Netgard™ Encryption Suite | API Technologies

By: Api Electronics  09-12-2011

Quick-to-Deploy Alternative to Type-1 for Secret & Below Environments

The Netgard™ Encryption Suite is a secure network product family designed to enforce a centrally‐defined security policy for the flow, encryption, and audit of data packets transferred between network nodes. The Netgard Encryption Suite delivers a unique implementation of cryptographic technology with high‐assurance, policy‐based enforcement for data protection and integrated security controls essential to threat mitigation in the network environment. 

NSA-approved Suite B encryption algorithms provide security while releasing the user from the logistical burden of traditional Type-1 solutions.  Overall: the Netgard Encryption Suite offers an easy-to-deploy alternative or supplement to Type-1 encryption for Secret and Below environments.

Available for pre-order Q2 2011. Shipping begins Q4 2011.


  • Rapid deployment situations
  • Unattended operations
  • High-risk environments
  • Commercial interoperability situations
  • Multiple security level networks and cross domain environments

Netgard Manager

The Netgard Manager allows the administrators to define several key attributes within the environment such as labels, users, locations, COIs and data. The policies for the different attributes are checked as they are being submitted to ensure that they do not conflict with other policies established within the system. For example, if the user administrator added a user with the rights to view “U.S. Only” information, and the COI Administrator attempted to add that same user to a COI that contained Coalition data, the Netgard Manager would block this operation and notify the COI administrator that the user was not eligible for the particular COI.


IPMEIR Compliance (planned 4Q11)

  • FIPS 140-2
  • Common Criteria


  • AES-128/192/256, 3K-3DES algorithms
  • Packet authentication using HMAC-SHA-1/SHA-2/MD5

In-Band Dynamic Network Management

  • Agile Communities of Interest (COI)
  • Manage up to 500 devices


  • Support for v4/v6 translation

Less than 15 second boot time

Remote zeroize

Self-generated Key

Support for Over-The-Network-Keying

8000+ Security Associations


  • Non-CCI: Releases users from the logistical burden of Type-1
  • Self-Generated Key: FIPS-certified PRNG creates symmetric keys, eliminating burdensome key management requirements
  • Dynamic Communities Of Interest (COI): Securely organizes network resources for the purposes of data sharing and communication on-the-fly 
  • Port Filtering: Controls which port/application connections are permitted
  • Protocol Filtering: Controls which network protocols are allowed for communications
  • Mandatory Access Control (MAC): Restricts access and propagation at the data level
  • Discretionary Access Control (DAC): Restricts who and from where the network object may be accessed
  • Dead Peer Detection (DPD): Determines if the connecting peer is still healthy
  • Object Reuse: Prevents the inadvertent release of residual data typically in unused fields or at the end of a packet buffer 
  • Identification and Authentication (I&A): Securely verifies the user’s identification and establishes authorization for access
  • Auditing: Monitors and records verifiable, security-relevant operations
  • Over The Network Keying (OTNK): Controls Pre-Shared Key (PSK) lifetime; at a user-configured time period, pushes new PSKs to all devices
  • Ease of Installation: End devices can be installed in minutes by untrained personnel 
  • Software Upgrade: Automated upgrade of multiple devices with no loss of keys or configuration
  • Dynamic Network Management:  Allows total control and instantaneous policy changes over all devices in the network
  • PKI Support: Supports CAC-based authentication and Non-Person Entity (NPE) X.509 certificates
  • Advanced VPN Features: Supports NAT-traversal and DHCP on all interfaces
  • Common IP Security Option (CIPSO): FIPS-188-compliant IP labeling support


Product Specifications

  • Dimensions: 6” x 5.5” x 1.5” 
  • Weight: 2 lbs 
  • Power: 20 watt max 
  • Interfaces: 2x 10/100/1000
  • Base-T Speed: 300+ Mbps full-duplex 

Other products and services from Api Electronics


TEMPEST Telepresence EX 90 | API Technologies

The CryptekTM TEMPEST TelePresence EX 90 features a 24 inch high definition display which can be used both as a PC monitor and a telepresence system. The 8-inch CISCO TelePresence touch screen interface allows for simple control and transparent collaboration in one touch. Cisco TelePresence Precision HD Design.


NHi-158xx Terminal+™ Series | API Technologies

The built in interrupt controller supports an internal FIFO which retains header information for queuing up to 6 pending interrupt requests plus an overflow interrupt. The NHi-158XX is a complete Multi-Protocol Mil-Std-1553 Data Bus Interface between a dual redundant bus and a host processor. The device functions as a programmable Bus Controller, Remote Terminal, Bus Monitor and simultaneous Monitor/Remote Terminal.


Tunable Filters | API Technologies

The API line of digitally-tuned bandpass filters are specifically designed for military radio applications, or when tuning across a precise frequency in essential. They are an ideal solution when power, size, speed, and frequency selectivity are a must. TUNE WORD10 = fdesired - 129.31. 3dB Bandwidth = 5.35%, ±0.2.