Upload
1velocity
View
1.513
Download
4
Tags:
Embed Size (px)
DESCRIPTION
Brett Lewis discusses secure transmission of data on metro ethernet networks.
Citation preview
Secure Transmission of Data
Carrier Ethernet for Business
The Enviroment
Universal connectivity is essential in today’s complex business environments. Driven by the convergence of data, voice and video over sophisticated and expanding networks, growth in demand for bandwidth is outpacing Moore’s Law to supply sufficient throughput
• Scalability
• Predictability, Risk Reduction, Certification
• Control
Benefits of Layer 2 Carrier
• Performance
• Key Carrier Ethernet attribute• Redundant equipment architectures and fast re-routing
algorithms
Benefits of Layer 2 Carrier
• Data Center & Server Consolidation
• Simplicity
Benefits of Layer 2 Carrier
The three main security risks within an Ethernet network are:
• Data leakage - A sniffer could intercept data streams allowing access to private company data
• Data loss - A misconfigured router/switch could send your unprotected data to an unintended destination
• Data theft - An intruder can launch an attack from a connected Layer 2 WAN to get access to your data
Quick Facts
• At the average packet sizes typical in today’s converged networks at Layer 3, IPsec overhead reaches 40-50 percent of total bandwidth
• Ethernet encryption at Layer 2 virtually eliminates overhead, and lowers total cost of ownership by streamlining security measures
Metro Ethernet Carrier Standards
• Traffic Separation and Isolation
• Authentication of interconnected equipment
• Encryption of data in transit
Traffic Separation and Isolation
• Ethernet Virtual Connection (EVC) is a standard Ethernet interface that is the point of demarcation between the customer equipment and the service provider's metro Ethernet network.
• EVC is a logical tunnel that connects two (P2P) or more (MP2MP) sites, enabling the transfer of Ethernet frames between them.
Authentication of interconnected equipment
• IEEE 802.1X to authenticate CE-1 and establish trust relationship between PE-1 and CE-1• Controls what devices are permitted
to access the network
• MACSec (IEEE 802.1AE) to authenticate packets exchanged between CE-1 and PE-1
Encryption of data in transit
• Encryption accomplished at different levels • Most commonly provided at IP Layer 3
• IPSec/SSL for IP
• Layer 2 Ethernet and IP Encryption Standards
• MACSec for Ethernet
Questions