SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Hamburg Germany
SystoLAN
Industrial Security Appliance
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
SystoLAN
The smallest professionall solution on the marketExcelent performance
Low price
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Based on SystoLAN Gateway
Embedded computer
Power over PCI
Processor Intel IXP 4xx 266 / 533 MHz XScale with hardware encryption
2 x Ethernet (10/100 Mbit/s)
32 / 64 MB RAM
16 MB Flash
Auto MDIX
SystoLAN: Hadware
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Systola Secure Linux
Protected File System
Firmware consistency check
Hardware watchdog
Optical display
Firewall
VPN
Modes:
Router, PPPoE, PPTP, Stealth
Browser-based administration
SystoLAN: Firmware
DHCP server and Client DNS cache NTP Server and client SNMP compliance Dynamic DNS Syslog client
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
SystoLAN: Firewall
Stateful inspection NAT DNAT / SNAT Configurable rules Port forwarding SYN-flood protection PING-flood protection Anti-spoofing Firewall in stealth mode Firewall for VPN channels
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
SystoLAN: VPN
IPsec VPN (DES, 3DES, AES 128,192, 256) L2TP server (also for MS Windows clients) Preshared Key or X.509-Certificates VPN topology:
net to net net to host host to host
VPN for dynamic IPs VPN in Stealth-Mode NAT-T Throughput up to 70 Mbit/s (3DES or AES 256) VPN between overlapping networks
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
SystoLAN: Antivirus
Kaspersky Labs Scanning engine
Mail and Web traffic protection
Automatic pattern update
Optional component
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Stealth Mode
Automatic integration in network structures
Automatic configuration
Does not need an IP address
All services continue to run Firewall VPN Antivirus
Impossible to attack
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Firmware: Online Updates
Updates are available through Internet
Integrity check cares for error-free operation
Electronic signature check
Not sensitive to power failures
Update-management over Web-Browser
Direct updates over Internet
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Firmware: Offline Updates
SystoLAN Firmware UpdaterSystoLAN Firmware Updater
Uploading
File About
c:\SystoLan\Updates\version2.0
Source Folder:
?
Your Computer192.168.10.1
SystoLAN192.168.10.100
Your computer’s IP address ist set to 192.168.10.1Installation files are found in the source folderUpdate will now begin …Systolan requested an IP leaseLease issued: IP address 192.168.10.100SystoLAN requested install.p7sUploading install.p7sSystoLAN requested jffs2.img.p7sUploading jffs2.img.p7s
Protected file system
Not sensitive to power failures
Electronic signature check
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Performance for 266 MHz Processor
Tunnel, router mode Proto Direction Size DES 3DES AES128 AES192 AES256 TCP Send 64 28 29 29 29 28 TCP Send 512 29 29 29 28 28 TCP Send 1400 29 29 28 28 28 UDP Send 64 2,5 -g 188 2,6 -g 185 2,5 -g 188 2,5 -g 186 2,5 -g 188 UDP Send 512 20 -g 186 20 -g 186 20 -g 186 20 -g 183 20 -g 184 UDP Send 1400 54 -g 187 54 -g 189 54 -g 188 54 -g 187 54 -g 188 TCP Receive 64 41 41 41 41 41 TCP Receive 512 41 41 41 41 41 TCP Receive 1400 42 42 42 41 41 UDP Receive 64 3,3 -g 133 3,3 -g 130 3,2 -g 136 3,3 -g 136 3,2 -g 138 UDP Receive 512 26 -g 111 26 -g 90 26 -g 128 26 -g 128 26 -g 126 UDP Receive 1399 68 -g 67 69 -g 14 67 -g 120 68 -g 114 68 -g 113
Transport, router mode Proto Direction Size DES 3DES AES128 AES192 AES256 TCP Send 64 30 30 30 30 30 TCP Send 512 30 30 30 30 30 TCP Send 1400 30 31 30 30 30 UDP Send 64 2,7 -g 175 2,7 -g 175 2,7 -g 175 2,7 -g 175 2,7 -g 176 UDP Send 512 21 -g 173 21 -g 173 21 -g 173 21 -g 173 21 -g 173 UDP Send 1400 57 -g 173 57 -g 173 57 -g 175 57 -g 175 57 -g 176 TCP Receive 64 44 42 43 43 43 TCP Receive 512 44 43 43 43 43 TCP Receive 1400 44 43 43 43 43 UDP Receive 64 3,3 -g 135 3,2 –g 132 3,3 -g 138 3,3 –g 138 3,3 -g 139 UDP Receive 512 26 -g 121 26 -g 95 26 -g 130 26 -g 131 26 -g 129 UDP Receive 1400 68 -g 96 69 -g 20 68 -g 120 69 -g 113 69 -g 111
Transport, Stealth Proto Direction Size DES 3DES AES128 AES192 AES256 TCP Send 64 19 19 19 19 19 TCP Send 512 19 19 19 19 19 TCP Send 1400 19 19 19 19 19 UDP Send 64 1,5 -g 313 1,5 -g 315 1,5 -g 317 1,5 -g 317 1,5 -g 315 UDP Send 512 12 -g 312 12 -g 313 12 -g 315 12 -g 315 12 -g 315 UDP Send 1400 33 -g 315 33 -g 317 33 -g 320 33 -g 319 33 -g 320 TCP Receive 64 25 24 24 24 24 TCP Receive 512 25 24 24 24 24 TCP Receive 1400 25 25 24 24 24 UDP Receive 64 1,75 -g 275 1,75 -g 270 1,75 -g 275 1,75 -g 275 1,75 -g 273 UDP Receive 512 14 -g 258 14 -g 231 14 -g 267 14 -g 267 26 -g 264 UDP Receive 1400 37 -g 228 34 -g 192 37 -g 257 37 -g 253 37 -g 254
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Performance for 533 MHz Processor
Tunnel, router mode Proto Direction Size DES 3DES AES128 AES192 AES256 TCP Send 64 38 41 39 39 40 TCP Send 512 39 41 39 39 39 TCP Send 1400 39 41 39 39 39 UDP Send 64 4,3 -g 105 4,3 -g 105 4,3 -g 105 4,3 -g 105 4,3 -g 104 UDP Send 512 33 -g 104 33 -g 105 33 -g 105 33 -g 105 33 -g 104 UDP Send 1400 84 -g 100 75* -g 130 83 -g 100 83 -g 100 83 -g 100 TCP Receive 64 64 62 63 64 62 TCP Receive 512 64 64 62 63 62 TCP Receive 1400 65 64 62 62 63 UDP Receive 64 5,8 -g 67 5,7 -g 80 5,7 -g 70 5,9 -g 65 5,7 -g 67 UDP Receive 512 46 -g 50 46 -g 79 43 -g 60 45 -g 43 45 -g 52 UDP Receive 1399 91 77 * 91 91 91
Transport, router mode Proto Direction Size DES 3DES AES128 AES192 AES256 TCP Send 64 40 42 40 40 40 TCP Send 512 40 42 40 40 40 TCP Send 1400 40 44 40 41 41 UDP Send 64 4,4 -g 102 4,3 -g 100 4,4 -g 102 4,4 -g 102 4,4 -g 102 UDP Send 512 34 -g 102 33 -g 105 35 -g 100 34 -g 102 34 -g 102 UDP Send 1400 83 -g 100 76 -g 120* 83 -g 100 83 -g 100 83 -g 100 TCP Receive 64 66 64 64 64 64 TCP Receive 512 66 66 65 64 64 TCP Receive 1400 66 66 64 64 64 UDP Receive 64 5,8 -g 72 5,9 -g 65 5,9 -g 70 5,9 -g 70 5,9 -g 70 UDP Receive 512 43 -g 58 44 -g 30 44 -g 60 44 -g 58 43 -g 58 UDP Receive 1400 92 80 * 91 91 91
Transport, Stealth Proto Direction Size DES 3DES AES128 AES192 AES256 TCP Send 64 27 27 28 27 27 TCP Send 512 27 27 27 27 27 TCP Send 1400 28 28 27 27 27 UDP Send 64 2,2 -g 215 2,2 -g 200 2,2 -g 210 2,2 -g 210 2,2 -g 210 UDP Send 512 17 -g 215 17 -g 220 17 -g 215 17 -g 210 17 -g 215 UDP Send 1400 47 -g 215 46 -g 220 46 -g 220 47 -g 215 46 -g 220 TCP Receive 64 36 38 36 36 36 TCP Receive 512 37 37 36 36 36 TCP Receive 1400 37 37 36 36 37 UDP Receive 64 2,9 -g 155 2,9 -g 150 2,9 -g 160 2,9 -g 155 2,9 -g 155 UDP Receive 512 23 -g 140 23 -g 115 23 -g 145 23 -g 140 23 -g 135 UDP Receive 1400 61 -g 113 55 -g 60 * 60 -g 125 61 -g 115 61 -g 110
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Competitor Prices Comparison
Product SystoLAN 266 Mhz
SystoLAN 533 Mhz
Checkpoint Safe@Office 110
Netscreen 5XT
Sonicwall TZW
Firewall throughput (clear text)
100 22 70 75
VPN throughput (3DES)
40 75 3 20 20
Number of users Unlimited 10 10 25
Number of VPN Tunnels
2, 10, 250 (license model)
5 10 20
Price, € from 320 (PCI) / 420 (Gateway) 660 680 715
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Cisco PIX Prices comparison
Model PIX 501 PIX 506E PIX 515E PIX 525 PIX 535
Firewall throughput 20 100 188 330 1740
VPN throughput (3DES) 3 17 63 72 (155) 100 (440)
Number of users 10 50 N/A N/A N/A N/A
Number of VPN tunnels 10 25 2000 2000 2000
Price, € 490 690 1140 2870 7380 24600
Comparable to SystoLAN: – Sonicwall Pro 330 (75Mbit/s, 3DES), price 3600 € and Cisco PIX 515 / 525, prices 2800 € and 7380 €, respectively.
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
SystoLAN, Application Fields
Industrial network components protection
Remote control and support, ex. automation systems
Branch office connections over VPN
Point-to-Point protection in distributed networks
Common network protection in the Internet
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Application Specials
Security based on an independent hardware system
Specialized hardware solution for special applications
Client-independent
High VPN and Firewall throughput
Automatic configuration in Stealth Mode
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Hardware Solution Advantages vs. Software Solutions
Does not need to integrate into OS – no version problems
VPN for “exotic“ Systems (MSDOS, OS2, Windows NT etc.)
No drivers needed: black-box principle
Optional drivers for Windows and Linux
Security is not bound to a single system
Common security standard also when using different OSes in an Enterprise
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Typical Fields of Usage
Internet-Providers and Communication-Providers VPN services
Hosting-Providers Rack-security
Industry Area security for separate segments
Commercial and governmental companies Internal / external or distributed network security
System-Integrators Remote access for technicians and support
Health-care Connecting medical practitioners to the clinics
POS, lottery, etc.
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
ATM Bank
GSM/GPRS/UMTS Encryption
Leased Line
VPN gateway /Firewall
GPRS / UMTSnetwork
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
WLAN Encryption
LAN
WiFi
IPSec VPN tunnles
Internet
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Security in Industrial Fields
Car industry Machine building Suppliers Printing Companies etc.
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
POS Terminal will soon be complex multimedia devices with such interfaces as xDSL, WLAN, etc.
Requirements
Easy integration Secure data transfer High encryption standard
SystoLAN solution
Very small Hardened design Low cost
POS Terminal
POS – Important object with respect to security, often with access to / from a bank. This object needs to be protected.
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
SystoLAN: Industrial Firewall
Industry uses TCP/IP
Common Standard Uses Windows CE Connecting Back Office and Production
Problems
Not enough security Windows-security problem Viruses, hackers, espionage, etc.
Industrial Firewall Requirements
Cheap Industrial standards Real-Time processing High security standard Industrial control systems utilization
SystoLAN Solution
Very small size System-independent High performance SNMP High reliability
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
OEM Solutions
Development of special solutions Special function integration Your own corporate design
Special Applications
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Integration in other systems
Robots
ATMs
Ecological systems
Machinery
Integration into non-secured systems
WLAN and UMTS – surrounded computers
VPN over GPRS / UMTS: wireless connections for ATMs
Credit Card Terminals
SystoLAN as add-in Module
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
SystoLAN PCI
2 modes: Power over PCI and Ethernet adapter
Power over PCI In Stealth Mode connects to another Ethernet adapter Automatic configuration OS-independent – PCI is only used for powering Can be used as a router
Ethernet Adapter PCI is used to transfer data Drivers for MS Windows, Linux All SystoLAN functions are accessible
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Future Peek
New features (in development)
Certificate Management
Radius-Authentication
WLAN and GPRS support
Central management console
Traffic management (QoS)
POE (Power over Ethernet), for new Processors
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Conclusion
External connection security with firewall, VPN, Antivirus
Remote Access via VPN
Certificate-based Authentication
High encryption performance
Compatible with Cisco, Checkpoint, Netscreen etc.
Easy management
Excellent price/performance value
High ROI
Innovative technology
Hardware mobile firewall – power over USB
Stealth Mode
Dynamic DNS support
SystoLAN Security Appliance Systola Mühlenhagen 130 Hamburg Germany
Hamburg Germany
SystoLAN
Industrial Security Appliance