AMSEL Advanced Modular Secure Embedded Linux

AMSEL is a embedded Linux distribution for Firewall and IPSec-based VPN gateway applications. AMSEL comes on CD-ROM together with a user manual and a reference platform board (DIL/NetPC ADNP/1520 Application Board MB/1520-100). AMSEL consists of five basic modules: The basis forms a fully developed 2.4-Linux-Kernel with numerous basic network functions. There are different packet filter functions for OSI Layer 2 and Layer 3 as well as IPSec-based VPN functions and an AMSEL Build Process (ABP) available.

The AMSEL CD-ROM comes with some sample configurations for OSI Layer 2 (Data Link Layer) and OSI Layer 3 (Network Layer) Firewalls as well as IPSec-based VPNs (Virtual Private Networks). AMSEL is 100% Open Source software. Running one AMSEL configuration on different platfoms is possible without any licence fees.AMSEL is a co-operation project between .vantronix | secure systems and SSV Embedded Systems. Please visit the AMSEL web site for more information.

AMSEL Kernel Key Features

AMSEL is build around a Linux kernel version 2.4 together with some security enhancements and patent-free real-time extensions. AMSEL is bootable from (MTD) Flash, disk drives or over Ethernet-based networks.

Linux Kernel Version 2.4

Security Enhancements (Stack-Smashing Protection)

Patent-free Real-time Extensions with Adeos and RTAI

Command Line Interface (CLI) for a Linux Serial Console

Modular Concept

Bootable from (MTD) Flash, Disk Drives or Ethernet-based Networks

Root File System within RAM Disk or NFS-based

AMSEL Basic Network Functions Key Features

AMSEL comes with many build-in network functions. IPv4 and IPv6 protocol support, IP, TCP, UDP, SCTP, SSH, PPP, HTTPS-based web server and OpenSSL are some examples.

TCP/IP Stack with IPv4 and IPv6 Protocol Support

Layer 2 and 3 with IP, TCP, UDP, SCTP (Stream Control Transmission Protocol)

Support for Systems with more than one Ethernet LAN Controller

Integrated Ethernet Bridge Functions ( IEEE 802.1d MAC Bridges)

Support for Virtual LANs (IEEE 802.1q-based VLANs)

QoS Features (IEEE 802.1p und 802.1q)

NetRPC Extension for very fast Execution

SSH Support (OpenSSH-based)

PPP Support with the Help of a Point-to-Point Protocol Daemon

Integrated Embedded Web Server (HTTP/HTTPS)

DHCP Server and Client Support

SMTP Email Support for automated Alert Message System

OpenSSL System Library

Support for Linux Virtual Servers

AMSEL IPSec/VPN Support Key Features

AMSEL supports IPSec-based VPN (Virtual Private Network) gateway configurations for Host-to-Host and LAN-to-LAN applications. AMSEL offers different data encryption algorithms, shared key or PKI-based authentication and X.509 support.

KAME Project-based Implementations of IPSec Protocol for IPv4 and IPv6

Support for IPSec Tunnel Mode or IPSec Transport Mode

Data Encryption with the Help of a Scatterlist CryptoAPI

Different Data Encryption Algorithms: AES, Twofish, Blowfish, Serpent, DES, 3DES, SHA-1/SHA-2 (256 und 512 Bits), MD4 and MD5 Hash Algorithm with HMAC Support

Deflate Compression Support

ISAKMP Support (Internet Security Association and Key Management Protocol)

KAME Racoon Key Management Daemon

Shared Key or PKI-based authentication

X.509 Support (RFC 2459: X.509 Public Key Infrastructure)

DNS Security Extension (RFC 3008: Domain Name System Security (DNSSEC))

Authentication and Key Exchange with the Help of AES, DES/3DES, Blowfish, SHA-1/SHA-2 und MD5

Some IPSec-based Sample Configurations for Host-to-Host and LAN-to-LAN Applications

AMSEL Packet Filter (Firewall) Functions Key Features

AMSEL contains all components to build a OSI Layer 2 and OSI Layer 3 Firewall. Thereby packages can be filtered on the Ethernet MAC and IP protocol level. In this way a set of rules is possible, which permits only a certain computer to access a subnet.

Ebtables- and arptables-based Packet Filter for the Ethernet MAC Level

Iptables-based Packet Filter for the IP Protocol Level

SPI (Stateful Packet Inspection) for IP Protocol Packets

Extensible and Modular Packet Filter Concept

Simple Configuration for all Packet Filter Functions

BNF-based (Backus-Naur-Form) Configuration Language

Syntax and Role Check before Execution

Very fast execution mode for all Packet Filter Functions

Some Sample Configurations for Packet Filter Applications at MAC and IP Protocol Level

AMSEL Build Process (ABP) Key Features

The AMSEL build process allows the creation of own Firewalls and VPN gateway configurations. The AMSEL distribution CD-ROM offers different packages. The build process sets parameters and selects packages and functions for a target application.

Set-up your own AMSEL Configuration

Use a PC and build a AMSEL Configuration for your Target Platform / Application

Add binary Packages without a new Compiler run

Remove and Update of single Packages

System fixing at Package Level

AMSEL Updates via Repository Server from Internet

Some Sample Configurations with detailed Documentation

AMSEL Reference Platform Key Features

The AMSEL reference hardware is the DIL/NetPC ADNP/1520 Application Board MB/1520-100. This board offers a low power DIL/NetPC with 3 Ethernet LAN interfaces and a RS232-based command line interface to the Linux operating system.

AMD 32-bit SC520 Low Power IA-32 586 CPU with 133 MHz

64 Mbytes SDRAM

Flash (AMSEL is using 16 Mbytes the memory space for booting-up)

GNU GRUB Boot Loader

1 * 10/100 Mbps Ethernet LAN Interface (LAN1: RJ45 Connector)

2 * 10 Mbps-Ethernet LAN Interface (LAN2, LAN3: RJ45 Connectors)

RS232 Interface for Linux Serial Console (Sub-D, 9-pin Connector)

Programmable Watchdog (System Supervisor)

CompactFlash Slot for CF Cards with True IDE Mode

Reset Switch

3,3 Volt Low Power Design

Power Supply with simple 5 VDC Wall-Plug Type

Board Dimension 100mm * 160mm

AMSEL Ordering Information

Ordercode	Product
AMSEL-KIT1	Two CD-ROMs (AMSEL CD-ROM, AMSEL Install CD-ROM). One printed User Manual.