|
|
 |
 |
Security Testing and Evaluation Labs
Security Evaluation Laboratory (SEL)
BAE Systems: MMHS Mail Guard
The Military Message Handling System (MMHS) enables users to electronically process and disseminate military message
traffic, involving multiple levels of security classifications up to and including Secret, in a Secret
System High environment. (Top Secret messages are also supported, but only after they have
been encrypted offline prior to transfer via the MMHS). The system is based on ACP 123,
which governs the origination and reception of military messages. The MMHS interfaces with
the Defence Electronic Message System (DEMS) version 2 and external messaging systems
(e.g., Automated Defence Data Network (ADDN) and Tactical Messaging Handling System
(TMHS)) to form the DMHS.
MMHS end-user workstations (WS) are used
to run the Entrust (S/MIME v3 with ESS) enabled UAs and are interconnected via subnets with other MMHS WS. These subnets are cryptographically isolated from DEMS Users and DEMS
backbone nodes on local networks by NES encryption devices. The MMHS Mail and
MLA/PUA Backbones are also cryptographically isolated from the local networks by NES
devices. The MMHS Mail Backbones (MBB) features the DSA, MTA, MS, and DUA/ADUA
servers while the MLA/PUA backbones (M/PBB) feature the MLA and PUA.
The local networks are connected to the Defence Wide Area Network (DWAN) via a router.
Some MMHS routers also connect the local networks and DWAN to the MFGW and TGW. The
MFGW and TGW both consist of a Firewall (FW), used to enforce the security policy decisions
related to the release of incoming and outgoing MMHS messages, and one or more Functional
Converter (FC) that convert MMHS messages to/from the formats used by the external
messaging networks.
|
|