Layer 2 Network encryption Verifiably secure, simple, fast. - Secunet

L2 Box
Layer 2 Network encryption
Verifiably secure, simple, fast.

SINA L2 Box – reliable line encryption.
Nowadays internal and confidential data is exchanged between locations
or computer centres of public authorities and companies primarily over
public lines. As a consequence information can be read or manipulated
using comparatively simple techniques. The resulting damage in terms of
trust, image and cost is still vastly underestimated. Further, companies
and public authorities are increasingly subject to international, national
or internal compliance rules that demand specified measures for and
proof of information security. Reliable protection of information is absolutely
essential. The safest and most cost-effective method is the use of
encryption.
Security and performance – with hardware cryptography.
The SINA L2 Boxes encrypt data lines between locations or within public
authorities and companies. Even highly time-critical applications and
scenarios are secured due to the very low latency, and VoIP connections
as well as video conferences are protected from data manipulation and
espionage during transmission without any loss of quality. Bandwidths of
100 MBit/s, 1 GBit/s or 10 GBit/s prevent loss of performance, enabling
a secure connection or synchronisation even of entire data centres and
storage attached network (SAN) environments. Through the deployment
About SINA.
SINA (Secure Inter-Network Architecture) enables the protected processing,
storage, transfer and a full audit trail of classified information and other
sensitive data. The portfolio comprises various SINA clients, gateways and
The development of such encryption solutions – right up to security
architectures such as SINA – is one of secunet’s core competences. With
SINA L2 Boxes you can reliably protect your information even in potentially
non-secure networks. Due to its highly efficient encryption performance,
virtually no reduction in data throughput is noticeable. Its ability to function
as well as the performance of the public authority and company network
are not affected, and confidentiality, integrity, availability and authenticity
of the information is guaranteed during data transfer – the SINA L2 technology
supports you in meeting your compliance requirements.
of hardware cryptography in data transmission, coupling or synchronisation
take place securely and without loss of performance. Even satellite
connections can be encrypted with no noticeable loss of quality, and the
common issues of jitter and delay do not arise with SINA Layer 2 encryption.
All routing protocols are supported.
link encryptors as well as the SINA Management. All SINA products have
successfully been in service with national and international customers over
a number of years.

SINA L2 Box -
tailor-made encryption.
Data connections can be encrypted at layer 2 or 3 of the ISO/OSI layer
model. SINA L2 Boxes are particularly suited to the rapid and secure
transfer of large quantities of data, for example in mirrored data centres,
as they produce no overhead and thus offer the highest possible security
and full performance with minimum latency. They are therefore preferred
for time-critical applications and heavily utilised connections. Layer 2
encryption is protocol-independent. The encryption at layer 3, on the
other hand, is protocol-dependent (IP-based) and thus more flexible in
terms of device selection. This means that more complex environments
The SINA L2 technology is the ideal solution
for your secure data transfer.
Head Office
SINA L2 Box SINA L2 Box
SINA Management
SINA L2 Box
SINA L2 Box
Branch Office 1 Branch Office 2
SINA L2 Box SINA L2 Box
SINA L2 Box
can be mapped at layer 3. It is possible to configure security connections
with gateways, stationary and mobile clients. However, unlike to
layer 2 encryption, data transfer at layer 3 can not achieve line speed.
Encryption can be made at both layers with SINA as point-to-point, pointto-multipoint
and multipoint-to-multipoint connections. This makes SINA
L2 Boxes an excellent solution for safeguarding existing network infrastructures.
Public authorities and corporations can select the encryption method
best suited to their specific application.
SAN at Location A
SINA L2 Box
SINA L2 Box
SAN at Location B
other Branch Offices

Simple and effective - from integration
to commissioning right through to live operation.
SINA L2 Boxes can be integrated into your network conveniently and
quickly and no change to your network infrastructure is required! Encryption
is performed between boxes that are “invisible” to the network – the
components can be deployed immediately and are easily integrated into
the line between provider and company network. The simplest installation
for a medium-sized company or public authority network, for example,
can be completed within one day and without affecting live operation.
SINA L2 Box
From the point of integration onwards, your data and classified matters
are transferred securely. Attackers are no longer able to identify the network
infrastructure behind the SINA L2 Boxes. Once in use, the SINA L2
Boxes operate with practically no administration and maintenance, thus
reducing your operating costs to a minimum.
Installation, maintenance, analysis by
qualified personnel – professional and high performance.
Professional set-up by secunet in combination with tailored, maintenancefree
operation of the encryption solution guarantee the highest possible
protection and continuous availability of your SINA L2 Boxes.
The quality of the network connections between SINA layer-2 encryptors
can be demonstrated via a wide range of analysis and measuring services.
The deployment of state-of-the-art measuring devices enables the data
throughput of your connection to be determined, error and protocol analyses
to be run and, for example, real-life comparison data with and without
encryption to be provided. This allows you to keep the performance and
the security of your data in view at all times.

The service portfolio at a glance.
Protection
Brief description
SINA L2 Box – the technology.
The SINA L2 Box is approved by the Federal Office for Information Security
(BSI) up to and including RESTRICTED and NATO RESTRICTED.
A RESTREINT UE* approval has also been granted.
SINA L2 Box
SINA L2 Box S 100M SINA L2 Box S 1G SINA L2 Box S 10G
Basic
Hardware cryptography
Throughput: Ethernet line rate
in frame mode 100 MBit/s,
full duplex
Latency: 100 M: ≤ 40 μs
per device
With the product variants of the SINA L2 Boxes,
secunet offers a high-security solution for the cryptographic
safeguarding of IEEE 802.3-compliant Ethernet
and dark fibre links. Using full-duplex encryption
the SINA L2 Box reliably secures these connections
with throughput rates of 100 MBit/s, 1 GBit/s or 10
GBit/s. The entire range of applications in MAN, WAN
and SAN areas can be used comfortably.
The SINA L2 components are delivered ready for
operation and work fully transparently for VLAN,
MPLS and other networks. There is no restriction to
Basic
Hardware cryptography
Throughput: Ethernet line rate
in frame mode 1 GBit/s,
full duplex
Latency: 1 G: ≤ 8 μs
per device
Basic
Hardware cryptography
Throughput: Ethernet line rate
in frame mode 10 GBit/s,
full duplex
Latency: 10 G: ≤ 4 μs
per device
For a detailed overview of all technical information see our fact sheet on the SINA L2 Box S.
Security with BSI approval:
any specific protocol to be used. Security functions,
such as manipulation-protected key storage, integrated
line and operational monitoring, audit and event logging,
as well as the easy query of the operational status
via SNMP ensure straightforward network operation.
The synchronisation of the remote locations and the
exchange of the cryptographic connection key occur
automatically at regular intervals. Additional security is
provided by the integrated anti-replay function that
guards against attacks via data replay.

SINA L2 Box – all benefits.
» Protection of Ethernet LAN connections
(point-to-point, point-to-multipoint and
multipoint-to-multipoint connections)
» Various models to choose from: 100 MBit/s,
1 GBit/s and 10 GBit/s data throughput
» Full duplex encryption at line speed
» Key generation via hardware random
number generators
» AES (256 Bit) encryption
» Encryption independent of packet size
» Replay protection (protection against the
replay of data already used)
» Integrity protection (protection against
active attacks)
* For German national use.
» Transparent with respect to VLAN, MPLS
» Protocol-independent
» No change to the network infrastructure
and existing processes thanks to flexible and
modular architecture
» Protection against exposure of the internal
network infrastructure
» Straightforward administration by means
of numerous security functions
» Low operating costs, maintenance-free operation
» Approved by BSI up to RESTRICTED,
NATO RESTRICTED inclusive,
a RESTREINT UE* approval
has also been granted
Further information:
www.sinalayer2.secunet.com/en
secunet Security Networks AG
Kronprinzenstraße 30
45128 Essen, Germany
Phone: +49 - 201- 54 54 - 0
Fax: +49 - 201- 54 54 -1000
E-mail: info@secunet.com
www.secunet.com
09/2012