R&S®SITLine ETH Ethernet Encryptor
Contents
1. Secure Interconnection of data centers and storage area networks SAN gt page 4 Low system costs 1 Minimal investment for installation and configuration 1 Low space and energy costs 1 Lower transmission costs than with managed IP 1 Low maintenance and service requirements Bandwidth efficiency through group encryption multipoint approach 1 No need for central or internal key servers 1 Better transmission performance than with IPsec gt page 6 Professional certified security Securing point to point Ethernet lines and Ethernet VLANs 1 Innovative group encryption for multicast topologies ELANs Secure authentication 1 Automatic operation of encrypted links 1 Flexible encryption hardware 1 Manipulation proof devices gt page 8 Central security management over the network 1 Online convenient and secure 1 Virtualization capability and high availability 1 Clearly defined roles 1 Central point for log files and audits gt page 10 SNMP based network management Support of SNMP v1 v2c and v3 1 Extensive monitoring and diagnostic capabilities Network management through service providers gt page 12 Rohde amp Schwarz R amp S SITLine ETH Ethernet Encryptor 3 Safeguarding civil official and military communications Originally used only in local area networks LANs today Ethernet is a reliable and universal transmission technology for wide area networks WANs This makes site2. Secure data transmission via landline radio relay and satellite links Secure Communications ye nn a aap 1 atl ay Clear 2SITLis ine evHso R amp S SlTLine ETH Ethernet Encryptor At a glance The R amp S SITLine ETH is a family of devices for Ethernet encryption and for creating secure layer 2 virtual private networks L2 VPN The R amp S SITLine ETH protects companies and organizations against espionage and manipulation of data that is transported via Ethernet over landline radio relay or satellite links The devices in this product family are approved by the German Federal Office for Information Security BSI and can be used in a flexible manner in many stationary and mobile applications R amp S SITLine ETH100 ee 000 000 000 Te Au Sut Te Re Sut Te Ru Sit Te Rx Sut ARZ SiTLine a e sone The R amp S SITLine ETH performs encryption on an Ethernet basis in the ISO OSI model s data link layer layer 2 which makes it ideal for protecting applications where throughput and time are critical Communications links over public and private networks can be protected The R amp S SITLine ETH makes it possible to accommodate se curity requirements In a way that is fully independent of the existing or planned network structure Due to the significant cost savings they enable Ethernet VPNs have become established in recent years as a true alternative to managed IP con
3. Network NIC min 1 Fast Ethernet port USB interfaces min 4 free USB ports Minimum system requirements for the R amp S SITScope client software Operating system Windows XP SP2 Windows Server 2003 Windows Server 2008 32 64 bit Windows 7 Hard disk min 5 Gbyte of free space RAM min 2 Gbyte Network NIC min 1 Ethernet port 100 Mbit s recommended USB interfaces min 2 free USB ports Pre installed R amp S SITScope appliance Form factor rack format 19 1 HU with redundant power supply Operating system Windows Server 2008 Hard disk mirrored RAID1 Peripherals keyboard mouse four port USB hub Eu sitline1 SITLine Admin sitline1 9Od 000 GOO OO i9oO100 000 O08 oe h hoe h h T t Te Gx Sem Te Sx Se Te Ox See Sct cI Status Relations Port A2 X2 Port A3 X3 Port Ad X4 Port Statistics RI45 RI45 TESTING TESTING dot3MauType100BaseTXFD dot3MauType100BaseTXFD NO_LOOP NO_LOOP The supplied R amp S SITLineAdmin program is used for network management Other SNMP Reload Eat browsers such as HP OpenView can also be used Rohde amp Schwarz R amp S SITLine ETH Ethernet Encryptor 13 specifications in brief R amp S SITLine ETH Ethernet ports Number of lines per device Connector transceiver Performance throughput per line Number of links Supported Ethernet services E Line EPL EVPL VLAN E LAN EPLAN EVPLAN VLAN Cryptography and security Transport tunnel mode Bulk mode back
4. SITLine device token one token required per device Device token USB smart card R amp S SITScope security management Set consisting of software and tools on CD server and client software R amp S SITLine Admin R amp S SITLine Terminal USB tokens 3 root tokens 2 supervisor tokens 2 manager tokens USB cable type A to B R amp S SITScope Set pre installed on server hardware Accessories for R amp S SITLine ETH50 USB cable type A to B for local initialization External power supply for R amp S SITLine ETH50 110 V to 240 V 50 60 Hz Accessories for R amp S SITLine ETH100 R amp S SITLine ETH1G Electric SFP transceiver 10 100 1000BaseT for R amp S SITLine ETH100 and R amp S SITLine EVE TG Optical SFP transceiver 1000BaseSX for R amp S SITLine ETH1G Optical SFP transceiver 1000BaseLX for R amp S SITLine ETH1G Accessories for R amp S SITScope Manager token USB smart card Root token USB smart card Supervisor token USB smart card Manuals User manual R amp S SITLine ETH100 R amp S SITLine ETH1G German User manual R amp S SITLine ETH50 German User manual R amp S SITLine ETH100 R amp S SITLine ETH1G English User manual R amp S SITLine ETH50 English User manual R amp S SITScope German User manual R amp S SITScope English res Sill Line WrleWs29 R amp S SITLine ETH50 50 mee Sl Kae ET EGOO Reo Sine ETENOOT I R amp S SITLine ETH100 210 R amp S SITLine ETH100 410 R amp S S
5. is to be secured Automatic setup and operation of secure links A R amp S SITLine ETH50 we 2 SS Je R amp S SITLine ETH50 COL COOL omc yr The R amp S SITLine ETH is preconfigured before it is sent to the operating site On startup it automatically sets up encrypted L2 links The same applies to backup devices Key agreement is performed in accordance with the Diffie Hellman process For key generation the R amp S SITLine ETH uses a hardware based random number generator that is certified in accordance with Common Criteria EAL4 Automatic operation of encrypted links The device certificates determine which partners are au thorized to establish a connection Secure links are set up with each authorized communications partner and then monitored from end to end to ensure that they are work ing without error Expired device certificates and session keys are renewed automatically Secure connections are re established automatically when changes are made in the network configuration This rules out the possibility of unintentional or unnoticed communications taking place via unencrypted links Flexible encryption hardware The system employs symmetric algorithms AES 256 that are integrated into high performance hardware Special customer requests regarding the cryptographic method can be taken Into account upon request Manipulati
6. meant for multiple recipients and are transmitted via multicast have to be duplicated prior to transmission and then encrypted individually for each recipient ie ROHDE amp SCHWARZ SITLine ETH50 R amp S SITLine ETHS0 In this kind of environment the R amp S SITLine ETH can be employed for group encryption of the network traf fic without affecting the multicasting capabilities The security level is identical to that of classic encryption over dedicated channels because despite grouping each R amp S SITLine ETH device continues to use its own session key for the outgoing network traffic In addition group encryption takes any MPLS network into consideration that is present The MPLS labels that are required in plain form for routing which are normally part of the encrypted payload data are detected and then transmitted without encryption Secure authentication The R amp S SITLine ETH uses the following technologies and Standards to ensure secure authentication 1 Asymmetric cryptography using elliptic curves with a 257 bit key roughly corresponds to a 3200 bit RSA key 1 X 509 v3 certificates for persons and equipment 1 Secure storage and transport of confidential parameters using smart card technology Secure authentication of the users based on individual device certificates precedes each link setup A unique set of keys is generated for each management connection and for each data connection that
7. to back Group encryption multipoint Asymmetric Key agreement Digital signature Authentication Symmetric External emergency erasure Emergency erasure after loss of power Management systems Security and configuration management Security management ports Network management Network management ports Approvals certifications German Federal Office for Information Security BSI EANTC Key generation TRNG CE approval General data Operating temperature range Storage temperature range not initialized MTBF availability Power supply Dimensions and weight Form factor Dimensions W x H x D Weight Shipping weight 14 R amp S SITLine ETH1G R amp S SITLine ETH100 R amp S SITLine ETH50 1 1 2o0r4 1 optical electrical exchangeable SFP electrical exchangeable SFP electrical built in 1 Gbit s 100 Mbit s 25 Mbit s 50 Mbit s 100 Mbit s 4000 4000 250 e a e e e e e e e e e MPLS transparent e MPLS transparent 257 bit ECC key roughly corresponds to a 3200 bit RSA key Diffie Hellman DH ECKAS protocol ECDSA X 509 v3 certificates AES with 256 bit key CFB interleaved mode GCM other standard algorithms or customer specific algorithms upon request e MPLS transparent after two days after two days after one to seven days can be configured and deactivated with R amp S SITScope online via network inband outband inband outband inband with SNMP v1 v2c
8. v3 independent of security management with R amp S SITLine Admin inband outband inband outband inband German restricted VS NfD German restricted VS NfD German restricted VS NfD NATO restricted interoperability test NATO restricted interoperability test NATO restricted interoperability test Common Criteria EAL 4 Common Criteria EAL 4 Common Criteria EAL 4 5 C to 50 C 20 C to 70 C 47000 h 99 9830 46 000 h 99 9826 110 V or 240 V 50 Hz or 110 V or 240 V 50 Hz or 60 Hz redundant hot swappable 60 Hz redundant hot swappable 20 C to 0 C 40 C to 70 C 25000099997770 24 V DC to 60 V DC redundant rack format 19 1 HU half rack format 7 5 1 HU top hat rail DIN rail 190 mm x 36 mm x 190 mm 7 5 in x 1 4 in x 75 in max 1 5 kg 3 3 Ib max 3 kg 6 6 Ib A38 mm x 44 mm x 596 mm 1172 in x 1 7 in x 23 5 im max 7 6 kg 16 8 Ib including installation fixtures max 18 5 kg 40 8 Ib Ordering information Designation R amp S SITLine ETH50 half rack format 7 5 1 HU Ethernet Encryptor 1 line 25 Mbit s Ethernet Encryptor 1 line 50 Mbit s Ethernet Encryptor 1 line 100 Mbit s R amp S SITLine ETH100 rack format 19 1 HU Ethernet Encryptor 1 line 100 Mbit s Ethernet Encryptor 2 lines 100 Mbit s Ethernet Encryptor 4 lines 100 Mbit s R amp S SITLine ETH1G rack format 19 1 HU Ethernet Encryptor 1 line 1 Gbit s R amp S
9. SITLine ETH uses traps SNMP v1 or notifications SNMP v2c 3 to actively inform the SNMP network man agement about network events For troubleshooting loop back diagnostics can be performed for every port using quick payload diagnostics or long Inward diagnostics Network management through service providers For security management using R amp S SIT Scope and for SNMP based network management separate IP addresses can be assigned to each encryption device Network man agement can also be accomplished from the carrier net work This permits the use of outsourcing models in which a service provider can reach the R amp S SITLine ETH for net work management via SNMP although the entire security functionality remains under the customer s direct control SNMP based network management Customer Network operator Carrier In order to configure network settings and query status information SNMP is used either within the local network blue arrows or from the carrier network black arrows Administrators and service providers authenticate themselves to the R amp S SITLine ETH using SNMP community strings or SNMP credentials Security settings remain unaffected 12 specifications in brief R amp S SITScope Minimum system requirements for the R amp S SITScope server software Operating system Windows XP SP2 Windows Server 2003 Windows Server 2008 32 64 bit Hard disk min 160 Gbyte of free space RAM min 2 Gbyte
10. The client runs on the administrators workstation computers Communications between server and client and between server and encryption device take place via TLS SSL secured links R amp S SITScope communicates with the R amp S SITLine ETH via the network that is to be en crypted inband or via a dedicated management network outband A central network plan is generated in R amp S SITScope for configuring the R amp S SITLine ETH encryption devices This network plan contains device parameters e g IP ad dresses for device management the devices operating modes e g bulk and VLAN and the communications re lationships between the devices encrypted unencrypted The device certificates and their private keys are generated and distributed to R amp S SITLine ETH devices in accordance with the network plan After the R amp S SITLine ETH has been initialized once using a USB device token it is available online for all management tasks Whether they need to reconfigure settings change a certificate or update firmware with R amp S SITScope administrators can accomplish all manage ment tasks from their workstation Should any R amp S SITLine ETH devices be stolen or even compromised R amp S SIT Scope adds them to certificate revocation lists CRL which are published online in the network R amp S SITScope is only required for managing the individual devices during operation the R amp S SITLine ETH determines th
11. ations the R amp S SITLine ETH has been equipped with innovative group encryption functionality This approach employs the multicast capabilities offered by advanced carrier networks without compromising the level of security for the transmitted data Regardless of the number of recipients the data is encrypted and transmit ted only once the carrier or network distributes the data No need for central or internal key servers The R amp S SITLine ETH devices employ fully automatic pro cesses to negotiate the session keys required for operation and to distribute them securely to the authorized commu nications partners No dedicated encryption key servers are required Failure of one device has no influence on the operation of the rest of the network because partner de vices find each other automatically and regularly re estab lish secure links R amp S SITScope the central security management system for R amp S SITLine ETH see page 10 is primarily required for installation and monitoring Once operational the R amp S SITLine ETH devices organize the encryption on their own without any additional components Better transmission performance than with IPsec The R amp S SITLine ETH s reduced overhead has a positive effect on transmission quality This becomes especially clear when using services that employ small packet sizes such as voice over IP The shorter response times and low er latencies noticeably improve service qualit
12. e session key itself independently of R amp S SITScope The R amp S SITScope security management system is available to administrators for configuring security relevant settings on the R amp S SITLine ETH Virtualization capability and high availability If R amp S SITScope is procured as software the server can also be run in virtual environments Virtual Box VM Ware To ensure hardware security R amp S SITScope uses a smart card that has been integrated into a USB stick This root token is used to securely generate and apply the secret upon which the keys are based and must be constantly available on the server during operation By employing redundant instances it is also possible to achieve high availability for R amp S SITScope operations The network plan and device parameters are synchronized be tween these instances After activation each R amp S SITLine ETH device searches independently for a path to the R amp S SIT Scope server This is accomplished using IP protocols layer 3 on all available network connections and by querying partner devices via Ethernet layer 2 for possible R amp S SIT Scope instances Should a management connection fail during operation the R amp S SITLine ETH searches independently and auto matically for alternative connections self healing Clearly defined roles R amp S SITScope offers the possibility of using roles to as sign manage and seamlessly log clearly defined adm
13. et payload rate by as much as 60 Net payload rate capacity utilization 100 IP over Ethernet L2 encryption without data integrity protection 90 L2 encryption with data integrity protection IPSec encryption 80 70 Transmission payload 60 50 40 For a medium sized packet of 250 byte the R amp S SITLine ETH offers a significantly higher net payload rate than IPsec encryption 250 900 130 1000 1250 1500 R amp S SITLine ETH gt 90 L2 encryption Size of packets transmission units gt IPsec encryption 75 30 Low maintenance and service requirements Ethernet operates independently of the logical IP network structures This eliminates the need for adaptations when integrating new applications changing providers or mi grating of higher level network protocols e g from Pv4 to IPv6 Experience has shown that due to the long update and upgrade cycles the service costs for layer 2 systems are significantly lower than for other solutions Bandwidth efficiency through group encryption multipoint approach Classic encryption systems such as IPsec establish mul tiple dedicated connections between the encryption devic es which are each secured using a separate key Data that is meant for more than just one site e g video conference data must be duplicated and then sent to the different sites via Individual connections For such applic
14. feguard dedicated Ethernet lines that are con nected in parallel Rohde amp Schwarz R amp S SITLine ETH Ethernet Encryptor 5 Low syst e mM C 0 st S aa for installation and The R amp S SITLine ETH integrates into a network in a fully transparent manner Except for the security parameters Compared with other encryption solutions Ethernet no other network specific configuration steps are required carrier services protected by the R amp S SITLine ETH As a plug amp play technology Ethernet requires almost no make it possible to reduce operating costs configuration effort to get started That saves installation er eo dd time and expense significantly while maintaining a high level of security Low space and energy costs The compact design low module height and different device classes make It possible to save both installation Space and energy The multiport device provides the func tionality of up to four devices while consuming only the Space and power of a single device The option of safe guarding up to four physical lines with a single device is unique worldwide Lower transmissions costs than with managed IP The significantly lower overhead for Ethernet encryp tion improves the net to gross transport ratio Depending on the traffic profile and the selected security functions the net payload rate only drops by 0 to 13 when us ing Ethernet encryption For the sake of comparison An Psec secured L3 VPN reduces the n
15. inis trator rights Roles are bound to specific USB user tokens and the related certificate making it impossible to abuse or manipulate rights There are supervisor manager and monitor roles available A supervisor is allowed to configure fundamental secu rity management settings and functions and manage user accounts Supervisors do not manage devices Manag ers are responsible for configuring and monitoring the R amp S SITLine ETH devices Managers are not able to man age user accounts Monitors are only allowed to monitor the operating status they cannot make any changes Unauthorized access to the independent closed security management functionality is not possible Central point for log files and audits R amp S SITScope collects all log information from the in dividual R amp S SITLine ETH devices and stores this data until it is confirmed by an administrator R amp S SITScope offers professional audit capabilities for summarizing and analyzing the processes that take place on different R amp S SITLine ETH devices In addition log information can be passed on from R amp S SITScope to Syslog servers in the network Security management R amp S SITScope security management Monitor Administrators can conveniently configure the security parameters for all devices from their own workstation via the network They only need their USB user token to authenticate themselves to R amp S SITSco
16. interconnection via global networks just as easy as in house cabling Unfortunately this also means a greater susceptibility to attacks from public networks Eavesdropping manipulation and disruption are as easy as in any computer network The BSl approved R amp S SITLine ETH safeguards communications through encryption on the Ethernet layer The R amp S SITLine ETH safeguards public and private connections over landline radio relay and satellite links Confidential communications between sites and within individual sites L2 VPN Video conferences VoIP calls database queries organi zations must safeguard the confidentiality of their inter nal communications links in order to prevent espionage and undesired manipulation of data This is especially important when parts of the communications links are established over long distances as is the case for orga nizations with geographically dispersed sites and for networking within a large campus In such cases the R amp S SITLine ETH s flexibility and variability are highly ben eficial because all devices are interoperable Depending on the site to be Integrated the optimal device can be se lected based on criteria such as the required transmission capacity the number of connections that are needed and the environmental characteristics From the encryption of individual lines or applications to the safeguarding of com plex structures Interoperability allows the security
17. l Eine ETEC 110 R amp S SITScope Set R amp S SITScope Appliance Data sheet for the R amp S SITLine ETH100 1G see PD 5214 0724 22 Data sheet for the R amp S SITLine ETH50 see PD 5214 4607 22 and www sit rohde schwarz com Rohde amp Schwarz R amp S SITLine ETH Ethernet Encryptor 15 9401 8830KQ02 9401 8830KQ02 5401 8830K02 5401 7004K11 5401 7004K12 9401 7004K13 5401 6820K1 1 59410 0650 04 5410 8400K53 5410 8400K13 1502 0567 00 5401 8898 00 9401 8198 00 4055 6412 00 5401 8181 00 9410 0650 02 5410 0650 03 9410 0650 05 5401 8900 31 5401 8875 31 9401 8900 32 5401 8875 32 5410 8439 31 5410 8439 32 About Rohde amp Schwarz Rohde amp Schwarz is an independent group of companies specializing in electronics It is a leading supplier of solu tions In the fields of test and measurement broadcasting radiomonitoring and radiolocation as well as secure communications Established more than 5 years ago Rohde amp Schwarz has a global presence and a dedicated service network in over 70 countries Company headquar ters are in Munich Germany Environmental commitment 1 Energy efficient products 1 Continuous improvement in environmental sustainability Certified Quality System ISO 9001 Rohde amp Schwarz SIT GmbH Am Studio 3 D 12489 Berlin Phone 49 30 65884 223 Fax 49 30 65884 184 E mail info sit rohde schwarz com www sit rohde schwarz com Rohde amp Sch
18. lines EPLs With this approach two encryption devices com municate directly with one another using either transport or tunnel mode The transport mode only encrypts the payload data e g the IP packet and leaves the Ethernet address information unchanged In tunnel mode all traffic including addresses is encrypted and then sent as pay load data in new Ethernet packets In scenarios in which two devices are directly intercon nected without a switch R amp S SIT Line ETH100 devices and R amp S SITLine ETH1G devices can be operated in bulk mode Bulk mode encrypts all Ethernet packets including address information without adding overhead which of fers a higher degree of confidentiality while maintaining maximum data throughput When a central site needs a secure network connec tion to multiple remote sites in a star topology the R amp S SITLine ETH can based on the VLAN that is being used allocate the Ethernet traffic to a corresponding R amp S SITLine ETH This requires the network provider to offer multiple Ethernet virtual private lines EVPLs that can be encrypted in a VLAN specific way using the R amp S SITLine ETH Innovative group encryption for multicast topologies ELANs In fully meshed Ethernet local area networks ELANSs classic encryption obstructs the carrier network s multi casting capabilities by establishing dedicated paths between the encryption devices Videos and other live streams that are
19. nd monitoring networks Securing rail control and monitoring networks Public transport networks are managed in central control centers which receive information from transport hubs e g railway stations signal boxes that may be unattend ed Automation enables tighter scheduling of trains and greater punctuality However unattended transport hubs require a higher level of protection against manipulation especially when they are connected to the control center over public networks In such cases cryptographic func tions can safeguard the integrity of the transmitted data Special R amp S SITLine ETH models are available for use in more challenging environments e g extended tempera ture range Installation with top hat rail DIN rail external emergency erasure For more information on securing rail control networks see application brochure PD 3606 6505 92 and www rohde schwarz com Secure interconnection of data centers and storage area networks SAN Central corporate data centers often feature a redundant design These centers must be securely interconnected via high performance lines The state of the art transmission technology for this application is Ethernet services with a transmission capacity of at least 100 Mbit s and typically several Gbit s The R amp S SIT Line ETH can be scaled for connections in the Mbit s and Gbit s ranges In addition the multiport version of R amp S SITLine ETH can be used to efficiently sa
20. nections IP VPN when it comes to site networking The R amp S SITLine ETH pro vides different models and performance classes The R amp S SITLine ETH family of devices is a flexible solution for meeting changing requirements and offers a high level of investment protection Key facts 1 Ethernet encryptors in performance classes from 25 Mbit s to 1 Gbit s 1 Advanced cryptographic methods and standards elliptic curves AES X 509 1 Flexible deployment in advanced transmission networks Encryption based on port VLAN or group assignment multipoint Maximum bandwidth efficiency avoidance of overhead Convenient online management capabilities for device configuration and for security and networks settings 1 Very compact design 1 HU for single port and multiport devices very low energy consumption low total cost of ownership TCO 1 Approved by the German Federal Office for Information Security BSI up to the German restricted VS NfD and NATO restricted classification levels R amp S SITLine ETH50 J a Cm Ca O Emergency 9 ROHDE amp SCHWARZ SITLine ETH50 R amp S slTLine ETH Ethernet Encryptor Benefits and key features R amp S SITLine ETH1G Safeguarding civil official and military communications 1 Confidential communications between sites and within a single site L2 VPN Safeguarding radio relay and satellite links SatCom Securing rail control and monitoring networks
21. on proof devices The R amp S SITLine ETH features not only cryptographic core functions but also an intricate system of mechanical and electromechanical security functions This includes layered security zones protected memory protection mechanisms against mechanical manipulation and other security func tions for counteracting attempts to steal or manipulate en crypted confidential information Rohde amp Schwarz R amp S SITLine ETH Ethernet Encryptor 9 Central security management over the network R amp S SITScope is the security management system for the R amp S SITLine ETH Ethernet encryptor R amp S SITScope is based on a client server architecture and is available as a pre installed appliance or as separate software for Windows Smart cards that have been integrated into USB tokens are used to ensure secure handling of user and device certificates Configuration does not contai guration incomplete usi Transceiver retarted A a Agram data yet Sing deFau values coge ti CORBA Event Channel Check 2S CORBA Event Channel Check CORBA Event Channel Check El Cannot resolve root name context adrese REDef net pae successfully finished 1206 209 1641 24 t i 1 20864 ae mae a 12 06 2009 16 41 19 10 Online convenient and secure The R amp S SITScope server acts like the certificate author ity CA in a public key infrastructure and is operated in a secure environment computer center with access con trol
22. pe R amp S SITLine ETH100 R amp S SITLine ETH1G also have ports for a separate management network outband Rohde amp Schwarz R amp S SITLine ETH Ethernet Encryptor 11 SNMP based network management Network settings on R amp S SITLine ETH devices can be configured using the simple network management protocol SNMP Furthermore the devices offer detailed data for monitoring as well as extensive diagnostic capabilities via SNMP using any SNMP browser or the R amp S SITLine Admin program delivered with the R amp S SITLine ETH Support of SNMP v1 v2c and v3 Network relevant settings on the R amp S SITLine ETH en cryption devices are configured via the network manage ment This includes basic configuration settings such as the Ethernet connection speed and duplex behavior Ex tended configurations are also possible such as Ethernet operation and maintenance OAM or preset VLANs for network searches The necessary user identification is ac complished using community strings when SNMP v1 2c is used With SNMP v3 the log in details user name pass word are set and verified securely Extensive monitoring and diagnostic capabilities Each R amp S SITLine ETH device provides extensive statis tics that can be called up via SNMP such as the number of encrypted unencrypted Ethernet frames transmitted If Ethernet frames have been blocked because they were redundant replay attacks this is also recorded The R amp S
23. solution to scale with the network This provides long term invest ment protection for users Safeguarding radio relay and satellite links SatCom Precise timely information is necessary for strategic com mand and control of forces in the field Situation reports with image and video material often need to be transmit ted over long distances Radio relay and SatCom links are used to connect field units to a central station e g control center headquarters which in many cases might even be on a different continent In order to ensure information su periority the data must be protected against manipulation and it must not fall into the hands of third parties reason enough to use strong encryption However the encryption must not place any additional load on the already very nar row bandwidth of the radio relay or SatCom link Especially scenarios with narrow bandwidths make the R amp S SITLine ETH design advantages clear The R amp S SITLine ETH requires significantly less protocol infor mation overhead to provide encrypted transmission than is required for classic IP encryption Despite throughput limitations the information is protected against eavesdrop ping and manipulation during the entire radio relay trans mission or during satellite hops For more information on securing satellite networks see application brochure PD 3606 8189 92 and www rohde schwarz com The R amp S SITLine ETH protects rail control a
24. warz GmbH amp Co KG www rohde schwarz com Regional contact 1 Europe Africa Middle East 49 89 4129 12345 customersupport rohde schwarz com 1 North America 1 888 TEST RSA 1 888 837 87 72 customer support rsa rohde schwarz com 1 Latin America 1 410 910 79 88 customersupport la rohde schwarz com 1 Asia Pacific 65 65 13 04 88 customersupport asia rohde schwarz com 1 China 86 800 810 8228 86 400 650 5896 customersupport china rohde schwarz com R amp S is a registered trademark of Rohde amp Schwarz GmbH amp Co KG Trade names are trademarks of the owners Printed in Germany ch PD 5214 0724 12 Version 06 00 June 2013 R amp S SITLine ETH Data without tolerance limits is not binding Subject to change 2008 2013 Rohde amp Schwarz GmbH amp Co KG 81671 Munchen Germany 5214072412
25. y compared with connections secured with IPsec It is also possible to establish a higher number of VoIP connections Transmission performance Ethernet and IPsec encryption VolP Transmission capacity in PDU t 1518 500 64 Decreasing packet size PDU size in byte gt R amp S SITLine IPsec Transmission performance for Ethernet encryption layer 2 compared with IPsec encryption layer 3 Using the R amp S SITLine ETH to provide security offers clear advantages especially for applications with small packet sizes such as voice Rohde amp Schwarz R amp S SITLine ETH Ethernet Encryptor 7 Professional certified security Ethernet is a well established universal standard for wireline and wireless data transmission However it does not protect the confidentiality or integrity of the transmitted data The R amp S SITLine ETH provides significantly more efficient and effective protection than other solutions It has been approved by the German Federal Office for Information Security BSI for handling classified documents up to the German restricted VS NfD level anne A Power gt 4 Config Status Token Local Emergency Securing point to point Ethernet lines and Ethernet VLANs The R amp S SITLine ETH was developed in compliance with the Metro Ethernet standard and is able to encrypt point to point Ethernet lines referred to as Ethernet private
Download Pdf Manuals
Related Search