SlideShare uma empresa Scribd logo

Best Practices: The Key Things You Need to Know Now About Secure Networking Layer 1 (SONET), Layer 2 (ATM), and Layer 3 (IP) Encryption Technologies

SafeNet
SafeNet

With organizations expanding and becoming more geographically dispersed, the global collaboration between partners, suppliers, and customers is forcing a requirement for secure and transparent high-speed communications across the network. Enterprise network and security engineering groups must reach an appropriate balance between enabling communication while securing corporate information. Organizations also require high-speed communication links that provide reliable, trouble free, low latency connectivity in order to back up operational activities and recover from disaster. Although bandwidth is readily available, Service Providers do not provide data integrity for high-speed communication, and there is no accountability or trust applied to the security of the end users’ data. The best solution for data integrity is encryption; specifi cally, solutions designed to provide a highspeed, secure, trusted, and reliable flow of information.

Tecnologia
1 de 5
Baixar para ler offline
Best Practices: The Key Things You Need to Know Now About Secure Networking Layer 1 (SONET), Layer 2 (ATM), and Layer 3 (IP) Encryption Technologies WHITE PAPER Reaching a Balance Between Communications and Security Threats to high-speed communications, and the sensitive data they carry, have reached a critical point, with the threats rapidly escalating in sophistication and frequency over the last several years. The loss of sensitive data has a significant economic impact. According to recent studies by the FBI and the American Society for Industrial Security, each data attack costs an organization between $150,000 and $400,000, with multiple attacks driving these costs into the millions of dollars per year. The need for a secure networking environment is obvious and vital. However, enterprises have other needs to consider. At the top of this list is speed — as network users and transactions grow, so does the need for faster connectivity and processing to support data communication between headquarters and core sites. Ultimately, companies require high- speed communication channels that provide high availability, dependable quality of service, and low latency in order to support their operational processes, as well as their continuity of services planning. Reaching the appropriate balance between enabling communication and providing adequate protection of sensitive information is one of the most significant challenges faced by today’s enterprise network and security engineering groups. SafeNet’s innovative approach to obtaining this balance is through the application of security solutions that offer the flexibility to encrypt data at the Physical (Layer 1), Data Link (Layer 2), and Network (Layer 3) layers. By providing three layers of security, organizations have alternatives for protecting information without disrupting existing infrastructure and systems. The High-Speed Network Security Challenge The geographically disparate operations of multi-national corporations are well known, however the majority of medium and large enterprises also have networks comprised of partners, suppliers, and customers residing outside geographic and national borders. This global explosion of collaboration has saturated nearly every aspect of modern business with staggering economic implications and corresponding demands upon “the network” – the critical infrastructure upon which their business survival depends. Widely dispersed networks Best Practices: The Key Things You Need to Know Now About Secure Networking White Paper 1
are more vulnerable than protected local networks. Additionally, the security and auditing methods employed to meet regulatory requirements must be extended over the widely dispersed networks in order to maintain regulatory compliance. This all results in the necessity for transparent high-speed encryption wherever there are high-speed data communications. Although bandwidth is readily available, Service Providers do not provide data integrity for high- speed communication. Their solution has been to address security through traffic isolation or data separation. This minimal level of privacy does not protect against data disclosure caused by equipment failure, eavesdropping at switching and routing points, network misconfiguration, and so forth. Further, when multiple carriers are required to deliver regional, national, and global communications, there is generally no accountability or trust applied to the security of the end users’ data. The best solution for data integrity is encryption—specifically, solutions designed to provide the high speed, secure, trusted, and reliable flow of information. Finance, government, medical, research, utility, and communications companies, to name a few, are challenged to find a high- speed encryption solution for data integrity that is effective, easy to deploy, and addresses the most common applications for highspeed communications. Common Applications for High-Speed Communications Common Applications for High-Speed Interconnect today’s geographically dispersed server farms and data centers while providing Communications the backbone for highspeed Local Area Networks (LANs) or switched internetworks used to operate high bandwidth applications, such as multimedia and video conferencing. Metropolitan Area Networks (MANs) Serves a role similar to an Internet Service Provider (ISP), but for a consortium of users or partners providing a highspeed captive network for sharing resources, creating corporate campuses, and establishing transparent LAN applications. Storage Area Network (SANs) Interconnects data storage facilities or associated data servers on behalf of a large network of users. Typically, an overall solution for high-speed computing resources providing services such as VoIP (Voice over IP) aggregation, Triple Play (voice/data/video), Ethernet Video, or Wireless LANs. Disaster Recovery Utilizes WAWAN technologies to implement a high-speed, purpose-built network for the remote backup, storage, and immediate recovery of data, providing businesses with continuity of operations so that they may open their doors “the day after.” Using the Right Encryption Technology Factors to be considered when designing security into network architectures include the applications to be implemented, their corresponding performance requirements, the circumstances under which they will be used (WAWAN, MAN, SAN, etc.), and last, but clearly not least, the nature of the data itself. Choices for network services vary from high-speed options such as ATATM and/or SONETET/ SDH to the lease or purchase of their own fiber or private line facilities. Lower speed services are offered as Frame Relay, Internet Protocol (IPIP), or MultiProtocol Label Switching (MPLS) services. Encryption solutions for Layer 1 and Layer 2 (Link, ATATM, Frame Relay, and SONET/SDH solutions) are designed to secure static connections, such as site-tosite core office connections (for example, connecting a corporate office with its manufacturing facility or offshore development team). Best Practices: The Key Things You Need to Know Now About Secure Networking White Paper 2
IPIP Sec is most commonly used to secure communications across public IPIP and MPLS networks (Layer 3). IPIPSec’s strength is in its flexibility – by being both protocol and network independent. The downside to IPIPSec technology is an overhead burden on the network (that can be, in extreme cases, in excess of 50%), as well as its complex administration requirements. Each of the encryption solutions serves a different purpose. Layer 1 and Layer 2 solutions are designed for high-speed inter-network connectivity. IPSec (Layer 3) is a bridging technology best suited to connecting many sites to one another across the Internet. Enterprises will best serve their security needs by incorporating multiple encryption technologies – selecting the appropriate technology for each application. This will maximize network throughput, control security costs, simplify security management, and deliver a “best- of-breed” solution. Layer 1 and Layer 2 encryption have the following characteristics in comparison to IPSec (Layer 3): Performance Most organizations carefully monitor the utilization of the network infrastructure, as building excess capacity has a direct impact on the cost of the service provisioned. Therefore, anything that increases bandwidth utilization needs to have a clear business case to support it. One of the side effects of the introduction of IPSec is the increase in overhead on the IP packets. This is dependent upon the packet size, which can be as much as 50% for small packets. VoIPIP introduces a large number of small packets and, for this reason, any organization that is planning its implementation needs to consider this issue carefully. In certain network environments, the increase in packet size may lead to packet fragmentation, which may cause network performance issues. Layer 1 and Layer 2 encryption introduces virtually no latency or overhead to the network Ease of Due to the more static nature of Layer 1 and Layer 2 connections, the implementation of these encryption devices is typically “set and forget.” They Implementation are sometimes referred to as “bumps in the wire.” Once installed, they usually and Ongoing require little, if any, ongoing configuration and maintenance. Management Enterprises will best serve their security needs by incorporating Depth of Security Due to its nature, this capability is nearly always implemented in highly secured hardware (FIPIPS 140- 1 or 140-2 and/or Common Criteria 4+ Certified), and is multiple encryption technologies configured once by a trusted employee, which means there is no way to bypass – selecting the appropriate the connection and get information out in the clear. technology for each application. New encryption standards, such as AES 256, areimplemented. It supports higher throughputs, such as OC192/STM64 (10Gbps). IPSec (Layer 3) encryption has the following characteristics in comparison to Layer 1 and Layer 2 encryption: Support Has the inherent capability to supply access toother locations. for Diverse Provides the ability to secure traffic in a highly selective manner. Networks Allows the enforcement policy in a flexible and indepth manner in order to satisfy the most stringent of fixed-site security requirements. Commonality of As IPSec is inherently a Layer 3 service, it is independent of Layer 1 and Layer 2 configurations and link types. Implementation A common method of implementation can be used across all connection types. Depth of Security The encryption occurs closer to the application. A well-understood and proven interoperability with most vendors. Rigorous scrutiny of IPSec and key exchange ensures a high level of security. Best Practices: The Key Things You Need to Know Now About Secure Networking White Paper 3
World’s Only Complete Family of Encryption Solutions— from Layer 1 to Layer 3 SafeNet has developed the world’s only complete family of devices for encrypting high-speed communications. Wirespeed performance, scalability, and quality of service provide operational integrity without impacting the network architecture or degrading bandwidth utilization. Customers are no longer forced to utilize inherently unsecure solutions for high-speed communications. SafeNet’s SafeEnterprise™ SONETET (Layer 1) and ATATM (Layer 2) Encryptors leverage fixed-frame protocols for reduced overhead and extremely low latency by offering the fastest encryption line rates on the market. Our SONET/SDH encryption scheme adds no overhead, compared to as much as 50% encryption overhead required by higher layer encryption schemes, such as IPIPSec, and is compatible with the majority of fiber infrastructures around the world. Available at very high speeds (OC-48/STM16 and OC-192/STM64), SafeNet SONETET Encryptors provide simple, secure, and extremely fast site-to-site security, and are the ideal solution for timesensitive, high-bandwidth applications, such as voice and video, disaster recovery, and site- to-site communications. Our purpose-built, dedicated HighAssurance™ 4000 IPSec (Layer 3) Gateway provides better performance and security than router-based solutions because the hardware is dedicated to data encryption functions and is secured from external intervention, contrary to the intended purpose of a router. The benefits of SafeNet’s dedicated IPSec security appliance versus integrated solutions include separation of security policy from networking policies, higher throughput values, lower cost of ownership over time, and higher levels of security and assurance. PRIVATE NETWORK PUBLIC NETWORK Customer SafeEnterprise™ Vendor/Partners SONET Encryptor SONET/SDH SafeNet’s SafeEnterprise™ SafeEnterprise™ HighAssurance™ Workstation/ Server SONET Encryptor Branch Offices 4000 Gateway SONETET (Layer 1) and ATATM www HighAssurance™ 4000 Gateway HighAssurance™ SONET/SDH (Layer 2) Encryptors leverage Internet 4000 Gateway SafeEnterprise™ SafeEnterprise™ SONET Encryptor fixed-frame protocols for SONET Encryptor HighAssurance™ SafeEnterprise™ 4000 Gateway Branch Office reduced overhead and extremely LAYER 1 (Physical Layer) Line and Path Encryption Security Management Center low latency by offering the LAYER 3 (Network Layer) IP Encryption Main Office fastest encryption line rates on SafeEnterprise™ ATM Encryptor II the market. Branch Office SafeEnterprise™ ATM Encryptor II ATM SafeEnterprise™ ATM Encryptor II Branch Office LAYER 2 (Data Link Layer) VC Encryption SafeNet also offers Layer 2 (Frame Relay and ATATM) security solutions that are compatible with MPLS (Layer 3) networks. These solutions provide low latency throughput, virtually no overhead, making best use of the available bandwidth, and have easy to manage configuration and key management systems. The SafeEnterprise Security Management Center (SMC) provides centralized management for our entire family of Layer 1, Layer 2, and Layer 3 devices within a single product, ensuring that customers save time and reduce cost, while effectively implementing network security for the industry’s strongest authentication, definition, and enforcement of security policy. Best Practices: The Key Things You Need to Know Now About Secure Networking White Paper 4
SafeNet’s future product plans will mark the first time high-speed encryption has achieved interface autonomy for network security, allowing customers to add security that is independent of network infrastructures. Our upcoming development projects will also ensure customers that they have a partner that is committed to securing high-assurance communications regardless of the type of transport technology that is chosen. Summary With organizations expanding and becoming more geographically dispersed, the global collaboration between partners, suppliers, and customers is forcing a requirement for secure and transparent high-speed communications across the network. Enterprise network and security engineering groups must reach an appropriate balance between enabling communication while securing corporate information. Organizations also require high-speed communication links that provide reliable, trouble free, low latency connectivity in order to back up operational activities and recover from disaster. Although bandwidth is readily available, Service Providers do not provide data integrity for high-speed communication, and there is no accountability or trust applied to the security of the end users’ data. The best solution for data integrity is encryption; specifically, solutions designed to provide a highspeed, secure, trusted, and reliable flow of information. Layer 1 and Layer 2 encryption technologies, as well as IPIPSec, complement one another within the encryption market; however, each primarily serves a different purpose. Layer 1 and Layer 2 solutions are designed to connect networks to networks, while IPIPSec at Layer 3 functions as a bridging technology best suited to connecting many sites to one another across public networks. It is quite likely that many enterprises will find that their security needs are best solved by incorporating multiple encryption technologies. Therefore, it is important that the management of any solution has the ability to simultaneously and seamlessly apply and enforce connection rights and policies across multiple technologies. SafeNet’s innovative approach to the issues and technologies described above is to provide a complete family that offers the flexibility to encrypt data at the Physical (Layer 1), Data Link (Layer 2), and Network (Layer 3) layers for communication, while providing organizations with the best alternative for implementing encryption within their existing infrastructure. SafeNet offers the world’s only omplete solution—a family of high-speed encryption products, from SONET to ATATM to IP, with centralized management. About SafeNet Founded in 1983, SafeNet is a global leader in information security. SafeNet protects its customers’ most valuable assets, including identities, transactions, communications, data and software licensing, throughout the data lifecycle. More than 25,000 customers across both commercial enterprises and government agencies and in over 100 countries trust their information security needs to SafeNet. Contact Us: For all office locations and contact information, please visit www.safenet-inc.com Follow Us: www.safenet-inc.com/connected ©2010 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. WP (A4)-09.07.10 Best Practices: The Key Things You Need to Know Now About Secure Networking White Paper 5

Recomendados

Prezentare Class It 2009 Varianta 1
Prezentare Class It 2009 Varianta 1Prezentare Class It 2009 Varianta 1
Prezentare Class It 2009 Varianta 1roxanaaxini
 
Computer Networks. Internet programming basics
Computer Networks. Internet programming basicsComputer Networks. Internet programming basics
Computer Networks. Internet programming basicsSabin Buraga
 
Training Jci Share Point Intranet
Training Jci Share Point IntranetTraining Jci Share Point Intranet
Training Jci Share Point Intranetilieghiciuc
 
Sql reporting
Sql reportingSql reporting
Sql reportingonorabil
 
05 nivelul retea (2)
05 nivelul retea (2)05 nivelul retea (2)
05 nivelul retea (2)Pascu Corneliu Florin
 
Outsourcing
OutsourcingOutsourcing
Outsourcinglauravintila
 
Server de piese muzicale
Server de piese muzicaleServer de piese muzicale
Server de piese muzicaleFlavia Olaru
 
Computer Networks. Domain Name System
Computer Networks. Domain Name SystemComputer Networks. Domain Name System
Computer Networks. Domain Name SystemSabin Buraga
 

Recomendados

Prezentare Class It 2009 Varianta 1
Prezentare Class It 2009 Varianta 1Prezentare Class It 2009 Varianta 1
Prezentare Class It 2009 Varianta 1roxanaaxini
 
Computer Networks. Internet programming basics
Computer Networks. Internet programming basicsComputer Networks. Internet programming basics
Computer Networks. Internet programming basicsSabin Buraga
 
Training Jci Share Point Intranet
Training Jci Share Point IntranetTraining Jci Share Point Intranet
Training Jci Share Point Intranetilieghiciuc
 
Sql reporting
Sql reportingSql reporting
Sql reportingonorabil
 
05 nivelul retea (2)
05 nivelul retea (2)05 nivelul retea (2)
05 nivelul retea (2)Pascu Corneliu Florin
 
Outsourcing
OutsourcingOutsourcing
Outsourcinglauravintila
 
Server de piese muzicale
Server de piese muzicaleServer de piese muzicale
Server de piese muzicaleFlavia Olaru
 
Computer Networks. Domain Name System
Computer Networks. Domain Name SystemComputer Networks. Domain Name System
Computer Networks. Domain Name SystemSabin Buraga
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference GuideSafeNet
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlSafeNet
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldSafeNet
 
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilityNot Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilitySafeNet
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelCloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelSafeNet
 
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeNet
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSafeNet
 
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...SafeNet
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...SafeNet
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...SafeNet
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementSafeNet
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
Building Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesBuilding Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesSafeNet
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...SafeNet
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...SafeNet
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Mais conteúdo relacionado

Mais de SafeNet

eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference GuideSafeNet
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlSafeNet
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldSafeNet
 
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilityNot Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilitySafeNet
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelCloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelSafeNet
 
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeNet
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSafeNet
 
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...SafeNet
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...SafeNet
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...SafeNet
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementSafeNet
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
Building Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesBuilding Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesSafeNet
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...SafeNet
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...SafeNet
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 

Mais de SafeNet (20)

eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference Guide
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the Cloud
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative World
 
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilityNot Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
 
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelCloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
 
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise Applications
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security Guide
 
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk Management
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling Business
 
Building Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesBuilding Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and Strategies
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server Encryption
 

Último

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 

Último (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Best Practices: The Key Things You Need to Know Now About Secure Networking Layer 1 (SONET), Layer 2 (ATM), and Layer 3 (IP) Encryption Technologies

  • 1. Best Practices: The Key Things You Need to Know Now About Secure Networking Layer 1 (SONET), Layer 2 (ATM), and Layer 3 (IP) Encryption Technologies WHITE PAPER Reaching a Balance Between Communications and Security Threats to high-speed communications, and the sensitive data they carry, have reached a critical point, with the threats rapidly escalating in sophistication and frequency over the last several years. The loss of sensitive data has a significant economic impact. According to recent studies by the FBI and the American Society for Industrial Security, each data attack costs an organization between $150,000 and $400,000, with multiple attacks driving these costs into the millions of dollars per year. The need for a secure networking environment is obvious and vital. However, enterprises have other needs to consider. At the top of this list is speed — as network users and transactions grow, so does the need for faster connectivity and processing to support data communication between headquarters and core sites. Ultimately, companies require high- speed communication channels that provide high availability, dependable quality of service, and low latency in order to support their operational processes, as well as their continuity of services planning. Reaching the appropriate balance between enabling communication and providing adequate protection of sensitive information is one of the most significant challenges faced by today’s enterprise network and security engineering groups. SafeNet’s innovative approach to obtaining this balance is through the application of security solutions that offer the flexibility to encrypt data at the Physical (Layer 1), Data Link (Layer 2), and Network (Layer 3) layers. By providing three layers of security, organizations have alternatives for protecting information without disrupting existing infrastructure and systems. The High-Speed Network Security Challenge The geographically disparate operations of multi-national corporations are well known, however the majority of medium and large enterprises also have networks comprised of partners, suppliers, and customers residing outside geographic and national borders. This global explosion of collaboration has saturated nearly every aspect of modern business with staggering economic implications and corresponding demands upon “the network” – the critical infrastructure upon which their business survival depends. Widely dispersed networks Best Practices: The Key Things You Need to Know Now About Secure Networking White Paper 1
  • 2. are more vulnerable than protected local networks. Additionally, the security and auditing methods employed to meet regulatory requirements must be extended over the widely dispersed networks in order to maintain regulatory compliance. This all results in the necessity for transparent high-speed encryption wherever there are high-speed data communications. Although bandwidth is readily available, Service Providers do not provide data integrity for high- speed communication. Their solution has been to address security through traffic isolation or data separation. This minimal level of privacy does not protect against data disclosure caused by equipment failure, eavesdropping at switching and routing points, network misconfiguration, and so forth. Further, when multiple carriers are required to deliver regional, national, and global communications, there is generally no accountability or trust applied to the security of the end users’ data. The best solution for data integrity is encryption—specifically, solutions designed to provide the high speed, secure, trusted, and reliable flow of information. Finance, government, medical, research, utility, and communications companies, to name a few, are challenged to find a high- speed encryption solution for data integrity that is effective, easy to deploy, and addresses the most common applications for highspeed communications. Common Applications for High-Speed Communications Common Applications for High-Speed Interconnect today’s geographically dispersed server farms and data centers while providing Communications the backbone for highspeed Local Area Networks (LANs) or switched internetworks used to operate high bandwidth applications, such as multimedia and video conferencing. Metropolitan Area Networks (MANs) Serves a role similar to an Internet Service Provider (ISP), but for a consortium of users or partners providing a highspeed captive network for sharing resources, creating corporate campuses, and establishing transparent LAN applications. Storage Area Network (SANs) Interconnects data storage facilities or associated data servers on behalf of a large network of users. Typically, an overall solution for high-speed computing resources providing services such as VoIP (Voice over IP) aggregation, Triple Play (voice/data/video), Ethernet Video, or Wireless LANs. Disaster Recovery Utilizes WAWAN technologies to implement a high-speed, purpose-built network for the remote backup, storage, and immediate recovery of data, providing businesses with continuity of operations so that they may open their doors “the day after.” Using the Right Encryption Technology Factors to be considered when designing security into network architectures include the applications to be implemented, their corresponding performance requirements, the circumstances under which they will be used (WAWAN, MAN, SAN, etc.), and last, but clearly not least, the nature of the data itself. Choices for network services vary from high-speed options such as ATATM and/or SONETET/ SDH to the lease or purchase of their own fiber or private line facilities. Lower speed services are offered as Frame Relay, Internet Protocol (IPIP), or MultiProtocol Label Switching (MPLS) services. Encryption solutions for Layer 1 and Layer 2 (Link, ATATM, Frame Relay, and SONET/SDH solutions) are designed to secure static connections, such as site-tosite core office connections (for example, connecting a corporate office with its manufacturing facility or offshore development team). Best Practices: The Key Things You Need to Know Now About Secure Networking White Paper 2
  • 3. IPIP Sec is most commonly used to secure communications across public IPIP and MPLS networks (Layer 3). IPIPSec’s strength is in its flexibility – by being both protocol and network independent. The downside to IPIPSec technology is an overhead burden on the network (that can be, in extreme cases, in excess of 50%), as well as its complex administration requirements. Each of the encryption solutions serves a different purpose. Layer 1 and Layer 2 solutions are designed for high-speed inter-network connectivity. IPSec (Layer 3) is a bridging technology best suited to connecting many sites to one another across the Internet. Enterprises will best serve their security needs by incorporating multiple encryption technologies – selecting the appropriate technology for each application. This will maximize network throughput, control security costs, simplify security management, and deliver a “best- of-breed” solution. Layer 1 and Layer 2 encryption have the following characteristics in comparison to IPSec (Layer 3): Performance Most organizations carefully monitor the utilization of the network infrastructure, as building excess capacity has a direct impact on the cost of the service provisioned. Therefore, anything that increases bandwidth utilization needs to have a clear business case to support it. One of the side effects of the introduction of IPSec is the increase in overhead on the IP packets. This is dependent upon the packet size, which can be as much as 50% for small packets. VoIPIP introduces a large number of small packets and, for this reason, any organization that is planning its implementation needs to consider this issue carefully. In certain network environments, the increase in packet size may lead to packet fragmentation, which may cause network performance issues. Layer 1 and Layer 2 encryption introduces virtually no latency or overhead to the network Ease of Due to the more static nature of Layer 1 and Layer 2 connections, the implementation of these encryption devices is typically “set and forget.” They Implementation are sometimes referred to as “bumps in the wire.” Once installed, they usually and Ongoing require little, if any, ongoing configuration and maintenance. Management Enterprises will best serve their security needs by incorporating Depth of Security Due to its nature, this capability is nearly always implemented in highly secured hardware (FIPIPS 140- 1 or 140-2 and/or Common Criteria 4+ Certified), and is multiple encryption technologies configured once by a trusted employee, which means there is no way to bypass – selecting the appropriate the connection and get information out in the clear. technology for each application. New encryption standards, such as AES 256, areimplemented. It supports higher throughputs, such as OC192/STM64 (10Gbps). IPSec (Layer 3) encryption has the following characteristics in comparison to Layer 1 and Layer 2 encryption: Support Has the inherent capability to supply access toother locations. for Diverse Provides the ability to secure traffic in a highly selective manner. Networks Allows the enforcement policy in a flexible and indepth manner in order to satisfy the most stringent of fixed-site security requirements. Commonality of As IPSec is inherently a Layer 3 service, it is independent of Layer 1 and Layer 2 configurations and link types. Implementation A common method of implementation can be used across all connection types. Depth of Security The encryption occurs closer to the application. A well-understood and proven interoperability with most vendors. Rigorous scrutiny of IPSec and key exchange ensures a high level of security. Best Practices: The Key Things You Need to Know Now About Secure Networking White Paper 3
  • 4. World’s Only Complete Family of Encryption Solutions— from Layer 1 to Layer 3 SafeNet has developed the world’s only complete family of devices for encrypting high-speed communications. Wirespeed performance, scalability, and quality of service provide operational integrity without impacting the network architecture or degrading bandwidth utilization. Customers are no longer forced to utilize inherently unsecure solutions for high-speed communications. SafeNet’s SafeEnterprise™ SONETET (Layer 1) and ATATM (Layer 2) Encryptors leverage fixed-frame protocols for reduced overhead and extremely low latency by offering the fastest encryption line rates on the market. Our SONET/SDH encryption scheme adds no overhead, compared to as much as 50% encryption overhead required by higher layer encryption schemes, such as IPIPSec, and is compatible with the majority of fiber infrastructures around the world. Available at very high speeds (OC-48/STM16 and OC-192/STM64), SafeNet SONETET Encryptors provide simple, secure, and extremely fast site-to-site security, and are the ideal solution for timesensitive, high-bandwidth applications, such as voice and video, disaster recovery, and site- to-site communications. Our purpose-built, dedicated HighAssurance™ 4000 IPSec (Layer 3) Gateway provides better performance and security than router-based solutions because the hardware is dedicated to data encryption functions and is secured from external intervention, contrary to the intended purpose of a router. The benefits of SafeNet’s dedicated IPSec security appliance versus integrated solutions include separation of security policy from networking policies, higher throughput values, lower cost of ownership over time, and higher levels of security and assurance. PRIVATE NETWORK PUBLIC NETWORK Customer SafeEnterprise™ Vendor/Partners SONET Encryptor SONET/SDH SafeNet’s SafeEnterprise™ SafeEnterprise™ HighAssurance™ Workstation/ Server SONET Encryptor Branch Offices 4000 Gateway SONETET (Layer 1) and ATATM www HighAssurance™ 4000 Gateway HighAssurance™ SONET/SDH (Layer 2) Encryptors leverage Internet 4000 Gateway SafeEnterprise™ SafeEnterprise™ SONET Encryptor fixed-frame protocols for SONET Encryptor HighAssurance™ SafeEnterprise™ 4000 Gateway Branch Office reduced overhead and extremely LAYER 1 (Physical Layer) Line and Path Encryption Security Management Center low latency by offering the LAYER 3 (Network Layer) IP Encryption Main Office fastest encryption line rates on SafeEnterprise™ ATM Encryptor II the market. Branch Office SafeEnterprise™ ATM Encryptor II ATM SafeEnterprise™ ATM Encryptor II Branch Office LAYER 2 (Data Link Layer) VC Encryption SafeNet also offers Layer 2 (Frame Relay and ATATM) security solutions that are compatible with MPLS (Layer 3) networks. These solutions provide low latency throughput, virtually no overhead, making best use of the available bandwidth, and have easy to manage configuration and key management systems. The SafeEnterprise Security Management Center (SMC) provides centralized management for our entire family of Layer 1, Layer 2, and Layer 3 devices within a single product, ensuring that customers save time and reduce cost, while effectively implementing network security for the industry’s strongest authentication, definition, and enforcement of security policy. Best Practices: The Key Things You Need to Know Now About Secure Networking White Paper 4
  • 5. SafeNet’s future product plans will mark the first time high-speed encryption has achieved interface autonomy for network security, allowing customers to add security that is independent of network infrastructures. Our upcoming development projects will also ensure customers that they have a partner that is committed to securing high-assurance communications regardless of the type of transport technology that is chosen. Summary With organizations expanding and becoming more geographically dispersed, the global collaboration between partners, suppliers, and customers is forcing a requirement for secure and transparent high-speed communications across the network. Enterprise network and security engineering groups must reach an appropriate balance between enabling communication while securing corporate information. Organizations also require high-speed communication links that provide reliable, trouble free, low latency connectivity in order to back up operational activities and recover from disaster. Although bandwidth is readily available, Service Providers do not provide data integrity for high-speed communication, and there is no accountability or trust applied to the security of the end users’ data. The best solution for data integrity is encryption; specifically, solutions designed to provide a highspeed, secure, trusted, and reliable flow of information. Layer 1 and Layer 2 encryption technologies, as well as IPIPSec, complement one another within the encryption market; however, each primarily serves a different purpose. Layer 1 and Layer 2 solutions are designed to connect networks to networks, while IPIPSec at Layer 3 functions as a bridging technology best suited to connecting many sites to one another across public networks. It is quite likely that many enterprises will find that their security needs are best solved by incorporating multiple encryption technologies. Therefore, it is important that the management of any solution has the ability to simultaneously and seamlessly apply and enforce connection rights and policies across multiple technologies. SafeNet’s innovative approach to the issues and technologies described above is to provide a complete family that offers the flexibility to encrypt data at the Physical (Layer 1), Data Link (Layer 2), and Network (Layer 3) layers for communication, while providing organizations with the best alternative for implementing encryption within their existing infrastructure. SafeNet offers the world’s only omplete solution—a family of high-speed encryption products, from SONET to ATATM to IP, with centralized management. About SafeNet Founded in 1983, SafeNet is a global leader in information security. SafeNet protects its customers’ most valuable assets, including identities, transactions, communications, data and software licensing, throughout the data lifecycle. More than 25,000 customers across both commercial enterprises and government agencies and in over 100 countries trust their information security needs to SafeNet. Contact Us: For all office locations and contact information, please visit www.safenet-inc.com Follow Us: www.safenet-inc.com/connected ©2010 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. WP (A4)-09.07.10 Best Practices: The Key Things You Need to Know Now About Secure Networking White Paper 5