EPA - Water Security - Security Product Guide - Hard wired Voice and Data Communications

Water Security Home

Basic Information


Where You Live


Primary Topics
	Mutual Aid and Assistance
	Pandemic Flu Planning for the Water Sector
	Water Security Initiative
	Water Laboratory Alliance
	Features of an Active and Effective Protective Program
	National Performance Measures
	Vulnerability Assessments
	Emergency / Incident Planning
	Security Enhancements, Research and Technology
	Legislation and Directives
	Small Systems
	Public Involvement
	Information Sharing


Water Security Resources
	Training Courses, Meetings, and Workshops
	Tools and Technical Assistance
	Grants and Funding
	Publications
	Related Links
	EPA Contacts
	Glossary


A to Z Subject Index


About Us

Hard wired Voice and Data Communications

Objective
Security devices for hard wired voice and data communications are used to protect the confidentiality, integrity, and availability of hard wired communications (telephone systems, cable data transmission systems, etc.). Using specific types of security devices or enabling security features in existing networks can decrease the risk that these communications will be blocked, intercepted, modified, or otherwise compromised. Note that this Product Guide discusses products specifically used for securing voice and data communications in a traditional hard wired setting; newer Voice over Internet Protocol (VoIP) hard wired communications technology will be covered in a future Product Guide.

Application
Security devices can be implemented on any hard wired voice or data communications system. Some of these systems will have integrated security systems that can simply be activated/implemented by the user and/or the vendor. In addition, there are many add-on security features that can be added to existing hard wired communications systems.

Location Used
Many types of security systems for hard wired communications - such as firewall devices or appliances - can be installed somewhere on the hard wired communications network. Other components, such as a Cisco router running the firewall code operating system or a public branch exchange (PBX) phone system with a firewall [see below for full discussion of these systems], are installed on the communications devices themselves.

Description

A complete hard wired communications system or network must include both communications "devices" (such as telephones or Input/Output Terminals), which translate voice or data information into an electronic signal, and communications "service", which is the physical and logical technology that carries the voice or data communications between devices.

Most people are familiar with hard wired communications devices, which consist of individual units such as hard wired telephones, facsimile machines (fax) and modems that are installed on computers. These are the "I/O" (input/output) devices of the voice communications network that users access directly to communicate through the network (i.e., a user uses a telephone or fax to dial a telephone number, and is connected to the user at the dialed number; or a user turns on a modem to allow a computer to communicate over (fax) a network). Typically, users own and control these I/O devices, and users can determine what specific type or brand of telephone, fax, or modem to connect to the service, what features to purchase for the device, how many devices to connect to the system, etc.

Users must use a communications transmission service to communicate between I/O devices. Hard wired communications service is usually provided by a third party service provider (e.g., Verizon, Comcast, etc.) through a hard wired telephone system or a cable system. In addition to providing the voice/data service itself, many service providers can also provide security features and options for a hard wired communications networ ks. Service providers may offer both standard and optional security features with their service, and thus end-users may be able to set up their service to include the most appropriate security features to mitigate their potential risks.

Because hard wired data and voice information travel over similar communications systems, they have some security features in common and can be addressed together. Other security features for hard wired data versus voice communications are addressed separately in this document because these features are dependent on other factors specific to each type of system.

Data

Hard wired data communications systems, which are the oldest and still the most widely used data communications technologies, are networks in which all of the components are physically connected together using a hard wiring system. Examples of these types of systems include such common systems as broadband networking and cable TV networks. These hard wired communications systems differ from wireless communications systems, which broadcast voice or data between transmitters and receivers through the airwaves (wireless voice and data communications are discussed in the Wireless Data Communications Product Guide), although there may be a mix of hard wired and wireless components in the same facility. Hard wired networks can provide connections and transmission of data between many different types of systems, including Client/Server and Supervisory Controls and Data Acquisition (SCADA) computer systems, through a pathway of interconnected network devices. For example, Figure 1, Item A, shows a remote user (top left of the figure) communicating over a hard wired Internet connection with a file server. In this example, the communication goes through several intermediary devices that can provide security for the communication, including a router, a firewall, and a managed switch. This figure also shows other hard wired data communications systems, including fax communications (Figure 1, Item B) and dial-up Internet or Digital Subscriber Line (DSL) service (Figure 1, Item C). Another type of data communications system is a cable network, which uses a cable modem to provide data communications service for computers. This type of service is typically provided though privately owned cable TV networks. Like public telephone service systems, these networks are typically shared by many different users/subscribers.

Figure 1. Sample Data Network Configurations

Voice

Voice communications over hard wired infrastructure consist of POTS ("Plain Old Telephone Service"), leased line communications, and PBX systems. Any given facility may employ one or more connection methods within its communications network. Each of these wiring systems is described in more detail below.

POTS networks (such as standard telephones plugged into wall jacks) are physical networks of copper wire or fiber optic cables connected to a central switching station, which facilitates the connection between any two end-users (i.e., between one telephone number and another [See Figure 2, Items A and B]). These networks are public and are typically shared by multiple users.
Leased/dedicated line hardwire connections are used to connect devices directly in a network without connecting through a service provider switching facility (See Figure 2, Item B). These types of connections are typically used to wire individual connections within the same building (i.e., between jacks in separate rooms) or multiple buildings within a facility (i.e., larger campus environments). This approach is typically used for direct, two-wire voice communications devices, intercom systems, and dedicated voice integrated services digital network (ISDN) systems.
PBX systems, which are used to provide communications within a private (or "dedicated") network, have internal call routing which allows connection to other parties in the same system without having to connect through the service provider network. These systems connect to the outside using the POTS system, and then connect within the PBX system to internal phone extensions, usually over a private, hard wired network. Most new PBX systems store voice messages. (See Figure 2, Item C)

Figure 2. Sample Voice Network Configurations

Features and Attributes

While there are many features and attributes that distinguish various hard wired voice and data communications systems from each other, this section will focus specifically on the features and attributes of these systems that enhance their security and minimize the threat to communications confidentiality, integrity, and availability. These terms are defined below:

Confidentiality

Confidentiality is the assurance that information is shared only among authorized persons or organizations. Confidentiality is broken when unauthorized persons intercept and understand the communications. It should be noted that some information is more confidential than other information (e.g., users communicating about their lunch plans is obviously less confidential than users communicating instructions for the opening of a valve). Therefore, users can establish the required level of confidentiality for the communication depending on the information's sensitivity.

Integrity

Integrity iis the assurance that the communicated information is authentic and complete. Integrity is compromised when unauthorized persons change the nature of the communication, either by altering it or blocking some or all of it; or when unauthorized persons send their own communications that are accepted as authentic.

Availability

Availability is the assurance that the systems responsible for delivering, storing and processing information are accessible when they are needed. Communications would not be available if unauthorized persons block them by cutting or otherwise tampering with the communications system.

The security-related features and attributes that can be implemented on hard wired communications systems range from physical security measures that can be implemented to physically secure communications service and communications equipment, to electronic/cyber security measures that protect the electronic flow of information through the network. Some of these security measures can be implemented by the end-user, while others must be implemented by the third party service provider. The discussions below will clarify who can implement various security features.

Physical Security Features for Voice and Data

As described above, hard wired voice and data communications systems must be physically connected through a network of wires or cables. Therefore, perhaps the most significant factor contributing to secure hard wired voice and data communications is maintaining the service availability, as described above. Ensuring service availability ensures the system's ability to receive secure, reliable communications at the facility. Many different factors can affect service availability at a specific facility, including the local geographic region (some areas do not have extensive hard wired communications networks), the external terrain (it may be difficult to construct hard wired systems in difficult terrain), and the interior design of a building (it may be difficult to wire some buildings, depending on how they are configured).

While hard wired communications service is readily available in most areas, the service must also be protected from interruptions. Protecting against service interruptions requires maintaining a secure physical connection between the facility and the service provider's communications network, and ensuring that adequate power is supplied to the system. Both the service provider and the end-user can take steps to physically protect a hard wired network. Options that the end- user can implement for protecting the physical connections with the network include protecting the wiring by using a conduit or metal/PVC pipe to run wiring within the facility, or using dedicated wiring. Users can also provide additional physical security to the system by locking the doors to server rooms and wiring closets and ensuring that only authorized staff members have keys to those rooms. Adding electromagnetic locks with electronic readers to server room doors can enhance the security of these areas. Further information on Locks and Card Reading Systems are available.

Backup Power

Use of an appropriate Uninterruptible Power Supply (UPS) and backup generators to power phone systems, network devices, and computers may allow for voice and data communications to continue even during a power outage.

Wire Monitoring

Many of the threats to communications networks involve tampering with the physical wiring. Several mitigation measures to protect the wire from being physically disconnected were presented under the discussion of physical security features above. Other security measures can prevent intruders from intercepting signals from the wire. For example, implementing a proper monitoring system that monitors who sends communications and when (i.e., monitoring link up/down) can inform the user of any tampering with the wire – such as from intruders attempting to tap the wire by physically cutting into the inside of the wire to directly intercept the communication, or by intruders attempting to intercept the communications by listening to signals emanated from the wire itself. If the wiring is provided by a third party service provider, then normal SLA (service level agreements) between the facility and the service provider can include notification of any interruption in the connection, which may indicate tampering with the communications.

Dedicated Wiring

"Dedicated wiring" is wiring that is "dedicated" to only one customer (i.e., it is not shared by multiple users). It is often much easier to implement security on dedicated wiring than on public wiring because there are no other parties that must be consulted on security issues. In addition, the system owner can usually choose the specific type of physical wire to use in the network. Different types of wire have different properties that impact the overall performance and security capabilities of the network, and, therefore, choosing the correct wiring type for a given application establishes the basic security level of the system. The three primary cable types are Category 5, Category 6, and fiber optic. Category 5 cable uses Unshielded Twisted Pair (UTP) technology. While UTP technology is relatively inexpensive, there is a threat that unauthorized users can physically connect to it ("tap" the wire) to intercept communications. Category 6 cable uses Shielded Foil Twisted Pair technology, in which four twisted cable pairs are individually wrapped in a foil insulator. This type of cable is less susceptible to external signal loss than is Category 5 cable. Fiber optic cable is the most secure of the three primary cable types because it is almost impossible to tap into it without being detected, and it does not emanate a signal that is easily susceptible to passive signal interception.

Cyber and Logical Security Features for Voice and Data

In addition to physically protecting the hard wired network, there are many security features that can be implemented to secure the electronic transfer of data through the communications network, as well as to ensure that only authorized users access the communications system. Some of these security features are designed specifically for data communications, while others are designed for voice communications, and still others (for example, encryption) can be adapted for both. These types of security features are discussed below in separate sections for data and voice systems.

Cyber and Logical Security - Data

The following features are designed to protect data communications. As discussed above, many security features for data communications networks protect the electronic security of the data, and, therefore, some of these security features (e.g., user authentication) may be familiar to individual users if they have done work with computer systems. These cyber-related security features for hard wired data communications systems function in the exact same way as they do for any other types of data communications, and a facility's computer system administrators may be consulted for setting up and implementing these types of security measures.

Encryption

Encryption, which is the process by which communications are electronically encoded at the transmission end of a communication and are decoded at the receiving end, is used to mitigate the threat of eavesdropping of voice and data transmissions. There are several different types of encryption which provide different levels of security. In a symmetric key algorithm, the sender and receiver must have a shared "key" set up in advance; the sender uses this key for encryption, and the receiver uses the same key for decryption. In an asymmetric key algorithm, there are two separate keys: a public key is published and enables any sender to perform encryption, while a private key is kept by the receiver to enable decryption. Using public key system signing algorithms can fulfill the integrity requirement of the security triad.

Encryption typically takes place between the server and the client computer. Examples of server-side encryption systems include SSL- (Secure Socket Layer) enabled Web servers that establish and perform a key exchange for server/client encryption decryption, and products such as Secure Shell Systems (SSH), which allow remote command line control and file management via SCP (Secure Copy Protocol). Most computer operating systems, such as Windows (Windows 2000 and later versions), Solaris 9, etc., can be configured by local system administrators to provide file system encryption.

User Authentication

A user authentication system is a logical system that uses various methods to ensure a user's identity before that user is allowed to access a resource. The most typical example requires a user to "log on" to a computer network, and thereby specifically identify him-/herself to that network. The system "authenticates" the user by comparing the information that is typed in from the keyboard (typically a user name/ID and password) with identification information stored for that user. If the user is "authenticated", then that user has rights to do certain things within the system. The system administrator can set the system up such that individual users are granted specific rights to perform certain functions in the system, thereby enhancing the system's security by limiting access to certain functions in the system.

There are several types of user authentication systems, each of which differs in cost and effectiveness. Single-factor user authentication requires that the user enter "something you know" – such as the familiar User ID and password sequence - when logging onto the system. However, single-factor user authentication protocols are not considered highly secure because passwords can be easy to guess, steal, or otherwise compromise. A two-factor user authentication system is more secure because it requires two factors – "something you know", such as a traditional User ID/password, combined with "something you have", such as a smart card or token – before the user can log on to the system. The most secure user authentication system currently available is three-factor user authentication, which adds a biometric ("something you are") such as a fingerprint, hand geometry, iris scan, etc., to the User ID/password and smart card/token log-in sequence. For further information on biometrics, see the Biometric Security Systems Product Guide.

Integrity Checking

One of the security functions that a router, firewall, or managed switch (see discussions of these harware devices below) can perform is integrity checking, which is performed through "checksum integrity verification". Checksum integrity verification ensures that the data contents were not tampered with during data transmission. Computers communicate through a system consisting of unique combinations of zeros and ones, and a checksum calculation adds the numerical value of the zeros and ones in the communication, creating a "checksum" value of the contents. The checksum of the communication is sent with the communication and is compared to a checksum value re-calculated at the recipient's end. If the checksum calculated by the recipient equals the checksum sent with the communication, it is a good indication that the communication has not been altered. MD5 and SHA-1 are the two most popular algorithms currently used for checksum verification . While many communications devices are automatically configured to perform checksum verification, it can usually be added on to systems that do not initially include it.

Cyber and Logical Security - Voice

Encryption

As described above, encryption is used for both data and voice communications. Encryption for voice communications differs from encryption for data communications in that it must protect voice communications from unauthorized people that physically tap into the wiring, AND from unauthorized users intercepting the voice communications signals that emanate from the wire. The two key encryption technologies in general use for voice systems are digital encryption modules and analog scramblers .

Digital Encryption Module

Digital encryption modules are available only with digital PBX systems. In these systems, a digital encrypter converts analog speech into digital information called plaintext, encrypts the plaintext using a cipher, and produces a digital output called ciphertext. The ciphertext is sent through the hard wired line to the receiver, where it is automatically deciphered back into intelligible speech. This method protects the voice communication from anyone eavesdropping on the communication by intercepting the communication from the wire, because even if the communication is intercepted, it cannot be deciphered. Digital encryption is more secure than is analog scrambling because it is more difficult to decipher a digitally encrypted voice communication than to unscramble a voice communication scrambled with an analog scrambler.

Analog Scrambler

An analog scrambler manipulates the analog properties of speech, rendering the result unintelligible to eavesdroppers. Analog scrambling may alter speech in the time domain, frequency domain, or both, and these alterations may be constant or may change rapidly. However, the scrambled signal retains many indicators of the original communication, and eavesdroppers are increasingly able to defeat analog scrambling by using these indicators to reconstruct the original message. Potential users should be aware of this potential vulnerability before determining whether analog scrambling is an appropriate security measure for their needs.

Cyber and logical security for PBX Systems

Because PBX systems have private internal wiring, there are some specific types of security that can be implemented on PBX systems that cannot be implemented on POTS systems. For example, installing user authentication software (discussed above) can mitigate the risk of an unauthorized person compromising a PBX voice message storage facility and intercepting or deleting confidential information. The utility could also implement a system that prompts users to change passwords on a regular basis, which can mitigate the risk of passwords being stolen or compromised. PBX vendors can be contacted to determine if their hardware supports advanced security features, or if the PBX equipment needs to be updated or replaced to allow use of these features.

Add-On Devices and Systems for Implementing Security - Data

Some types of security can be physically added into or onto data communications devices or networks (i.e., routers/switches or high-based networking equipment). If the user has a private hard wired communications system (i.e., a PBX system), the user may maintain these devices themselves; but if the user uses an outside service provider that hosts these devices in their data center, the service provider can enable the device-specific features on the user's behalf. As with the logical security features discussed above, a facility's computer or system administrators may be consulted for setting up and implementing these types of security hardware.

A series of network devices are depicted in Figure 2 and each element is described below. While each of these devices works together as part of a system, each also has different security capabilities that depend on the system manufacturer and the model. Because different devices can provide different types of security features (e.g., some devices can provide encryption while others provide access controls), they are often implemented in a multi-layered fashion to ensure that all of the elements are implemented to protect the system. However, some discrete elements may be combined into one device; for example, a device can have routers with firewall capabilities - see the Firewall Product Guide for more information.

Managed Switches

"Managed switches" are devices that can be installed to control the physical wire and disable communications when they are not authorized. These systems can use "port security" functions that compare incoming communications against the physical MAC (Media Access Control) address. If the address is authorized, the communication is allowed into the network; if the address is not authorized, the communication is not allowed into the network. Managed switches may also incorporate a Virtual Local Area Networks (VLAN) feature, which allows the user to segregate computers into isolated groups that do not interact even though they share the same physical wiring. For example, using a properly configured VLAN system would allow users to have a high-security SCADA system monitoring pipeline integrity and a low-security business LAN connected through the same physical wiring without increasing the risk to the high-security SCADA system.

Routers

Routers are pieces of hardware that are used to facilitate communication between separate wiring networks, although they can also be used to route traffic between physically segregated users within a facility. Because routers are typically implemented as a "gateway" between internal system users and the outside, an access control list (ACL) implemented on a router can filter incoming traffic by logical address and application, and can allow some communications in while blocking others. Thus, a router with an ACL can be an effective first layer of security so other network devices do not have to process extraneous traffic that may contain "malware" code (viruses, Trojans, etc.). Router ACLs differ from true firewalls (discussed below) because the router can block only source/destination addresses and specific communications ports into and out of the protected network, whereas a firewall can provide more comprehensive screening of all communications.

Firewalls

Firewalls are covered in detail in the Firewalls Product Guide. However, their use in securing hard wired voice and data networks will be discussed here. In contrast to a router, a firewall can perform more in-depth inspection of the contents of a communication by applying specific rules that authorize only specific types of address/port traffic and actively deny unauthorized users access to specific services in the protected zone.

Upgraded Modems

Newer models of dial-in modems with dial-back features can limit access to the system to only authorized users with a pre-defined phone number. Some cable modems have content filtering capabilities that prohibit others who share the cable segment from unauthorized interception of another’s data being transmitted on the same network segment. The specific provider of the cable TV system may provide additional tools to isolate data traffic between users.

Virtual Private Networks (VPNs)

VPNs use "virtual" connections that are routed through the company's private network to enable remote access by employee's offsite. A typical VPN might have a Local Area Network (LAN) located at the company's corporate headquarters. VPNs provide a more active form of security by either encrypting or "encapsulating" data for transmission through an unsecured network. These two types of security—encryption and encapsulation—form the foundation of virtual private networking. However, both encryption and encapsulation are generic terms that describe a function that can be performed by myriad specific technologies.

VPNs will be covered in a future Product Guide; however, firewall vendors may be able to provide an effective, integrated VPN as an add-on feature to their firewall service. (It should be noted, however, that not all firewall vendors offer add-on VPN features.)

Add-On Devices and Systems for Implementing Security - Voice

Add-on devices for enhancing security are less prevalent for voice systems than for data communications. However, several options are discussed below:

ETM (Enterprise Telecommunications Management) Software

ETM products are security management software packages that allow administrators to track various aspects of the voice network. Individual tasks that can be performed through an ETM include tracking system access by personnel at key access points around-the-clock, and identifying unused resources such as voice mailboxes that may be vulnerable to attack. ETMs can also provide alerts to unusual call activity relative to historical activity, and can monitor traffic patterns for usage during non-business hours. This software can be used with both digital (PBX) and analog (POTS) environments.

Firewalls (PBX systems only):

As discussed above, because PBX systems have private internal wiring, there are some security features that can be implemented on PBX systems that can not be implemented on POTS systems. For example, utilities can add a firewall to a PBX system to protect the PBX system from back-door modem access and other external attacks through the POTS by detecting, logging, and controlling all inbound and outbound activity on the communications network based on user-defined, automated security policies.

Cost

Costs for hard wired communications systems include both costs for service and costs for equipment. Generally, communications service and equipment may be purchased from the same vendor, or they may be purchased separately. Specific devices and types of service may include security features, or these may need to be purchased/implemented separately.

Basic analog telephones can be purchased for $20 or less, while newer full-function digital PBX systems can range from $100 to $250 per handset, depending upon the model/features included with the system and the number of handsets to be supported.

"Entry-level" network devices (i.e., base-model routers) can cost less than $100, but these basic types of devices typically do not have security features and capabilities to protect a commercial facility adequately. Industrial-quality routers, firewalls, and managed switches range from $500 to several thousand dollars, and maintenance agreements can add up to 20% annually to the costs. There will also be additional personnel costs for maintaining the data network.

Hard wired telephone service is in the process of being de-regulated, and, therefore, costs for service vary between regions. Hard wired data service costs are usually based on the type of service, bandwidth requirements allocated to the facility (bandwidth is a measure of the amount of communications that can be sent through the system), and other factors, including the user's geographic location, the local terrain, and the type of buildings that require connection. Typically, the more difficult it is to provide service and the higher the quality of the wiring medium, the higher the cost of that service. In addition to the recurring cost of the service itself, there will be non-recurring implementation costs, including costs for equipment, wiring, connectors, jacks, and installation.

Vendors

Disclaimer: The information provided in this guide does not constitute an endorsement by the Environmental Protection Agency of any non-Federal entity, its products or its services. In addition, EPA does not endorse the vendors and products listed on this site. EPA is publishing lists of vendors on this site in an effort to further public awareness of vendors identified as possible contacts for further information and possible purchase of the different types of security equipment. The Agency has selected the listed vendors on that basis. The list of vendors is not a complete list, and EPA does not endorse the products or services of these vendors.

PBX with Advanced Security Features

Avaya 211 Mt Airy Road Basking Ridge, NJ 07920 (866) 462-8292 www.avaya.com	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 (800) 553-6387 www.cisco.com
AT&T / Lucent 600 Mountain Ave. Murray Hill, NJ 07974-0636 (908) 582-8500 www.lucent.com	Panasonic One Panasonic Way Secaucus, NJ 07094 (800) 211-7262 www.panasonic.com
Toshiba 1251 Avenue of the Americas Suite 4110 New York, NY 10020 (800) 316-0920 www.toshiba.com	Siemens Citicorp Center 153 East 53rd Street New York, NY 10022-4611 (800) 743-6367 www.siemens.com

PBX with Advanced Security Features

Securelogix Corporation
13750 San Pedro Ave. Suite 230
San Antonio, TX 78232
800-817-4837
www.securelogix.com

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
(800) 553-6387
www.cisco.com

ETM

Concord Communications, Inc.
600 Nickerson Road
Marlboro, MA 01752
800 851-8725
www.concord.com

Micromuse/Netcool
139 Townsend St.
San Francisco, CA 94107
415 538 9090
www.micromuse.com

Encryption

PGP 3460 West Bayshore Road Palo Alto, CA 94303 650 319 9000 www.pgp.com	PC Guardian 1133 E. Francisco Blvd. San Rafael, CA 94901-5427 800-440-0419 www.pcguardian.com
DriveCrypt Munich, Germany www.securstar.com	Entrust One Hanover Park 16633 Dallas Parkway, Suite 800 Addison, TX 75001 888-690-2424 www.entrust.com

Routers and Switches

ADTRAN 901 Explorer Blvd. Huntsville, AL 35806 256-963-8000 www.adtran.com	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 800-553-NETS www.cisco.com
3Com 350 Campus Drive Marlborough, MA 01752-3064 800-NET-3Com www.3com.com	Juniper 805 11th Ave., Building 3 Sunnyvale, CA 94089 408 543-2100 www.juniper.net

User Authentication

Funk (Radius) 222 Third Street Cambridge, MA 02142 800-828-4146 www.funk.com	RSA Security 174 Middlesex Turnpike Bedford, MA 01739 877-RSA-4900 www.rsasecurity.com
Cisco Systems, Inc. (Tacacs+) 170 West Tasman Drive San Jose, CA 95134 800-553-NETS www.cisco.com

Integrity Checking

TripWire 326 SW Broadway, 3rd Floor Portland, OR 97205 800-TRIPWIRE www.tripwire.com	GFI (System Integrity Manager) 15300 Weston Parkway, Suite 104 Cary, NC 27513 888-243-4329 www.gfi.com
SysDesign (MD5sums) PO Box 422 RPO Corydon Winnipeg, MB R3M 3V3 Canada 800-903-4152 www.pc-tools.net/win32/freeware