95/98 or Windows NT
4.0. With the RavlinSoft client, remote users (such as mobile employees and telecommuters) can securely
access corporate resources using either public networks or existing corporate dial-up facilities. Like the
Ravlin IPSec Card, RavlinSoft follows the IETF IPSec security standards, using full 40-bit/56-bit DES and
168-bit Triple DES encryption, X.509 v.3 Digital Certificate Authentication, and Internet Key Exchange
(IKE) for key management.
Management
Ravlin Node Manager
The Ravlin Node Manager is an easy-to-use management and control tool for configuring, managing, and
integrating Ravlin products in an organization's network and security infrastructure. This tool provides
robust security management by allowing multiple levels of security among Ravlin hardware units and
RavlinSoft clients. Compatible with Windows NT 4.0, Windows 95/98, Ravlin Node Manager allows easy setup
and dismantling of secure intranets, extranets, and remote access clients through installation and
configuration wizards. From a single centralized location, network managers can manage Ravlin products in
an IPSec-compliant secure Virtual Private Network (VPN), checking the status of units and users and adding
or removing remote users. Network managers can also monitor traffic between units and modify existing
configurations. As a management tool, Ravlin Node Manager is complementary to standard SNMP managers like
HP OpenView for monitoring, displaying statistics, and sending alarms.
Features and Benefits
Performance
RedCreek's CryptoCore technology, along with the Intel i960, provides 45 Mbps buffer-to-buffer
encryption/decryption throughput.
Scalability
The I2O software specification enables off loading of processor-intensive tasks from the host, and ensures
ease of use and maintainability.
Privacy
40-bit/56-bit Data Encryption Standard (DES) and 168-bit Triple DES encryption algorithms are the most
widely adopted U.S. and international algorithms for encryption. Over 750 simultaneous
hardware-to-hardware connections are supported.
Authentication
To perform authentication across networks, the Ravlin IPSec Card uses X.509 v.3 digital certificates, a
widely accepted standard specified by the International Standards Organization (ISO). To verify the
identity of the sender, the card uses Digital Signature Standard (DSS) and Secure Hash Algorithm (SHA), in
conjunction with X.509 v.3 certificates. (DSS provides proof of authorship for digital signatures.)
Interoperability
To perform key exchange during the establishment of secure associations, the Ravlin IPSec Card uses the
Internet Security Association and Key Management Protocol, or ISAKMP. ISAKMP/Oakley is the mandatory key
exchange protocol specified by the IETF.
Strong Security
The Internet Engineering Task Force (IETF) IP Security Standard (IPSec) offers two significant features:
enhanced security and protocol interoperability. The customer can be certain that IP-based communications
passing over the network conform to the most secure and comprehensive standard for encryption,
authentication, key management, and anti-replay services. A Ravlin IPSec Card can exchange keys and
encrypted communications with any other IPSec-compliant products so customers can use multiple IPSec
vendors for multiple scenarios. RedCreek Communications, Inc. can provide a list of IPSec interoperability
partners.
Customer Support/Service
RedCreek provides service and technical assistance through its technical support center and exchange
programs. All RedCreek products are covered under a 12-month hardware and three-month software warranty.
Please contact our Webmaster with any questions or comments.
Copyright 1999, 2000, 2001 I.D.T., Inc.. All rights reserved.
