RedCreek Personal Ravlin

The Personal Ravlin is a cost-effective network security solution. It addresses the needs of individual remote users who access corporations via cable, xDSL, and ISDN modems. It is also an ideal solution for network administrators who seek to establish private communications within a corporate intranet by providing security at the desktop level.

The Personal Ravlin is a single-user hardware client that provides full IPSec Virtual Private Network (VPN) capability in a small form factor (can fit in the palm of your hand). Its low cost lets organizations establish security over private or public IP networks quickly and easily. Security administrators can deploy the Personal Ravlin in a number of ways: within a corporate LAN; behind a cable, ISDN, or xDSL modem; or behind an access router connected to a full-duplex T1/E1 wide-area network (WAN) circuit. The Personal Ravlin can be configured by the administrator to support either a single tunnel or multiple simultaneous tunnels.

Security administrators use the RavlinNodeManager to set up and manage the Personal Ravlin.

The Personal Ravlin provides data privacy using industry-standard 56-bit DES and 168-bit Triple DES encryption. It provides authentication and access control with Digital Signature Standard (DSS), Diffie-Hellman key exchange, X.509 v.3 digital certificates, and IKE Key management. These security standards are part of the Internet Engineering Task Force (IETF) IP Security Standard (IPSec).

Features and Benefits:

IP Security Standard (IPSec):

IPSec is the most secure and comprehensive standard available today for encryption, authentication, key management, and anti-replay services. IPSec protocol interoperability lets Ravlin products exchange keys and encrypted communications with all other IPSec-compliant products, so customers can mix and match products from multiple IPSec vendors.

Encapsulating Security Payload (ESP) Tunnel Mode:

ESP Tunnel mode provides the highest level of security between gateways. The original IP datagram is encapsulated in a new IP packet using a new IP address as the source/destination of the packet. ESP Tunnel mode uses 56-bit or 168-bit DES encryption.

Encapsulating Security Payload (ESP) Transport Mode:

In ESP Transport mode, only the payload of the original IP datagram is encrypted. Like ESP Tunnel mode, ESP Transport mode uses 56-bit DES or 168-bit Triple DES. Personal Ravlin units also support authentication and anti-replay to secure IP datagrams without encrypting the data payload. ESP Transport mode uses hashing to ensure that the data stream is not modified. This mode is only for end-to-end communication.

Encrypt-in-Place (EIP) Mode:

In EIP mode, only the payloads of IP datagrams are encrypted. Like ESP mode, EIP mode can use 56-bit DES or 168-bit Triple DES. EIP mode is a RedCreek proprietary secure VPN technology. Although EIP mode is not part of the IPSec standard, it combines high speed with all levels of encryption.

Anti-Replay Service and Use of Unique X.509 v.3 Certificates:

The Personal Ravlin uses IPSec anti-replay services to ensure that rogue packets cannot be inserted into a Ravlin-protected data stream. With anti-replay service, each IP datagram passing within the secure association is tagged with a sequence number. On the receiving end, the datagram is blocked if its sequence number does not fall within a pre-specified window.

Ease of Implementation and Administration:

Integrates easily into existing networks through 10BaseT inputs and outputs
Secure download of product upgrades
Easy device management through industry-standard SNMP MIB II

Standards-Based Security and Management:

Complies with the security standards developed by the Internet Engineering Task Force (IETF) IP Security (IPSec) Working Group
Ensures information privacy using full 56-bit DES (Data Encry