|IP ENCRYPTION: CipherOptics Security Gateways|
|EMAIL 1 (866) 421-9522|
Transporting corporate intellectual property over a high speed digital
infrastructure demands both digital security and high performance.
How do you protect the privacy of your data while it's in transit,
without slowing the network?
The answer is...
ESG100 and ESG1002 Security Gateways
Ethernet EncryptorsCEP10, CEP100 and CEP1000
10Mbps, 100Mbps and 1Gbps Ethernet Encryptors
The CipherEngine Enforcement Points (CEPs) are hardware accelerated encryption appliances that provide flexible Ethernet frame encryption. The CEPs are available in three models, offering full-duplex wire-speed encryption at 10Mbps, 100Mbps or 1Gbps speeds.
The CEPs integrate easily into your existing Ethernet network without the need for network changes. They operate transparently over any network, encrypting data transmissions without compromising network operations or application performance. The CEPs enable you to encrypt any Ethernet topology including:
Ethernet Frame Encryption
The CE-ESP protocol preserves the original Ethernet header information on each packet while providing native Layer 2 encryption for the Ethernet payload, as shown in the illustration below. AES-256 is the payload encryption algorithm.
As part of the encryption process with the CEPs, each and every Ethernet frame is authenticated. Once the payload has been encrypted, the Ethernet frame is authenticated and then sent out to the Ethernet network. Only authenticated frames are processed by the other CEPs and non-authenticated packets are dropped at wire-speed, preventing any denial of service or man-in-the-middle attacks.
In a multipoint-to-multipoint Ethernet network, the CEPs can encrypt using a VLAN ID as the encryption selector. This unique ability allows organizations to cryptographically segment their network based on VLANs. For point-to-point topologies, the CEPs can use VLAN identifiers or simply encrypt all Ethernet frames between the two network endpoints.
Managing the CEPs is easy with CipherOptics CipherEngine. Within CipherEngine, CEPs can be grouped into network sets with every member of the group using the same key material. This grouping capability greatly reduces the complexity of large-scale Ethernet encryption deployments.