Layer 2 Network encryption Verifiably secure, simple, fast. - Secunet
Layer 2 Network encryption Verifiably secure, simple, fast. - Secunet
Layer 2 Network encryption Verifiably secure, simple, fast. - Secunet
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
L2 Box<br />
<strong>Layer</strong> 2 <strong>Network</strong> <strong>encryption</strong><br />
<strong>Verifiably</strong> <strong>secure</strong>, <strong>simple</strong>, <strong>fast</strong>.
SINA L2 Box – reliable line <strong>encryption</strong>.<br />
Nowadays internal and confidential data is exchanged between locations<br />
or computer centres of public authorities and companies primarily over<br />
public lines. As a consequence information can be read or manipulated<br />
using comparatively <strong>simple</strong> techniques. The resulting damage in terms of<br />
trust, image and cost is still vastly underestimated. Further, companies<br />
and public authorities are increasingly subject to international, national<br />
or internal compliance rules that demand specified measures for and<br />
proof of information security. Reliable protection of information is absolutely<br />
essential. The safest and most cost-effective method is the use of<br />
<strong>encryption</strong>.<br />
Security and performance – with hardware cryptography.<br />
The SINA L2 Boxes encrypt data lines between locations or within public<br />
authorities and companies. Even highly time-critical applications and<br />
scenarios are <strong>secure</strong>d due to the very low latency, and VoIP connections<br />
as well as video conferences are protected from data manipulation and<br />
espionage during transmission without any loss of quality. Bandwidths of<br />
100 MBit/s, 1 GBit/s or 10 GBit/s prevent loss of performance, enabling<br />
a <strong>secure</strong> connection or synchronisation even of entire data centres and<br />
storage attached network (SAN) environments. Through the deployment<br />
About SINA.<br />
SINA (Secure Inter-<strong>Network</strong> Architecture) enables the protected processing,<br />
storage, transfer and a full audit trail of classified information and other<br />
sensitive data. The portfolio comprises various SINA clients, gateways and<br />
The development of such <strong>encryption</strong> solutions – right up to security<br />
architectures such as SINA – is one of secunet’s core competences. With<br />
SINA L2 Boxes you can reliably protect your information even in potentially<br />
non-<strong>secure</strong> networks. Due to its highly efficient <strong>encryption</strong> performance,<br />
virtually no reduction in data throughput is noticeable. Its ability to function<br />
as well as the performance of the public authority and company network<br />
are not affected, and confidentiality, integrity, availability and authenticity<br />
of the information is guaranteed during data transfer – the SINA L2 technology<br />
supports you in meeting your compliance requirements.<br />
of hardware cryptography in data transmission, coupling or synchronisation<br />
take place <strong>secure</strong>ly and without loss of performance. Even satellite<br />
connections can be encrypted with no noticeable loss of quality, and the<br />
common issues of jitter and delay do not arise with SINA <strong>Layer</strong> 2 <strong>encryption</strong>.<br />
All routing protocols are supported.<br />
link encryptors as well as the SINA Management. All SINA products have<br />
successfully been in service with national and international customers over<br />
a number of years.
SINA L2 Box -<br />
tailor-made <strong>encryption</strong>.<br />
Data connections can be encrypted at layer 2 or 3 of the ISO/OSI layer<br />
model. SINA L2 Boxes are particularly suited to the rapid and <strong>secure</strong><br />
transfer of large quantities of data, for example in mirrored data centres,<br />
as they produce no overhead and thus offer the highest possible security<br />
and full performance with minimum latency. They are therefore preferred<br />
for time-critical applications and heavily utilised connections. <strong>Layer</strong> 2<br />
<strong>encryption</strong> is protocol-independent. The <strong>encryption</strong> at layer 3, on the<br />
other hand, is protocol-dependent (IP-based) and thus more flexible in<br />
terms of device selection. This means that more complex environments<br />
The SINA L2 technology is the ideal solution<br />
for your <strong>secure</strong> data transfer.<br />
Head Office<br />
SINA L2 Box SINA L2 Box<br />
SINA Management<br />
SINA L2 Box<br />
SINA L2 Box<br />
Branch Office 1 Branch Office 2<br />
SINA L2 Box SINA L2 Box<br />
SINA L2 Box<br />
can be mapped at layer 3. It is possible to configure security connections<br />
with gateways, stationary and mobile clients. However, unlike to<br />
layer 2 <strong>encryption</strong>, data transfer at layer 3 can not achieve line speed.<br />
Encryption can be made at both layers with SINA as point-to-point, pointto-multipoint<br />
and multipoint-to-multipoint connections. This makes SINA<br />
L2 Boxes an excellent solution for safeguarding existing network infrastructures.<br />
Public authorities and corporations can select the <strong>encryption</strong> method<br />
best suited to their specific application.<br />
SAN at Location A<br />
SINA L2 Box<br />
SINA L2 Box<br />
SAN at Location B<br />
other Branch Offices
Simple and effective - from integration<br />
to commissioning right through to live operation.<br />
SINA L2 Boxes can be integrated into your network conveniently and<br />
quickly and no change to your network infrastructure is required! Encryption<br />
is performed between boxes that are “invisible” to the network – the<br />
components can be deployed immediately and are easily integrated into<br />
the line between provider and company network. The <strong>simple</strong>st installation<br />
for a medium-sized company or public authority network, for example,<br />
can be completed within one day and without affecting live operation.<br />
SINA L2 Box<br />
From the point of integration onwards, your data and classified matters<br />
are transferred <strong>secure</strong>ly. Attackers are no longer able to identify the network<br />
infrastructure behind the SINA L2 Boxes. Once in use, the SINA L2<br />
Boxes operate with practically no administration and maintenance, thus<br />
reducing your operating costs to a minimum.<br />
Installation, maintenance, analysis by<br />
qualified personnel – professional and high performance.<br />
Professional set-up by secunet in combination with tailored, maintenancefree<br />
operation of the <strong>encryption</strong> solution guarantee the highest possible<br />
protection and continuous availability of your SINA L2 Boxes.<br />
The quality of the network connections between SINA layer-2 encryptors<br />
can be demonstrated via a wide range of analysis and measuring services.<br />
The deployment of state-of-the-art measuring devices enables the data<br />
throughput of your connection to be determined, error and protocol analyses<br />
to be run and, for example, real-life comparison data with and without<br />
<strong>encryption</strong> to be provided. This allows you to keep the performance and<br />
the security of your data in view at all times.
The service portfolio at a glance.<br />
Protection<br />
Brief description<br />
SINA L2 Box – the technology.<br />
The SINA L2 Box is approved by the Federal Office for Information Security<br />
(BSI) up to and including RESTRICTED and NATO RESTRICTED.<br />
A RESTREINT UE* approval has also been granted.<br />
SINA L2 Box<br />
SINA L2 Box S 100M SINA L2 Box S 1G SINA L2 Box S 10G<br />
Basic<br />
Hardware cryptography<br />
Throughput: Ethernet line rate<br />
in frame mode 100 MBit/s,<br />
full duplex<br />
Latency: 100 M: ≤ 40 μs<br />
per device<br />
With the product variants of the SINA L2 Boxes,<br />
secunet offers a high-security solution for the cryptographic<br />
safeguarding of IEEE 802.3-compliant Ethernet<br />
and dark fibre links. Using full-duplex <strong>encryption</strong><br />
the SINA L2 Box reliably <strong>secure</strong>s these connections<br />
with throughput rates of 100 MBit/s, 1 GBit/s or 10<br />
GBit/s. The entire range of applications in MAN, WAN<br />
and SAN areas can be used comfortably.<br />
The SINA L2 components are delivered ready for<br />
operation and work fully transparently for VLAN,<br />
MPLS and other networks. There is no restriction to<br />
Basic<br />
Hardware cryptography<br />
Throughput: Ethernet line rate<br />
in frame mode 1 GBit/s,<br />
full duplex<br />
Latency: 1 G: ≤ 8 μs<br />
per device<br />
Basic<br />
Hardware cryptography<br />
Throughput: Ethernet line rate<br />
in frame mode 10 GBit/s,<br />
full duplex<br />
Latency: 10 G: ≤ 4 μs<br />
per device<br />
For a detailed overview of all technical information see our fact sheet on the SINA L2 Box S.<br />
Security with BSI approval:<br />
any specific protocol to be used. Security functions,<br />
such as manipulation-protected key storage, integrated<br />
line and operational monitoring, audit and event logging,<br />
as well as the easy query of the operational status<br />
via SNMP ensure straightforward network operation.<br />
The synchronisation of the remote locations and the<br />
exchange of the cryptographic connection key occur<br />
automatically at regular intervals. Additional security is<br />
provided by the integrated anti-replay function that<br />
guards against attacks via data replay.
SINA L2 Box – all benefits.<br />
» Protection of Ethernet LAN connections<br />
(point-to-point, point-to-multipoint and<br />
multipoint-to-multipoint connections)<br />
» Various models to choose from: 100 MBit/s,<br />
1 GBit/s and 10 GBit/s data throughput<br />
» Full duplex <strong>encryption</strong> at line speed<br />
» Key generation via hardware random<br />
number generators<br />
» AES (256 Bit) <strong>encryption</strong><br />
» Encryption independent of packet size<br />
» Replay protection (protection against the<br />
replay of data already used)<br />
» Integrity protection (protection against<br />
active attacks)<br />
* For German national use.<br />
» Transparent with respect to VLAN, MPLS<br />
» Protocol-independent<br />
» No change to the network infrastructure<br />
and existing processes thanks to flexible and<br />
modular architecture<br />
» Protection against exposure of the internal<br />
network infrastructure<br />
» Straightforward administration by means<br />
of numerous security functions<br />
» Low operating costs, maintenance-free operation<br />
» Approved by BSI up to RESTRICTED,<br />
NATO RESTRICTED inclusive,<br />
a RESTREINT UE* approval<br />
has also been granted<br />
Further information:<br />
www.sinalayer2.secunet.com/en<br />
secunet Security <strong>Network</strong>s AG<br />
Kronprinzenstraße 30<br />
45128 Essen, Germany<br />
Phone: +49 - 201- 54 54 - 0<br />
Fax: +49 - 201- 54 54 -1000<br />
E-mail: info@secunet.com<br />
www.secunet.com<br />
09/2012