LinuxDevices.com Archive Index (1999-2012) | 2013-current at LinuxGizmos.com | About  

Device Profile: SSV IGW/100 industrial security gateway

Sep 2, 2004 — by LinuxDevices Staff — from the LinuxDevices Archive

The SSV IGW/100 is a small, rugged industrial security gateway designed to protect automation networks from viruses, worms, and unauthorized access. It runs a free, open-source Linux distribution that supports real-time extensions and was designed especially for industrial security applications.

The IGW/100 is available as part of several Security Gateway Starter Kits from SSV


The IGW/100 is built around an SSV's DIL/NetPC ADNP/1520 single board computer (see diagram below) which is powered by a 32-bit AMD Elan SC520 586 processor clocked at 133MHz. The unit includes 64MB of SDRAM, and 16MB of Flash, expandable through an internal CompactFlash slot. It includes one auto-negotiating 10/100 Ethernet port, and two 10Base-T ports. Backpanel I/O includes a 115.2kbps RS232 port, reset button, and LEDs for power and CF activity.

The IGW/100 is based on one of SSV's tiny DIL/NetPC SBCs


The fanless device requires a 5VDC power supply, and can operate between 0 and 65 degrees Celsius. It is housed in a rugged case measuring 6.5 x 4.5 x 1 inches (168 x 116 x 26mm), and is available with wall-mount and DIN rails.

Software side — AMSEL Linux

The IGW/100 is intended to run “Advanced Modular Secure Embedded Linux” (AMSEL), a free, open source, security-oriented distribution based on a 2.4-series kernel. AMSEL was co-developed by SSV and .vantronix, according to SSV, and employs a “secure-by-design” architecture suitable for industrial environments. It uses the ucLibc system library for small systems.

AMSEL supports real-time extensions, including the patent-free ADEOS nanokernel. Since the IGW/100 is an x86 system, AMSEL also supports RTAI/Adeos on the device, as well as RTAI/Xenomai. It also supports emulation layers for several commercial RTOSes, including VRTX32/VRTXsa, pSOS+, VxWorks, and ulTRON.

AMSEL includes the amCLI (man page) command-line interpreter, which serves as the central user interface. AMSEL also includes the amwall (manpage), said to provide an integrated, easily understood firewall configuration interface based on the Backus Naur Form.

The IGW/100 provides NAT/firewall features, using iptables for IP level packet filtering and ebtables and arptables for Ethernet MAC level packet filtering. It uses the BNF (Backus Naur form) configuration language.

The amCLI and amWall tools can be access remotely via telnet or SSH. AMSEL also includes amWebd (manpage), a secure web server that supports privilege-separated CGI for secure management applications.

Another interesting AMSEL utility is amselect (manpage), a secure package manager.

AMSEL includes a KAME-compatible IPSec stack supporting IPv6 and IPv4. It uses the Scatterlist CryptoAPI for fast encryption, and supports AES, (3)DES, and blowfish. Supported ciphers include Twofish, Serpent, Cast5/6, Blowfish, and (3)DES. Additional VPN features include:

  • SHA1/256/512, MD5 and MD4 has-algorithms with HMAC support
  • Deflate compressions support
  • IPSec transport- or tunnel-mode
  • Encapsulated Secure Payload (ESP)-mode
  • Authentication Header (AH)-mode
  • ISAKMP support
  • KAME “racoon” daemon
  • Authentication with X509 support
  • DNSSec extensions
  • Secure Phase 1 authentication / key exchange
  • Network to network, host to host, net to net

Additional networking features provided by AMSEL include DHCP server and client, HTTP and secure HTTP server, OpenSSH, bridging software, VLAN (IEEE 802.1q), and QoS (IEE 802.1p and 802.1q).

The IGW/100 is available now as part of several Security Gateway Starter Kits from SSV.


 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.



Comments are closed.