Documente Academic
Documente Profesional
Documente Cultură
Certification Course
01 - Introduction
Product Introduction
Gemalto/Safenet Global Encryptor Sales
GOVERNMENT, DEFENCE AND COMMERCIAL CUSTOMERS in 35+ countries
HSE – Where are they used…
Your data, video and voice on the move
From site to site, or multiple sites
The term virtual private network (VPN) may sound good, but…
What is the risk with Fibre Optic Networks?
It is well known that fibre can be tapped and is at risk to data theft.
Tapping used to fall into the realm of national intelligence…
Not any more !
Available on the internet for around $1000
Fibre Optic Tapping…
Twisted pair cabling is a type of wiring in which two copper conductors (the forward
and return conductors of a single circuit) are twisted together for the purposes of
canceling out electromagnetic interference (EMI) from external sources.
In balanced pair operation, the two wires carry equal and opposite signals and the
destination detects the difference between the two. This is known as differential mode
transmission
Connector is 8P8C (8 position 8 conductor, often referred to as RJ45 in the context of
Ethernet and category 5 cables)
Category 6 cable (Cat 6) is a cable standard for Gigabit Ethernet and other network Physical Layers that is
backward compatible with the Category 5/5e and Category 3 cable standards.
Compared with Cat 5 and Cat 5e, Cat 6 features more stringent specifications for crosstalk and system noise.
The cable standard provides performance of up to 250 MHz and is suitable for 10BASE-T, 100BASE-TX (Fast Ethernet),
1000BASE-T/1000BASE-TX (Gigabit Ethernet) and 10GBASE-T (10-Gigabit Ethernet).
Category 6 cable also contains four twisted wire pairs. The increase in performance with Cat 6 comes mainly from better
insulation;
Cat 6 patch cables are normally terminated in 8P8C modular connectors.
Networking cables:
Optical Fiber
An optical fiber cable is a cable containing one or more light transmitting optical fibers.
The optical fiber elements are typically individually coated with plastic layers and contained in a protective
tube suitable for the environment where the cable will be deployed.
The cladding is usually coated with a tough resin buffer layer, which may be further surrounded by a jacket layer, usually
plastic.
These layers add strength to the fiber (do not contribute to its optical properties).
Rigid fiber assemblies sometimes put light-absorbing ("dark") glass between the fibers, to prevent light that leaks out of
one fiber from entering another. This reduces cross-talk between the fibers, or reduces flare in fiber bundle imaging
applications.
The buffer or jacket on patch cords is often color-coded to indicate the type of fiber used
Networking cables:
Optical Fiber - Modes
There are two classifications for optical fiber:
single-mode (SMF) and multi-mode (MMF).
In SMF light follows a single path through the fiber while in MMF it takes multiple paths resulting in differential
mode delay (DMD).
SMF is used for long distance communication and MMF is used for distances of less than 300 m.
SMF has a narrower core (8.3 µm) which requires a more precise termination and connection method.
MMF has a wider core (50 or 62.5 µm).
The advantage of MMF is that it can be driven by lower cost VCSEL lasers for short distances, and
multimode connectors are cheaper and easier to terminate reliably in the field.
Its disadvantage is that due to DMD it can work only over short distances. To distinguish SMF from MMF
cables, SMF cables are usually yellow, while MMF cables are orange (OM1 & OM2) or aqua (OM3 & OM4).
Gigabit Ethernet Transceivers – GBIC
A gigabit interface converter (GBIC) is a standard for transceivers, commonly used with
Gigabit Ethernet and fiber channel.
By offering a standard, hot swappable electrical interface, one gigabit Ethernet port can support a
wide range of physical media, from copper to long-wave single-mode optical fiber, at lengths of
hundreds of kilometers.
The appeal of the GBIC standard in networking equipment, as opposed to fixed physical
interface configurations, is its flexibility.
Where multiple different optical technologies are in use, an administrator can purchase GBICs as
needed, not in advance, and they can be the specific type needed for each link.
Cisco-Linksys
MGBT1 Gigabit
1000baseT Mini-
GBIC SFP SFP
XFP
Transceiver
Gigabit & 10Gigabit Ethernet
(1000BASE-T & 10000BASE-T)
Gigabit Ethernet (GbE or 1 GigE) is a term describing various technologies for transmitting
Ethernet frames at a rate of a gigabit per second.
Implementation is usually full-duplex with switches.
The 10 gigabit Ethernet (10GE or 10GbE or 10 GigE) standard defines a version of Ethernet
with a nominal data rate of 10 Gbit/s, (ten times as fast as gigabit Ethernet).
10 gigabit Ethernet supports only full duplex links which can be connected by switches.
The 10 gigabit Ethernet standard encompasses a number of different physical layer standards.
10G Ethernet can also run over twin-ax cabling, twisted pair cabling and backplanes or fiber
connections.
40 Gigabit Ethernet, or 40GbE, and 100 Gigabit Ethernet, or 100GbE, are Ethernet
standards developed by IEEE P802.3ba Ethernet Task Force which started in November
2007, and ratified in June 2010.
Platform Architecture
HSE Product Family
CN4000 CN6000
Versatile and compact, the CN4000 desk- Rack-mounted, encryptors for business-critical
top encryptor operates between 10Mbps- applications; operating at speeds between
1Gbps. 1Gbps to 10Gbps.
CN8000 CN9000
Multi-link, multiple tenancy network data Ultra-fast, 100Gbps high-assurance encryption
encryption without compromising for ‘mega data’ networks and applications.
bandwidth or network performance.
The first commercially available 100Gbps
The optimal large-scale data network Ethernet encryptor to support the most
security solution for enterprise data centre complex fully meshed topologies.
and cloud service providers.
Protocols: Ethernet
Protocols: Ethernet, Fibre Channel Topologies: All
Topologies: All Certification: FIPS 140-2 Level 3 & Common
Certification: Common Criteria EAL2+ and Criteria
FIPS 140-2 Level 3
HSE Hardware Product Portfolio
CN4010/CN4020 CN6010 CN6100 CN8000 CN9100
Compact desktop 1U rack mount 1U rack mount 4U rack mount 1U rack mount
enclosure enclosure enclosure enclosure (10 blades) enclosure
100/1000Mbps 100/1000Mbps 1/10Gbps 10 * 1/10Gbps 100Gbps
(scalable licensing)
(scalable licensing) (scalable licensing) (scalable licensing) (scalable licensing)
(10Mbps – CN4010)
RJ45 (CN4010) RJ45 electrical Pluggable optical XFP Pluggable optical Pluggable optical
SFP (CN4020) interfaces SFP+ CFP-4
Pluggable optical SFP
External plug pack Dual redundant AC/DC Dual redundant AC/DC Dual redundant AC/DC Dual redundant AC
supplies supplies supplies supplies
FPGAs ASICs
Fast time to market with new features Long expensive development cycles
We own the code so the security can Hard to evaluate the security and
be easily evaluated functionality
Encryptor architecture
• FPGA encryption engine
cut-through non-blocking frame processing*
consistent latency and jitter
Independent of frame size
Control / data plane separation
• Available 1H 2018
Physical vs Virtual Encryption obvious differences
Hardware HSE CV1000
• Hardware root of trust • Runs on 3rd party hardware
• Tamper proof enclosure • No physical security
• Hardware RNGs • No certifications
• Cut-through HW encryption • Crypto offload: AES-NI
engine • Software RNG
• Deterministic ultra-low latency • Performance is platform
• Multiple certifications (FIPS, CC, dependent
NATO etc) • Optional Key Secure Connectivity
• Traffic flow security (‘hardened virtual appliance’)
• Plug and Play
• QKD
• Variable throughput licensing
options
Physical vs Virtual encryption
Optional Interface To SafeNet KeySecure
Entropy generation
Storage of master key for protection of critical
security parameters
‘Hardened’ virtual appliance