Custom Search
|
|
|
||
 MIL-HDBK-232A
baseband coaxial cable systems. FOC may be used in place of coaxial cable.
Before a LAN is designed and installed, the responsible agency must ensure
the host software is capable of supporting the levels of security required.
Commercially available software typically does not support multiple security
levels. Thus, all users must operate at the same security level. It may be
possible with emerging technology to create a hierarchy of hosts and LANs
connected by gateways which allow higher level users to access lower level
hosts, but prohibit lower level users from accessing higher level hosts. DoD
and service directives and regulations should be consulted to define the
parameters and criteria for trusted software.
5.4.6.2.1 PABX LAN. LANs may be implemented via PABX where the nature of
use is short-term connection, low-speed operation, and low-volume data
transfer. The PABX may serve a particular area, building or complex, or it
may be the base central office. Data rates up to 9.6 kbps may be supported.
With the advent of digital branch exchanges, speeds up to 56 kbps may be
achieved. When a PABX is used to implement a LAN, a secure network can be
designed by including approved encryption devices and techniques in the
system. A PABX-based LAN consist,, of on-call point-to-point links. This
allows a terminal to establish a link to only one other point at a time.
When a link is thus established, it can be secured for the duration of the
connection. Terminals and hosts can then be designed using the techniques of
this handbook with clear RED/BLACK boundaries. When such features as
electronic mail are part of the system, it is assumed the receiver is
responsible for accessing his mail box to retrieve messages or obtain other
information. Thus, the design would exclude autodial capability by the host
and autoanswer capability by the user.
5.4.6.2.2 Broadband LAN. Broadband LANs use frequency-division multiplexing
on a coaxial cable to establish a communications network. The technology is
similar to that developed for cable television. Typically, the bandwidth of
a broadband system is 300 to 400 MHz. Such LANs are intended to support
low-speed data, video and voice on a single physical medium. Bands of
frequencies are established for each type of service. For instance, a band
might be established between 10 to 25 MHz. This band could be further
divided into 4000-Hz subchannels. Broadband, then, should he viewed as any
other transmission medium if each subchannel is used by only one user.
Transmission between the host and user would be encrypted and modulated, thus
the medium is transparent to both. If multiple users share a subchannel,
then the entire system must be RED if processing classified information.
5.4.6.2.3 Baseband LAN. Baseband LANs use baseband signaling on a single
physical transmission medium. Data rates of 10 Mbps are achieved between
nodes. Up to 1000 nodes may exist on a LAN. Some nodes may exist as
terminal servers, each supporting multiple terminals. Such LANs also use
multiple levels of protocol or function layers. At the present time,
baseband LANs present significant challenges and risks in secure
applications. All users have perpetual connection to all other users, The
most significant problem, then, is how to establish privacy between any two
users. Although development is underway, such a technique does not exist.
Therefore, in order for a baseband LAN to be secure, it must he installed in
a PDS. All users on the baseband LAN must operate at the same security
level. Physical security measures must be quite stringent since no RED/BLACK
barrier exists to protect the network. Baseband LANs should be kept as small
as possible, and should not use gateways to other LANs.
65
|
 
|
|
|
||
