• No results found

High-speed Encryption from Crypto AG: Secure Communication via Broadband Networks

N/A
N/A
Protected

Academic year: 2021

Share "High-speed Encryption from Crypto AG: Secure Communication via Broadband Networks"

Copied!
10
0
0

Loading.... (view fulltext now)

Full text

(1)

NETWORK SECURITY SOlUTIONS

High-speed Encryption from Crypto AG:

(2)

2

All industries depend on being able to transmit and receive data reliably and at ever faster speeds. Easy and, in par-ticular, fast access to information is a major performance criterion in today’s communication and knowledge-based society. Data highways form the back-bone for all communication. With thousands of broadband connections established around the world every day and the mobile communication market growing unabated, the demand for transmission capacity and higher data rates is naturally growing by leaps and bounds. For example, every laptop or PDA can now communicate over broadband thanks to W-LAN. Also con-tributing to the broadband boom are professional applications such as the

Digital age: concentrated data flows …

transmission of business conferences by video, the transfer of radar pictures or e-government systems. All these ap-plications generate a flood of data that ultimately has to be carried over the core network.

What does that mean for you as a user?

In broadband data transmission, data generally leave the protected area of the IT infrastructure, e.g. the comput-ing centre of a government ministry, the floor where a diplomatic mission is located, the command post of an army unit or the command centre of a naval base. From this access point, your data is transported unprotected through the core network (Wide Area Network –

WAN), because transmission capa-city and speed are the top priorities in that network. In other words, core networks, which are typically routed over public land, are designed first for transfer speed and only secondarily for confidentiality.

(3)

3

… completely new magnitudes of risk

Information security impacts the entire society in our information age. Networking is growing at an almost explosive pace among pub-lic authorities and in the business world. A central concern is that the entire society has become depen-dent on what are known as “critical” national infrastructures as a result. These infrastructures are tangible and IT facilities, networks, services and assets of such importance that disturbances in them have grave ramifications for the health, security or well-being of citizens and the ef-ficient operation of a country’s gov-ernment. They are inherently inse-cure for technical reasons and also because they are prime targets for

attacks. Moreover, all transmission technologies, including fibre optic links, are easy to tap. Realistically, a risk profile should also include po-tential internal organisational risks such as incorrect operation, misuse, negligence and an underestimation of risks.

However, the information circulat-ing in the networks of presidential offices, government ministries, de-fence and police organisations or big businesses is highly sensitive. Items of information in this environment qualify as “valuables” and the risks they are subject to are correspond-ingly large. Information security in the use of broadband communica-tion is existentially important!

Infor-mation transferred over broadband networks has to be protected against unauthorised access. There is only one reliable way of doing so, namely to encrypt all transmitted data. It is important that the quality of trans-mission should not be impaired in any way in the process.

(4)

SatCom

SONET/SDH Network

Leased Line Storage AreaNetwork

PDH Network

Storage Area Network

Fibre Channel

Microwave Metro Ethernet Network

Fibre Optic Network

DSL

(5)

SatCom

SONET/SDH Network

Leased Line Storage AreaNetwork

PDH Network

Storage Area Network

Fibre Channel

Microwave Metro Ethernet Network

Fibre Optic Network

DSL

Copper cable (DSL, Leased Line)

Copper is the classic medium for transmitting voice and data information. Copper cables also connect users who are far apart geographically. As leased lines, they estab-lish fixed connections yet are virtually routed over public provider networks. Copper is a tried and tested medium of transmission, easy to lay, reliable and cost-effective in operation.

Fibre optic cable

Optical fibre transmits optically coded signals using coherent light. In other words, electrical signals have to be converted to optical ones prior to transmission. Each fibre can achieve an enormous transmission bandwidth if light is used simultaneously with different wavelengths (wavelength multiplexers (WDM)). Optical fibre is also immune to electromagnetic pulses.

Microwave

Microwave links are especially suitable for communica-tion in difficult terrain (mountains, deserts). As a medium requiring no rights-of-way over land and minimal main-tenance costs, microwave is quickly available and cost-effective and offers a relatively large bandwidth. Micro-wave stations are easy to transport and can quickly be put into operation in open terrain or on buildings, e.g. for local events (conferences, crisis management, etc.) or for tactical missions being carried out by the armed forces.

Satellite links (SatCom)

Satellite links can be established with one or several sequential links over any distance. They are an efficient solution either for stationary applications (e.g. over diffi-cult terrain) or for temporary deployment at sites without adequate infrastructure. Satellites today have achieved practically complete geographic coverage and very high technical availability.

Widespread technologies/protocols

Ethernet: Originally created for local net-works, this protocol was further developed and can now be used in global networks for end-to-end data transmission (multipoint included).

SONET/SDH: SDH (“Synchronous Digital Hierar-chy”) is ideal for the high-speed transport of large volumes of data, usually over optical fibre networks. Its tight synchronisation of the rates of transport makes for easy management (extraction and inser-tion) of the data flows and a high quality of service.

PDH: PDH (“Plesiochronous Digital Hierarchy”) has been used for years as a tried and tested transport pro-tocol for medium-range performance.

Fibre Channel (FC): Given the threats facing the world today, there is no choice but to transfer important data to decentralised data stores. FC is a modern pro-tocol developed especially for storage area networks (SANs) to provide high-performance point-to-point links. These links typically connect a computing centre with a disaster-recovery computing centre or backup comput-ing centre.

(6)

6

Network providers offer a choice of several transport protocols and practi-cally any scalable performance ranges to meet the highly individual needs of users. Each technology has its own strengths and meets different needs. Broadband communication is based on the transport media optic fibre, mi-crowave, copper and satellite links. Crypto AG provides security solutions for all common network technologies, protocols and bandwidths. All of these solutions have two traits in common: they guarantee maximum security and they do not impair transport per-formances (of up to 10 gigabits per second).

Ethernet Encryption

The Ethernet standard plays a key role in end-to-end networking. Ether-net is frequently the protocol of choice whether data is transported in a local network (LAN), over optical fibre rings in a metropolitan network (MAN) or over long distances in a wide area

Secure broadband communication – simple, reliable and

maintenance-free

network (WAN). Ethernet, once a lo-cal data transport technology, is now being applied to the whole range of applications from LAN to WAN with-out a change of protocol. This trend is evident today in the broad, interoper-able product portfolio of everything from PC cards to network components from many manufacturers of Ethernet solutions. With this broad pool of ex-pertise, it is much easier for users to optimise their use of network services by prioritising individual services and to set up operations that are more ef-ficient.

SONET/SDH Encryption

Logical links are set up between net-work subscribers in a SONET/SDH network consisting of intermeshed nodes. Bit rates are internationally standardised, facilitating the trans-port of the most diverse mix of appli-cations (voice, data, and video) over a central, end-to-end network, even nation-wide. SONET/SDH networks

also have many advantages as regards error detection and differentiated er-ror reporting. Network management is simple, centralised and semi-auto-mated (according to specified crite-ria). That means the quality of service (QoS) can be geared to the needs of the specific user.

If a network node or optical fibre fails, SONET/SDH network components can automatically reroute the data flows in a few milliseconds to a parallel path without impairing the functionality of the applications.

Fibre Channel Encryption

Fibre Channel is a transport proto-col for large data quantities featuring speeds of 1, 2, 4, 8 and more gigabits per second. It is used primarily in storage area networks (SANs). Fibre Channel Encryption involves the en-cryption of point-to-point optical fibre links from the computing centre to the disaster-recovery or backup com-puting centre. They profit from data

(7)

7

transfer in real time (full wire speed) with maximum security.

PDH Encryption

PDH (“Plesiochronous Digital Hierar-chy”) is a classic, standardised tech-nique for the transmission and mul-tiplexing of data. PDH can be used in connection with common transport technologies, e.g. copper lines, mi-crowave links or satellite links. E1 (2 Mbps) and E3 (34 Mbps) are the most common transmission rates. Crypto AG

has had PDH encryption solutions on offer for years and will continue to carry this technology in the future.

High-security encryption up to a performance range of 10 gigabits per second: Ethernet Encryption, SONET/SDH Encryption, Fibre Channel Encryption.

(8)

8

The portfolio of Network Security So-lutions from Crypto AG covers systems for all common media, network tech-nologies and transport protocols. They are staggered in terms of performance range so that the suitable version can be selected for every specific need. With the purchase of a system, each customer receives its own secret algo-rithm, which the customer can change at any time and thus nationalise. En-cryption is conducted in protected hardware modules fully shielded from the public network. As a result, the security data are never vulnerable to attack. Moreover, the encryption pro-cesses utilise no network components so full transport capacity is available at all times.

The modern, rugged design with re-dundant components is highly reli-able in operation even under extreme climatic conditions. Special design

Tailor-made system for each range of application

features prevent the compromising emission of secret information (COM-PREM). Shielded rooms are no longer necessary. No special knowledge is required for installation. Encryption (and key changes) is conducted in the background fully automatically. Network Security Solutions can be in-stalled successively in existing broad-band networks without having to shut these systems down. If need be, you are provided with project services to assist you in setting up and developing your systems, e.g. planning, engineering, installation, commissioning/formal acceptance and personnel training. With the handover of the system, you have a clear-cut and complete picture of your systems and the cryptographic processes involved.

Crypto AG wants to be sure users can rely on high availability in long-time operation. That is why it offers

indi-vidually designed maintenance and logistics services (in-factory or on-site maintenance, logistics for spare parts/ repairs, maintenance kits). With ser-vice level agreements, these costs can be planned.

(9)

9

Security Management – to keep security under control

Security management is a central element of any reliable high-speed encryption solution. It allows the cu-stomer to define the algorithm, keys, passwords and other security settings in line with its security policy and to monitor their effectiveness. Regular key changes should be easy to confi-gure and to run autonomously/auto-matically while the encryption units are in operation.

Crypto AG enables all this with its SMC-1100 Security Management Centre, a modern PC/laptop applica-tion with a hardware security mod-ule and external message schedmod-uler. The SMC-1100 is extremely simple to operate and offers a high degree of security for defining, managing and distributing security data. Mistakes in operation are largely excluded by the system design, which also minimises the amount of training required.

The intuitive Windows-based graphi-cal user interface makes the security manager’s job as easy as can be. It al-lows him or her to display the encryp-tion system in a simple and straight-forward way, query all settings and data for all units, and put the necessa-ry security configurations in place. Management messages are distribu-ted to the encryption unit in encryp-ted form by means of Smart Cards or online over an Ethernet link, which is more convenient and emanates from

a centralised point. Online distribu- tion is date-controlled so the opera-tions can be carried out without staff having to be present. Keys in the unit are changed without any loss of data while the unit is operating. All pro-cesses are centrally logged for later audits, etc.

Security Management Centre SMC-1100 Broadband.

(10)

www.crypto.ch

Crypto AG – To Remain Sovereign

Crypto AG is your expert partner for the efficient and secure handling of information. As a legally and economically independent Swiss company, we are not subject to any export restrictions. We have been concen-trating on developing, manufacturing and implementing custom security solutions for over 55 years.

Our range comprises the latest technology and comprehensive services. After-sales ser-vice and product training that guarantee autonomous operation and high availability are assured over the system’s entire lifetime, whatever the user environment.

You too can rely on the expertise and capabil-ity of Crypto AG.

Customers from over 130 countries are already doing just that.

©2007 Cr

ypto AG – CP – Broadband – EN/0750

Crypto AG, Headquarters Crypto AG P.O. Box 460 CH-6301 Zug Switzerland Tel. +41 41 749 77 22 Fax +41 41 741 22 72 [email protected] www.crypto.ch

Crypto AG, Regional Offices

Abidjan Crypto AG 01 B.P. 5852 Abidjan 01 Ivory Coast Tel. +225 22 41 17 71 Fax +225 22 41 17 73 Abu Dhabi

Crypto AG – Abu Dhabi P.O. Box 41076 Abu Dhabi United Arab Emirates Tel. +971 2 64 22 228 Fax +971 2 64 22 118 Buenos Aires Crypto AG Maipu 1256 PB “A” 1006 Buenos Aires Argentina Tel. +54 11 4312 1812 Fax +54 11 4312 1812 Kuala Lumpur Crypto AG

Regional Office Pacific Asia Level 9B Wisma E&C 2, Lorong Dungun Kiri Damansara Heights 50490 Kuala Lumpur Malaysia Tel. +60 3 2080 2150 Fax +60 3 2080 2140 Muscat Crypto AG Regional Office Seeb PC 111 Sultanate of Oman Tel. +968 2449 4966 Fax +968 2449 8929 A member of The Crypto Group

References

Related documents

Combustion characteristics investigated were ignition time, burning time, calorific values, burning rate, specific fuel consumption, fuel efficiency and water boiling time.. The

Pitney Bowes Business Insight’s DOC1 document composition solution can centrally manage all customer communications, including transactional, on-demand and interactive documents, in

This was done by estimating city-level models of the black-white difference in mean adjusted educational achievement on the black-white difference in mean family

For individuals with an ASD, the scope of occupational therapy services across the life course may include regulation of emotional and behavioral responses; processing of

This model fails to reproduce the evolution of SN 1994W (spectra shown in Fig. SN 1994W shows narrow lines throughout its evolution indicating continuous CSM interaction. Model

Such thoughts of Right and Good Will bring you into harmony with people that amount to something in the world and that are able to give you help if you should need it, as

In order to deepen the reasons why youth reads currently, we developed a literature review starting with the transmedia literacy concept evaluating narrative and aesthetic