CEP1000 - Certes Networks

CEP1000 - Certes Networks
DATASHEET
CEP1000
Certes Enforcer Appliance
FEATURES AND
BENEFITS
§
Interoperable with
Certes Net Enforcer
product family
§
Encrypted throughput
100, 155, 250, 500,
650 Mbps, and 1Gbps
§
§
§
Seamless scalability
§
Easy installation and
management
§
Per-frame/packet
authentication
Infrastructure neutral
Transparent to
network and
applications
COMPREHENSIVE
DATA PROTECTION
§
IPsec site-to-site
networks
§
MPLS meshed
networks
§
Metro Ethernet and
VPLS networks
§
Voice and video over
IP applications
§
Internet and SDN
links
The Certes Net Enforcer Variable Speed Encryptors (VSEs) are bandwidth customizable multilayer encryption appliances that provide tunnel-less data protection, including Ethernet frame
encryption for Layer 2 networks, IP packet encryption for Layer 3 networks, and Layer 4 data
payload encryption for IP and MPLS networks. The VSEs offer full-duplex encryption at 15
standardized rates ranging from 3Mbps to 10Gbps using the AES-256 algorithm.
The VSEs enable organizations to standardize on a single platform capable of encrypting at
various throughputs, based on software licenses. This allows organizations to continue to use the
same encryption hardware as their bandwidth needs increase, providing both flexibility and
investment protection. The VSEs integrate easily into any existing network, operating
transparently to the network infrastructure. They ensure data transmissions are encrypted, without
compromising performance.
Scalable and Secure Group Encryption – The VSEs use scalable group encryption to provide
encrypted and authenticated low-latency any-to-any connectivity. CryptoFlow Net Creator, Certes
Networks’ web-based management platform, manages the VSEs to securely generate and
distribute group keys to authorized endpoints. By avoiding the use of IPsec tunnels, group
encryption greatly reduces deployment complexity and provides fully meshed encryption that is
easy to manage. The solution is also compatible with load balancing, highly available network
designs, QoS and network monitoring tools.
Ethernet Frame Encryption – The VSEs are compatible with all Layer 2 unicast, multicast, pointto-point, and multi-point-to-multipoint topologies. They also authenticate all Ethernet frames,
preventing man in the middle attacks. Encryption polices can be based on VLAN ID’s Ethertype
(L2 option) for crypto-graphic segmentation of data or can be set to encrypt all Ethernet frames.
Persistent authentication of frames ensures that the data received at the remote end of a
connection originated from a trusted source. While encryption directly protects data, without
authentication, data streams remain vulnerable to modification from man in the middle attacks.
Unlike many encryption solutions, the VSE’s provide continuous authentication to ensure that
both the data and the communication streams are uncompromised. Without both, the network and
data are less than secure.
IP Packet Encryption – Using the IP Security (IPsec) protocol, the VSEs provide full data
encryption for Layer 3 IP networks. The VSE family utilizes the Certes Networks Encapsulating
Security Payload protocol (CN-ESP) to encrypt the IP packet, while preserving the original IP
header. This unique functionality maintains network transparency while providing maximum data
protection. By preserving the original header and encrypting only the payload, the VSEs can
protect data over any IP infrastructure including multi-carrier, load-balanced, and high availability
networks.
Payload Only Encryption – In addition to standard IPsec encryption, (which encrypts the Layer 4
header), the VSEs offer a Layer 4 compatible “payload only” encryption option. This unique,
patent-pending capability allows network services, such as Net flow/Jflow, and Class of Service
(CoS) based traffic shaping, to be maintained through the service provider network while the
payload itself is encrypted.
Central Policy Management – The VSEs can be configured and centrally managed via the
CryptoFlow Net Creator. CryptoFlow Net Creator allows both security and network administrators
to quickly and easily manage network security from a centralized interface with simple, yet
powerful, drag-and-drop policy creation capability. Encryption policies can be based on source or
destination IP addresses, source or destination port numbers, protocol IDs, or VLAN tags.
Policies can be quickly and easily modified in seconds on even the largest networks, without
traffic disruptions or interaction with remote personnel. CryptoFlow Net Creator also provides
logging and audit capabilities.
CEP1000
DATASHEET
Technical Specifications
ENCRYPTED THROUGHPUT
•
100, 155, 250, 500, 650Mbps and
1Gbps *
DEVICE MANAGEMENT
•
CryptoFlow Net Creator
Command Line Interface
•
Out-of-band management Alarm
condition detection and reporting
•
Syslog support
•
SNMPv2c and SNMPv3 managed
object support Audit Log
* Dependent on packet size of
512 or larger
ENCRYPTION ALGORITHMS
•
AES-CBC-256
•
3DES
MANAGEMENT COMMUNICATION
SECURITY OPTIONS
•
X.509 v3 digital certificates
•
TLS (full authentication)
•
SSH
MESSAGE AUTHENTICATION &
INTEGRITY ALGORITHMS
•
SHA1
•
SHA2
ENVIRONMENTAL
•
Operating temperature: 0° to 40°
C (32° to 104° F)
•
EU WEEE
•
EU RoHS-5
NETWORK SUPPORT
•
Ethernet
•
VLAN tag preservation
•
MPLS tag preservation
•
IPv4
•
IPv6
•
NTP
POLICY SELECTOR OPTIONS
•
Source or destination IP address
Source or destination port number
Protocol ID (L3 and L4 options)
VLAN ID (L2 option)
•
Multicast address
REGULATORY
•
Safety: UL 60950-1
•
Emissions: FCC part 15 subpart B
class B
•
INDICATORS
•
Power
•
Alarm
•
LED Status
PHYSICAL
•
1U tamper evident chassis
•
Dimensions: 1.75”H x 17”W x 10”D
•
Rack mountable in standard 19” rack
•
Power: Dual A/C hot swappable
100V@3.A - 240V@1.5A, 47-63Hz,
auto- sensing
•
Thermal: In-rush 380 BTU/hr, Steadystate 140 BTU/hr
•
Nominal input current: .65A@110V
•
Weight: 9 lbs
•
MTBF: 158,520 hours
•
FIPS 140-2 Level 2 validated
(certificate #1799)
•
Hardware designed to meet FIPS 140-2
Level 3 requirements
•
Common Criteria EAL4+ Certified
INTERFACES
•
Data: Two full-duplex Gigabit Ethernet
ports with SFP interfaces (single mode,
multimode or copper)
•
Management: One 10/100 RJ45
Ethernet and one RS232 serial port
Management SFP port and Aux1 SFP
port are for future use
About Certes Networks
Certes Networks’ solutions safeguard enterprise applications extended to any user or remote facility over any network. The
solutions solve the broken network trust model causing the worldwide wave of data breaches. Companies and governments
in nearly 100 countries around the world rely on solutions from Certes to shrink their attack surfaces and safely use low-cost
network and Cloud resources with lower risk.
Learn more at CertesNetworks.com
Contact Certes Networks
North America Sales
Asia-Pacific Sales
300 Corporate Center Drive, Suite 140
Pittsburgh, PA 15108
Tel: +1 (888) 833-1142
Fax: +1 (412) 262-2574
CertesNetworks.com
sales@certesnetworks.com
apac@certesnetworks.com
Europe, Middle East
and Africa Sales
Central & Latin America Sales
emea@certesnetworks.com
Government Sales
sales@certesnetworks.com
sales@certesnetworks.com
V5-02-16-2017
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising