BorderGuard™ 6000
Secure Communications Platform
BorderGuard 6000 Series
The BorderGuard 6000 Secure Communications Platform builds on a decade-long legacy of offering the best combination of price, performance, reliability, and security in the industry.
BorderGuards have been deployed around the world in support of the most demanding secure communications applications without a single security breach. In addition to iron-clad security, BorderGuards are known for their reliability - enhanced by total path redundancy and automatic failover for complete peace of mind.
- All DoD JITC PKI Interoperability Tests Passed
- Secure All IP-Based Communications - Wireless and Wired
- DoD PKI / Standards Based Authentication - X.509, OCSP, CRL
- HSPD-12 Compliant Two-Factor Authentication
- Central Management
- PKCS#11 Smart-Card Compatible
- Seamless Wireless Interface Roaming
- Red List Revocation Capability
- IEEE 802.1Q VLAN Support
- Dynamic End-Point Security Policies
- Hardware Accelerated AES Encryption
- Extended RSA Keys - 2048 and 4096
- Built -in PKI Included
Best in Class Security of Data in Motion
| Features | BorderGuard 6000 | BorderGuard 5000 |
| Mandatory mutual public key authentication |  |
|
| Built-in digital certificates | |
|
| Persistent connectivity (Wireless) | |
|
| Tunnel-Lock end point security | |
|
| Pocket PC VPN Client | |
|
| X.509, OCSP, CRL, LDAP | |
|
| Red List and Green List local admission control | |
|
| HSPD-12 compliant 2-factor authentication (PKCS#11 smart card compatible) | |
|
| Appliance-based central management | |
|
| Active Directory Integration | |
Interoperability and Flexiblity
The versatile BorderGuard 6000 can leverage your existing public key infrastructure (PKI), including X.509 certificate authorities as well as OCSP and CRL checking. Administrators are relieved of the tedious task of manually configuring certificate authority hierarchies by the BorderGuard 6000 automatic path discovery and path validation mechanisms. For flexibility, the BorderGuard 6000 includes its own built-in PKI that can be used independently.
Supporting geographically and technologically diverse organizations has never been easier. The BorderGuard 6000 is ready to deploy with minimal setup. To meet the rising demand for wireless devices, the BorderGuard 6000 offers seamless roaming that allows users to maintain a VPN tunnel across wireless access points.
The BorderGuard 6000 is compliant with the important Federal Government directive HSPD-12 and is compatible with any PKCS#11 smart card or USB token.
Iron-Clad Security
BorderGuards are configured as perfect firewalls. The only packets forwarded from external connections to inside ports are the packets that have been cryptographically authenticated. Conversely, the only packets that leave the BorderGuard 6000 are those that are encrypted and sent to an authenticated destination in the VPN. BorderGuards do not respond to unauthenticated sources.
Blue Ridge Networks™ developed Tunnel-Lock™ to lock down remote access devices to only one possible destination - the corporate network via the VPN tunnel. Tunnel-Lock is applied during the installation process and cannot be disabled. This unique feature eliminates the possibility of backdoor attacks.
Strong two-factor authentication with Key-Guard™ scales to meet the escalating needs of the organization and offers a higher level of security than password-only systems while maintaining user convenience.
Mutual Authentication - the appliance itself has a unique RSA public key digital certificate-based identity. Each BorderGuard 6000 within the VPN must mutually authenticate using these certificates. Password or "shared secret" modes of authentication are not secure and not supported by the BorderGuard 6000. The Blue Ridge Networks method of mutual authentication eliminates the possibility of an attacker inserting himself into the VPN via identity spoofing or a man-in-the-middle attack.
Remote Management
The BorderGuard 6000 Management Console is a pre-configured appliance that drops into your network, centrally and securely managing all site-to-site and remote access connections. It supports standard digital certificates and with the Blue Ridge Networks "Red List" function, administrators can revoke access to specific users in real time, even for users employing external certificate authorities.
