Thales High Speed Encryption 솔루션
네트워크는 해커들의 지속적인 공격대상으로 민감한 자산이 노출될 위협에 놓여있습니다. 네트워크에서 데이터를 전송할 때 암호화를 활용하는 것은 위협 요소에 대응하기 위한 필수요건입니다.
Thales High Speed Encryptionr 솔루션은 데이터 센터와 본사 간의 네트워크 트래픽부터 백업 및 재해 복구 사이트에 이르기까지, 사내 네트워크와 클라우드를 비롯하여 어디에서든 암호화가 가능한 단일 플랫폼을 고객에게 제공합니다.
탈레스의 포괄적인 네트워크 트래픽 암호화 솔루션은 레이어 2 와 3 암호화 방식을 사용하여 최상의 보안을 유지합니다. 지연 시간을 최소화하면서 최대 처리량을 보장하는 Thales High Speed Encryptor는 저렴한 비용으로 성능 저하없이 도청과 감시, 공개 및 비공개적 방해로부터 데이터, 비디오, 음성 및 메타 데이터를 보다 효과적으로 보호할 수 있도록 지원합니다.
HSE_연결 및 구성, 테스트
HSE 암호화, 복호화 동작 테스트 및 결과 확인
HSE Encryptor 동작 모드
MAC-Line (Point-to-Point) mode
MAC-mesh (Multi-Point) mode
VLAN-mesh (Multi-Point) mode
TIM mode - Transport Independent Encryption mode
Frame is encrypted at either Layer 2, 3 or 4 Using IP 5-tuple policy
Policy based on IP address and/or Port numbers
Payload encryption where it makes sense For performance, For security, For network
AES-256 CTR/GCM mode:
- Confidentiality only OR
- Confidentiality + Authentication
Automatic key updates
Multi-layer hybrid encryption policies
- Layer 2 – Ethernet
- Layer 3 – IPv4/v6
- Layer 4 (IP + Port)
TIM Encryption Policy
Discard = Drop all traffic
Bypass = Virtual wire, bypass all traffic
Encrypt = Encrypt as specified by encryption policy
Policy allows simultaneous encryption at different layers
i.e In the Table right-side
Entry 1, encrypts the 192.168.0.x subnet at Layer 3
Entry 2, encrypts the 172.16.0.x subnet at Layer 4 on any port
Entry 3, discards the 10.0.x.x subnet
All other traffic is encrypted at Layer 3
NAT and PAT with TIM
NAT can be encrypted at Layer 3
PAT needs to be encrypted at Layer 4 (So, Ports are visible to NAT gateway)
Thales Certified High Assurance HSE Encryptor
Maximum security with minimum impact on the network:
• Near-zero data latency - the time delay between encryption and decryption.
• Minimal data overheads - the additional bits of data transmitted by the encryptor/s.
• Bump-in-the-wire network presence – Thales HSE encryptors have zero impact on other network assets.
• 100% compatibility – Thales HSE encryptors are fully interoperable, compatible with all network assets and transparent to the network.
• No network downtime – software upgrades and device maintenance can be carried out without disruption to the network/links.
A Thales CSP Certified - High Speed Encryption (HSE) Professional Engineer enables organizations to leverage our high speed, network encryptors for maximum security.
The HSE Professional Engineer has demonstrated their ability to:
• Define and describe the system architecture, requirements, and workflow.
• Install, configure, operate and manage the High-Speed WAN encryptor.
• Deploy and commission the HSE Network Security Solution.
• Set up and administer advanced HSE Topologies.
** 첨부 파일: Thales HSE 데이터시트 및 Use Case
문의: (주)한빛에스아이, 02)579-1904
Sales: 유제호 상무 / jhyu@hanvitsi.com
Tech: 김태수 상무 / tskim@hanvitsi.com
Thales High Speed Encryption 솔루션
네트워크는 해커들의 지속적인 공격대상으로 민감한 자산이 노출될 위협에 놓여있습니다. 네트워크에서 데이터를 전송할 때 암호화를 활용하는 것은 위협 요소에 대응하기 위한 필수요건입니다.
Thales High Speed Encryptionr 솔루션은 데이터 센터와 본사 간의 네트워크 트래픽부터 백업 및 재해 복구 사이트에 이르기까지, 사내 네트워크와 클라우드를 비롯하여 어디에서든 암호화가 가능한 단일 플랫폼을 고객에게 제공합니다.
탈레스의 포괄적인 네트워크 트래픽 암호화 솔루션은 레이어 2 와 3 암호화 방식을 사용하여 최상의 보안을 유지합니다. 지연 시간을 최소화하면서 최대 처리량을 보장하는 Thales High Speed Encryptor는 저렴한 비용으로 성능 저하없이 도청과 감시, 공개 및 비공개적 방해로부터 데이터, 비디오, 음성 및 메타 데이터를 보다 효과적으로 보호할 수 있도록 지원합니다.
HSE_연결 및 구성, 테스트
HSE 암호화, 복호화 동작 테스트 및 결과 확인
HSE Encryptor 동작 모드
MAC-Line (Point-to-Point) mode
MAC-mesh (Multi-Point) mode
VLAN-mesh (Multi-Point) mode
TIM mode - Transport Independent Encryption mode
Frame is encrypted at either Layer 2, 3 or 4 Using IP 5-tuple policy
Policy based on IP address and/or Port numbers
Payload encryption where it makes sense For performance, For security, For network
AES-256 CTR/GCM mode:
- Confidentiality only OR
- Confidentiality + Authentication
Automatic key updates
Multi-layer hybrid encryption policies
- Layer 2 – Ethernet
- Layer 3 – IPv4/v6
- Layer 4 (IP + Port)
TIM Encryption Policy
Discard = Drop all traffic
Bypass = Virtual wire, bypass all traffic
Encrypt = Encrypt as specified by encryption policy
Policy allows simultaneous encryption at different layers
i.e In the Table right-side
Entry 1, encrypts the 192.168.0.x subnet at Layer 3
Entry 2, encrypts the 172.16.0.x subnet at Layer 4 on any port
Entry 3, discards the 10.0.x.x subnet
All other traffic is encrypted at Layer 3
NAT and PAT with TIM
NAT can be encrypted at Layer 3
PAT needs to be encrypted at Layer 4 (So, Ports are visible to NAT gateway)
Thales Certified High Assurance HSE Encryptor
Maximum security with minimum impact on the network:
• Near-zero data latency - the time delay between encryption and decryption.
• Minimal data overheads - the additional bits of data transmitted by the encryptor/s.
• Bump-in-the-wire network presence – Thales HSE encryptors have zero impact on other network assets.
• 100% compatibility – Thales HSE encryptors are fully interoperable, compatible with all network assets and transparent to the network.
• No network downtime – software upgrades and device maintenance can be carried out without disruption to the network/links.
A Thales CSP Certified - High Speed Encryption (HSE) Professional Engineer enables organizations to leverage our high speed, network encryptors for maximum security.
The HSE Professional Engineer has demonstrated their ability to:
• Define and describe the system architecture, requirements, and workflow.
• Install, configure, operate and manage the High-Speed WAN encryptor.
• Deploy and commission the HSE Network Security Solution.
• Set up and administer advanced HSE Topologies.
** 첨부 파일: Thales HSE 데이터시트 및 Use Case
문의: (주)한빛에스아이, 02)579-1904
Sales: 유제호 상무 / jhyu@hanvitsi.com
Tech: 김태수 상무 / tskim@hanvitsi.com