Network & Voice Communications Security Blog: Network Encryption

Showing posts with label Network Encryption. Show all posts

Wednesday, November 4, 2015

Universal, End-to-End Encryption for TCP Performance-Optimized Satellite Networks with the Cipher X® 7211 IP Encryption System

Satellite performance, particularly for Transmission Control Protocol (TCP), is adversely affected by the long round trip delay (over half a second) associated with geostationary high earth satellites. Many satellite equipment vendors have developed techniques to minimize this impact on users; one common technique is the use of a TCP proxy for TCP Acceleration. Application(s) requiring strong end-to-end protection using an installed satellite system with TCP Acceleration, however, have a problem. Use of a Layer 3 or 4 IP encryption system to implement end-to-end security is incompatible with TCP Acceleration techniques utilized by satellite gear unless the encryption system is specifically designed to handle this situation. TCC has developed the Cipher X 7211 IP encryption system with innovative TCP Stream Encryption operating to properly handle these optimizations seamlessly.

Our white paper, which is available for download, provides an overview of satellite communication performance limitations and how a TCP proxy operates to counter the limitations. It then describes TCP proxy incompatibility issues with Layer 3 or 4 end-to-end encryption systems, and how TCC’s Cipher X 7211 IP encryption system with TCP Stream Encryption enables end-to-end security for TCP performance-optimized satellite networks.

TCC’s Cipher X 7211 IP encryption system with innovative TCP Stream Encryption supports TCP Acceleration performed by satellite networking gear. As a result, users of TCP performance-optimized satellite networks no longer have to sacrifice performance to implement end-to-end security. The Cipher X 7211 encryption system operating at Layer 4 includes features to work with and take full advantage of the special capabilities often incorporated into satellite gear for network performance optimization. Further, the Cipher X 7211 encrypts satellite and other transport media, including hybrid networks, and operates independently of the network provider and equipment.

Download the white paper to learn more.

End-to-end transport-agnostic WAN security with TCP performance-enhanced satellite networks

TECHNICAL COMMUNICATIONS CORPORATION | www.tccsecure.com

Tuesday, June 30, 2015

Enhancing Mobile User Security with Cipher X® 7211 IP Encryption

Modern enterprises have the need to securely enable a mobile workforce. Employees need access to corporate data services to enhance productivity and improve corporate responsiveness. TCC's Cipher X 7211 IP encryption system easily integrates into networks that have mobile users and helps enforce security policies, providing a more robust and flexible security solution that enhances the security of traditional VPN access.

Inter-operates with Traditional VPN Services

TCC’s Cipher X 7211 system can be easily configured to inter-operate with and enhance the security of traditional user VPN services. It’s security policy engine can be configured to allow remote user VPN service access in the corporate network while maintaining the security overlay on core network communications. The Cipher X 7211 security policy engine protects services such as software-based VPN servers by restricting the traffic granted access to the VPN server to only what conforms to strict security policy.

Tight Control, Simplified Monitoring

Routing remote users through a single Cipher X 7211 access point in the network allows security managers tight controls and simplified monitoring of network traffic to minimize the threat opportunity that mobile devices inherently add to corporate data security. The flexibility of the Cipher X 7211 security overlay means access to the corporate network’s VPN service can be provided by any one of the Cipher X 7211 devices in the network. This gateway access can be easily moved between sites through centralized control of the Cipher X 7211. The Cipher X 7211 adds a secure circuit breaker capability in the event of a significant network security event.

Infinite Flexibility to Minimize Threat Opportunity

The flexibility of Cipher X 7211 security policy engine provides network security engineers the ability to limit VPN access to pre-approved source networks to ensure that global threats or compromise of mobile devices has a minimum threat opportunity. TCC’s Cipher X 7211 system provides network security engineers simple to deploy strategic communications with infinite flexibility all enabled by its centrally managed powerful security policy engine.

Learn more about the Cipher X 7211 IP encryption system.

TECHNICAL COMMUNICATIONS CORPORATION | www.tccsecure.com | Subscribe to Email News

Wednesday, May 27, 2015

Are Fiber Optic Networks Secure?

NO!

Unless you have a private network AND you guard every inch or centimeter of it, fiber-optic networks are still vulnerable to wiretapping and eavesdropping.

Even though there is no electromagnetic radiation or crosstalk from a fiber-optic line and, wiretapping is not as simple as clipping on copper wires, eavesdropping on a fiber-optic network can be achieved with splitter/regenerator devices or with micro-bending clamps, which can capture light off the fiber.

The biggest vulnerability exists at the switching and repeater points where signals are split-out and regenerated. At these points, off-the-shelf (OTS) splitter/regenerator devices can be used to gain access to all the information. This type of tapping can also be done by splicing the line at any other point, and inserting an OTS splitter/regenerator device. This requires no sophistication, but it results in a one-time interruption which may be noticed and investigated by an alert technician.

A more subtle approach is to use a micro-bending clamp. This bends the fiber and clamps down on it, so that some of the light leaks through the strand which can be detected by an optical photo detector. The result is that the signal passes through unimpeded, while a copy of it is shunted off.

The techniques above are commercially available, and fairly inexpensive. Once the light is captured, an optical to electrical converter, a laptop and a packet sniffer can then be used to gather valuable information. And since this is not an electrical tap, signal reflection methods for measuring wire length to an impedance inflexion (tap) point cannot be used. Once a tap on a fiber-optic line is in place, it is virtually undetectable.

These and other more sophisticated tapping techniques can be found in the public domain.Also in the public domain, there are well known instances of Fiber Optic Network breaches, including:

In 2000, when three main trunk lines of Deutsche Telekom were breached at Frankfurt Airport

In 2003, when a tap was discovered hooked into Verizon's network. It was believed to be financial reporting espionage.

Taps have also been found on police networks in Germany and the Netherlands, and in the networks of pharmaceutical giants in the UK and France.

More information can be found on the Web by searching "fiber optic network security".

*****************************************************************************************************

To encrypt fiber optic communications, TCC offers an Ethernet solution, the Cipher X 7211 for speeds up to 1 Gb/s, and the DSD 72B-SP SONET/SDH encryption family for up to 622 Mb/s.

The SONET/SDH DSD 72B-SP interoperable encryption family seamlessly overlays on existing networks and has product variations to support military, rugged industrial and industrial environments. Key management is also automated and easily managed with KEYNET Optical Manager. It supports AES 256-bit encryption or a custom algorithm.

The Cipher X 7211 is a 1 Gb/s Ethernet optical encryptor. Its own fiber optic ports, which can be used instead of electrical interfacing, is especially suited for distance. The Cipher X 7211 has been deployed with single mode optics in the WAN port enabling a reach on the order of 10 km. Electrical Ethernet supports about 100 m, multi-mode optics 200 m to 500 m, and Ethernet single mode optics 10 km. Non-standard optics can reach approximately 40 to 70 km. The Cipher X 7211 seamlessly overlays onto existing networks and is easily managed with KEYNET.