The KeyCutter Program selects protocols, ports, filters, packet types and allowed services for the LuciGate Firewall Appliance
The LuciGate Keycutter program enables the smartcard key to be cut for the LuciGate Firewall. The program will run on any IBM compatible PC running a 32-bit MS Windows OS. It is a menu driven program enabling the Network Security Manager to define the rules, filters, ports and services etc. that are to be allowed to pass through the LuciGate Firewall. Once the rules have been decided and the smartcard key has been cut, it is inserted into the LuciGate Firewall. The LuciGate will read the information from the smartcard key and automatically set itself up. There is no further need of the PC, unless the configuration changes so that the rules need to be updated. Once programmed, the key remains in the LuciGate. If it is removed - NOTHING AT ALL WILL PASS THROUGH!
The Smartcard Key is written and read using a Smart Mouse Unit which is plugged into a PC COM port. This unique smartcard key system means that no external hacker or mischief maker can possibly deduce or interfere with the security rules that have been set in the LuciGate Firewall. For maximum security, every smartcard also carries encrypted information linking it to a particular LuciGate (or group of LuciGates within one organization) so that "foreign" smartcards cannot be substituted. Smartcards can be re-programmed at least 10,000 times and will retain the information they hold for at least 10 years.
The KeyCutter program has been designed to use natural language as far as possible. Simple text files are used to define MAC addresses, Ethernet Packet Types, Host IP addresses, Network addresses, IP protocols and TCP/UDP Port numbers. The user can assign descriptive names to all these as well as adding useful comments.
A RuleSet is named and the rules are added to it using the Rules Generation part of the KeyCutter program. Context sensitive options are presented to guide the user through the process of defining rules.
Once all the rules have been set, the user returns to the Main Menu and selects the Write Key option to write the rules on the smartcard key.
It is also possible to write and read from a pseudo smartcard via the Load Key File and Save Key File options on the File menu. This feature enables the user to simply cut several keys that may differ by only one or two values. The File can be read in, some values added or changed and then written to the actual Smartcard key.
The File menu also has an option to obtain a printed summary of the last programmed values.
The KeyCutter program can be easily run from a floppy disk for additional security. Removing the executable file from the computer and keeping the floppy under lock and key ensures that only the Custodian can cut the keys for the LuciGate Firewall.
These pages were last updated on April 10th 2003