Page 9 - CDM-Cyber-Warnings-January-2014
P. 9
don’t support dual carrier environment or Layer 4 network services. (See Layer 4 encryption below.) A better Web: Secure Mesh Internet (SMI). A secure mesh Internet encryption solution is a newer technology that replaces private, site-to- site tunnels with any-to-any network connections over the Internet. It eliminates the need to establish point-to-point tunnels between each pair of remote sites, freeing network administrators for other tasks and improving network performance. SMI is based on group encryption in which the encryption keys are centrally generated and securely sent to the encryption appliances. This enables you to manage policy and key distribution centrally instead of on a time-consuming, site-by-site basis, as is the case with VPNs. SMI enables users to secure ”data in motion” in a way that is transparent to network architectures and protocols. And, if users decide to migrate to the Internet from MLPS networks using SMI, they won’t experience any service interruptions. If you want to lower costs and increase throughput, consider an SMI solution. It will enable you to quickly and easily set up a fully encrypted “mesh” that provides high-speed, secure, any-to- any connectivity over any public (or private) network. You can switch from expensive, private WAN links to inexpensive, public Internet connections with much greater bandwidth. Plus, you’ll get a fully compliant solution that offers security via encryption and on-going authentication. Layer 4 encryption. In addition to Layer 2 Ethernet frame encryptions and Layer 3 IP packet encryption, an SMI solution offers a Layer 4 payload-only encryption option. Layer 4 encryption offers many advantages, including: • Ability to pass encrypted data through NAT devices. VPN tunnels, which encapsulate the Layer 3 address, often don’t work with NAT. • Compatibility with policy-based routing and load balancing that require Layer 3 addresses to be intact. • Layer 4 encryption leaves Layer 3 headers intact, making it possible to troubleshoot a network without turning off encryption. • Because headers are intact, data looks unencrypted, making it possible to use within countries that restrict encrypted data. The safe harbor clause and compliance. + % %! ! & , ! . !( %+ ' "! "#+% ' - + % !& , ! % '& % & %) *"% *