Bridge GUI Guide: Introduction
2
Each software version of the Fortress Secure Client is covered
in a separate Fortress
Secure Client user guide.
1.2 Network Security Overview
Network security measures take a variety of forms; key
components include:
Confidentiality
or
privacy
implementations prevent
information from being derived from intercepted traffic.
Integrity
checking guards against deliberate or accidental
changes to data transmitted on the network.
Access control
restricts network access to authenticated
users and devices and defines resource availability and
user permissions within the network.
1.3 Fortress Security Systems
Fortress applies a combination of established and unique
methodologies to network security.
Fortress’s Mobile Security Protocol (MSP) provides device
authentication and strong encryption at the Media Access
Control (MAC) sublayer, within the Data Link Layer (Layer 2)
of the Open System Interconnection (OSI) networking model.
This allows a transmission’s entire contents, including IP
addresses, to be encrypted.
NOTE:
New releas-
es may still be in
FIPS 140-2 Level 2-vali-
dation process. Contact
your Fortress represen-
tative for the current
FIPS certification status
of Fortress products.
Fortress security systems also employ and support standards-
and protocols-based network security measures, including
RADIUS (Remote Authentication Dial in User Service), WPA
(Wi-Fi Protected Access) and WPA2, IPsec (Internet Protocol
Security), and NSA (National Security Agency) Suite B
1
cryptography.
Fortress security systems can be configured to operate in full
compliance with Federal Information Processing Standards
(FIPS) 140-2 Security Level 2.
1.3.1
Fortress Bridges and Controllers
Fortress hardware devices include the ES-series of Fortress
Bridges and the Fortress Controller (FC-
X
) and may be
collectively referred to as
Bridges
,
Controllers
or
Controller
devices
. The ES820 Bridge is also known as Fortress's
Vehicle
Mesh Point
. The ES440 Bridge is also known as an
Infrastructure Mesh Point
, and the ES210 Bridge is also known
as a
Tactical Mesh Point.
1. Suite B specifies only the cryptographic algorithms to be used. Many factors determine whether a given
device should be used to satisfy a particular requirement:
the quality of the implementation of the crypto-
graphic algorithm in software, firmware or hardware;
operational requirements associated with U.S. Govern-
ment-approved key and key-management activities;
the uniqueness of the information to be protected (e.g.
special intelligence, nuclear command and control, U.S.-only data);
interoperability requirements, both
domestic and international. The National Security Agency may evaluate Suite B products for use in protecting
U.S. Government classified information on a case-by-case basis and will provide extensive design guidance
to develop products suitable for protecting classified information.