®
VPN SECURITY SOLUTION
MADE IN SERBIA!
VPN SECURITY SOLUTION
Purpose
Tesla BOX® is VPN device dedicated for industry and
energetic (secure industrial data transmission through
public infrastructure), military, police and the government
institutions - in the country and abroad (ministries,
departments, embassies, consulates.. ).
Description
Tesla BOX® is „dual redundant“ WAN/VPN router dedicated
to network traffic, where the traffic is routed according to
rules defined by the user. The device is used to connect
immovable as well as movable units (institutions, offices and
vehicles) in a unique network over the Internet, with a high
level of data protection in transfer. It can be set up (even
recommended), in conditions where there is already a
certain level of protection, as additional security level
under the complete user control!
Application area
The device is used to create highly protected dedicated
computer connections through public infrastructure with
secure connection (GPRS, Satellite connection, Radio
transmission).
VPN SECURITY SOLUTION
Characteristics
• „Diskless“ device, resistant to vibration and shockproof;
• With natural cooling through chassis, without fan and
other electromechanical parts, resistant to dust and
high/low temperature;
• Small size, extremely lightweight, easy to install and
transfer;
• 12V-220V for installation in portable/stationary systems;
• Support for multiple independent VPN connections on
each of the routes, support for OpenVPN connections,
support for IPSEC VPN connections, support for the work
in DUAL VPN mode with automatic switchover to backup
connection if the primary is disrupted;
• Comes in server and client versions. One Tesla BOX®
server can support as many Tesla BOX® clients as much
as hardware configuration permits, so it is adaptable to
the specific customer requirements.
• Optionally supports WiFi, 2G/3G/LTE connectivity
VPN SECURITY SOLUTION
Hardware configuration – client
- Processor: quad-core 64bit 1GHz
- Memory: 2-4 GB DDR3-1066 DRAM
- LAN: 3x1 Gbit lan network
(1 LAN direction and 2 WAN directions – up to 1Gbit-sec)
Hardware configuration - server
Adaptable to the specific customer requirements.
Protection level
- 512-8192 bits – asymmetric key („OpenVPN encrypted“)
- 256 bits – symmetric keys for package protection
by algorithms (AES-CEMELLIA...).
Specific characteristics
- Possibility of „backdoor“ closing, „source code“ insight on
demand (unique on the market)!
- Installation in the vehicle!
- Automatic switching from one to another transmission
route!
VPN SECURITY SOLUTION
Software interface
• Tesla BOX® routers (client and server) use Linux
operating system, Kernel version 3.8 (currently).
• Administering Tesla BOX® router is controlled via built-in
web interface in Serbian and English (expandable
languages on demand).
• Web interface can be used for configuring the following
options:
- Routers monitoring, operating time, CPU utilization…
- Network LAN configuration (ip address, netmask,
gateway...)
- StartUp service configuration
- Firewall configuration
- Virtual servers/Port forwarding configuration
- Additional firewall configuration
- Configuration of static network direction (route)
- DHCP configuration
- OpenVPN configuration
- IPsecVPN configuration
- Network connections validation…
VPN SECURITY SOLUTION
Protection level analyses
• There are several public algorithms from OpenSSL
community. Mathematically, they can be breakable for
unlimited time and with infinitely processing capacity.
In practice, the asymmetric keys less than 1024 bits can
be penetrated, on a dedicated super-computers, for a
period of several days.
• So far, the breaking of 2048 bits asymmetric key, on the
existing super-computers, has never been recorded.
• The time needed for breaking symmetric keys (for
package protection of 256 bits) is several years after a
sequence.
• In case of Tesla BOX®, the sequence are, via the user
interface, determined by time, number of packets or
bytes quantity (arbitrarily).
• More analysis on this topic are listed via link:
http://www.highwalltech.com/1024bit-2048bitand-4096bit-root-keys/
VPN SECURITY SOLUTION
Traffic degradation
At 1Gbit-sec links (degradation of speed transmission is a result of
the encryption and increased volume of data):
TEST:
• At MTU – 1500 bytes, measured speed communication are:
- Without protection - 50MBps (~400Mbps)
- Classic SshCP (strong encryption) - 13.5-14.0MBps (~200Mpbs)
- OpenVPN encrypted (2048bit key) -7MBps(~60Mbps)
• For slower connections, below 70 Mbit-sec, degradation of speed
transmission is just a result of data volume increased :
- In these conditions, the average registered degradation was 25%
of the effective speed.
Tesla BOX® and competition
- Commercially available products are not suitable for “harder”
ambient conditions (temperature fluctuations, vibration
exposure, dimensions..) .
- Most devices are for stationary use on 220V.
- Most devices do not possess automatic switching to the backup
communication path, in case of interruption.
- Competitive pricing is over 3000 $ (eg. ASA-5510)
- Device has interface with multi language support.
- Expensive training and administration.
- Software support is built in and hidden with possible
„backdoor“ .
Download PDF