Tactical Software Tech Note

All Tech Notes

The Encryption Option for Tactical Products

Security for Redirected Data

The security of the network connection used by a redirector can be an important consideration for applications in banking, healthcare, legal, security systems, facility management, and many other areas.

Additionally, with the increasing use of device servers at remote locations, there are requirements to protect redirected data as it traverse untrusted networks to a server and to verify the identity of the server.

To meet the needs of these applications, Tactical Software has added a powerful and flexible Encryption Option for all Tactical Software products.

Fully configurable in the Control Panel interface, the Encryption Option uses OpenSSL technology to provides two key security capabilities for Tactical's Redirectors and TacServe COM Port Server software:

TLS/SSL data encryption of the data connection between the Redirector and the server.
Certificate authentication and transmission to confirm the identity of the Redirector and/or server.

Technical Overview

The Encryption Option is available for all 32-bit versions of Tactical Software redirectors, as well as TacServe COM Port Server. It offers a powerful and flexible solution for data security, using OpenSSL technology:

Your choice of five encryption ciphers: AES, 3DES, DES, RC4, RC2.
Selectable cipher strengths from 40 to 256 bits, with cipher set preview.
High performance algorithms incorporated in Tactical's driver software.

The Encryption Option also supports the use of TLS/SSL certificates for:

Validation of certificates provided when connections are started.
Customizable Certificate Authorities, with 36 CA's provided by default.
Customizable TLS/SSL Certificates to provide on request to network peers.

Server Requirements

When using the Encryption Option, Tactical Software Redirectors will of course require TLS/SSL encryption and protocol support by the server to which they connect.

Tactical works with server manufacturers who are incorporating TLS/SSL support in their products. For the latest information on compatible servers, please contact a sales consultant.
For servers that don't support encryption, an SSL front-end system can perform the encryption function. Off-the-shelf SSL accelerators, common in high performance web applications, are an off-the-shelf solution available from Cisco and other manufacturers. An economical PC server running the open-source Stunnel software is an alternative.
For users of the COM/IP Redirector or the Serial/IP Redirector with the Encryption Option, the COM/IP Redirector can also be used at the destination if it is a Windows-based PC.

Availability

SSL/TLS Encryption is available in all Tactical Software products that use a special license key that enables the feature.

To use the Encryption Option with a 30-day trial copy:

Request an encryption license key using this form or send email to Tactical application engineering. Please include your name, company, address, and telephone number.
When you receive the encryption license key, enter it in the Tactical Software product.

To purchase Tactical Software licenses with the Encryption Option:

Contact Tactical Software or an Authorized Reseller. The Encryption Option is not available on the Tactical Software online store.
Be sure to specify the Encryption Option at time of order.

OpenSSL License Notice

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/).

The Tactical Software End User License Agreement contains the full text of the OpenSSL Toolkit software license.