INTERNATIONAL LAW ENFORCEMENT CCTV NETWORK SERVICES

Similar documents
INTERNATIONAL LAW ENFORCEMENT CCTV NETWORK SERVICES

INTERNATIONAL LAW ENFORCEMENT HD CCTV NETWORK

SENETAS CERTIFIED HIGH-ASSURANCE NETWORK ENCRYPTION FOR GOVERNMENT

HIGH-ASSURANCE FLEXIBLE 1-10GBPS ENCRYPTION CN6000 SERIES

AVAYA FABRIC CONNECT SOLUTION WITH SENETAS ETHERNET ENCRYPTORS

SENETAS ENCRYPTION KEY MANAGEMENT STATE-OF-THE-ART KEY MANAGEMENT FOR ROBUST NETWORK SECURITY

BIG DATA INDUSTRY PAPER

ADVANCED DEFENCE-GRADE

CN9000 Series 100Gbps Encryptors

SENETAS CERTIFIED HIGH-ASSURANCE ENCRYPTION FOR THE DEFENCE INDUSTRY

VERSATILE ENTRY-LEVEL

100GBPS, ULTRA-FAST, CERTIFIED HIGH- ASSURANCE NETWORK ENCRYPTION FOR MEGA DATA

TRAFFIC FLOW SECURITY USING SENETAS HIGH- ASSURANCE ENCRYPTORS TECHNICAL PAPER

Understanding Layer 2 Encryption

SENETAS CN8000 MULTI-LINK 10x10 GBPS ENCRYPTOR FREQUENTLY ASKED QUESTIONS

HIGH-ASSURANCE ENCRYPTION SOLUTIONS SECURING FINANCIAL SERVICES DATA IN TRANSIT SOLUTION PAPER

UNDERSTANDING SENETAS LAYER 2 ENCRYPTION TECHNICAL-PAPER

Innovative Security Solutions For Protecting Data in Motion

INTRODUCTORY Q&A AMX SVSI NETWORKED AV

Datacryptor Key Features. Page 1 of 5. Document Number 40676

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Secure Connectivity for Multi-Site Organisations

PassTorrent. Pass your actual test with our latest and valid practice torrent at once

MetroWAVE CWDM REFERENCE GUIDE

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

An introduction to MPLS IPVPN. TTB PRES MPLS IPVPN DIRECT v2.indd 1 25/08/ :48

MPLS VPN: Business Ready Networks. The cost-effective, scalable and robust network solution

Managed Services Rely on us to manage your business services

Choosing the Right. Ethernet Solution. How to Make the Best Choice for Your Business

Cisco Group Encrypted Transport VPN

Title of Presentation

Military Messaging. Over Low. Bandwidth. Connections

OPTera Metro 8000 Services Switch

REDUCING THE COST OF METRO FIBRE ACCESS A SOLUTION GUIDE FOR SERVICE PROVIDERS

Evaluating networking technologies

DATA CENTRE & COLOCATION

Technical Document. What You Need to Know About Ethernet Audio

Midrange Routing Solutions

Customer Onboarding with VMware NSX L2VPN Service for VMware Cloud Providers

VPN Cloud. Mako s SD-WAN Technology

MyCloud Computing Business computing in the cloud, ready to go in minutes

Cisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide

MX MIDRANGE ROUTING SOLUTIONS Sales Guide

VXLAN Overview: Cisco Nexus 9000 Series Switches

Nuclias by D-Link is a complete cloud-managed networking solution for small to medium-sized organisations with one or more sites.

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

World Class. Globally Certified. High Availability.

Encryption in high-speed optical networks

Best Practices for Extending the WAN into AWS (IaaS) with SD-WAN

QUALITY OF SERVICE AND THE EFFECTS OF DATA ENCRYPTION ON VSAT NETWORKS (GOVERNMENT NETWORKS)

MASERGY S MANAGED SD-WAN

IT & Healthcare. Services. Systems

Live Broadcast: Video Services from AT&T

Scalability Considerations

NCIT*net 2 General Information

IBM Europe Announcement ZP , dated November 6, 2007

Why KVM over IP? Leading the World in KVM Innovations

Wireless Network Policy and Procedures Version 1.5 Dated November 27, 2002

Seven Criteria for a Sound Investment in WAN Optimization

Datacryptor AP Layer 3 IP Encryptor

Enterprise Private Cloud. Fully managed private cloud as a service in your data centre or ours.

MANAGING THE COMPLEXITY.

Cloud Services. Infrastructure-as-a-Service

Corporate Profile. Fibre Network Integration Specialists

We re ready. Are you?

Reaping the Full Benefits of a Hybrid Network

Nokia Passive Optical LAN solution

Data center interconnect for the enterprise hybrid cloud

Data Center Interconnect Solution Overview

Virtual private networks

From Zero Touch Provisioning to Secure Business Intent

CONNECTING THE CLOUD WITH ON DEMAND INFRASTRUCTURE

PKI Credentialing Handbook

SD-WAN Deployment Guide (CVD)

FIS Global Partners with Asigra To Provide Financial Services Clients with Enhanced Secure Data Protection that Meets Compliance Mandates

Alcatel-Lucent 1850 TSS Product Family. Seamlessly migrate from SDH/SONET to packet

Cisco Wireless Video Surveillance: Improving Operations and Security

Communication Service Provider

wi4 Fixed Point-to-Multipoint Canopy Solutions


Cisco Catalyst 6500 Series VPN Services Port Adapter

Carrier Ethernet Services Delivery

Fully managed Cloud-based business software solution

Open Cloud Interconnect: Use Cases for the QFX10000 Coherent DWDM Line Card

BT Connect Networks that think Optical Connect UK

GRE and DM VPNs. Understanding the GRE Modes Page CHAPTER

ENTERPRISE CONNECTIVITY

Mobile IoT: The Ideal Fit for Smart Cities

6WINDGate. White Paper. Packet Processing Software for Wireless Infrastructure

Unity EdgeConnect SP SD-WAN Solution

Data Center Applications and MRV Solutions

HP S1500 SSL Appliance. Product overview. Key features. Data sheet

MRV Communications Inspiring Optical Networks for over 20 Years

RBRIDGES LAYER 2 FORWARDING BASED ON LINK STATE ROUTING

Guide to SDN, SD-WAN, NFV, and VNF

Virtualized Network Services SDN solution for enterprises

IP VPn COMMITTED TO QUALITY

We are securing the past in a fast moving future. FOX605 multiservice platform.

Virtualized Network Services SDN solution for service providers

Introduction to iscsi

Transcription:

INTERNATIONAL LAW ENFORCEMENT CCTV NETWORK SERVICES CASE STUDY Application of High-Assurance Network Encryption Sector : Use Case: Solution: CCTV security HD video Layer 2 network architecture

A Major CCTV network and surveillance services provider chose Senetas encryptors to protect European law enforcement CCTV network transmitted data. Senetas CN Series encryptors enable high-assurance data security and integrity without compromising CCTV network s performance. OUR CUSTOMER AND ITS NEEDS Our customer is a specialist in delivering intelligent and secure surveillance information in challenging environments. It works with governments and multinational corporations on the most complex and critical high definition (HD) CCTV surveillance challenges within the regulatory, law enforcement, defence and critical infrastructure sectors. Working with a law enforcement organisation in Northern Europe the challenge was to design a secure video distribution infrastructure that would allow sensitive HD CCTV streams to be securely distributed across the whole country. CCTV technology is commonly used to help protect high-profile locations and business activities such as: Border control Airport security Casinos Gaming venues Wagering venues Public buildings safety Military bases security Oil and gas facilities protection Public gathering areas and streets Port security Public transportation systems. Demand for live HD video is being driven by many sectors and has led to a proliferation of network video traffic much of which is sensitive and must be securely and efficiently transmitted across communication infrastructures. More recently CCTV applications have seen increased demand for HD video image quality and real time video streaming. These requirements have challenged data security systems, which typically reduce image quality and incur latency driven streaming delays. Specifically, CCTV data requires protection against privacy breaches and input of rogue data and any unauthorised access that may adversely affect the CCTV data s integrity. These are particularly important issues for both law enforcement and regulatory needs. Importantly, efficient HD video distribution/streaming, which typically involves very large volumes of data) uses multicast transmission protocols to ensure that data is only sent to devices that have requested it. SENETAS CCTV BENEFITS After evaluating a number of data network alternatives and network encryption solutions, the customer identified Senetas encryptors primary advantages as: 100% HD CCTV image quality Optimal real time CCTV streaming These were due to the encryptors near-zero latency and data overheads. CCTV Network Services Case Study

Secure Cloud CCTV service Figure 1 Typical CCTV Network SENETAS CCTV ENCRYPTION SOLUTION The customer s solution required: an optimal high-speed data network for HD CCTV transmission; and high-assurance grade data encryption. A first solution was considered based on a regular Layer 3 (Internet Protocol) routed data network with all traffic to be encrypted using the common IPSec security protocol. IPSec is an industry standard for securing data across Layer 3 routed data network environments it is optimised for use on best-effort networks such as the Internet. But, IPSec is not a high-assurance encryption solution. However, because IP networks and the IPSec protocol have several limitations, especially when high-performance delivery of the HD CCTV feeds is required maximum speed, low latency and minimum network overhead image streaming quality and performance as well as data security would not meet the customer s requirements. There are also technical issues of complexity that arise when encrypting at Layer 3. Layer 3 IPSec encryption solutions typically require customers to increase the network bandwidth at considerable cost to help overcome (in part) some of these limitations. Network experts put this bandwidth overhead cost at 30% or more. IPSec introduces a high additional per frame overhead that may generate significant additional network bandwidth and latency when compared to the unencrypted traffic. The customer s business case considered: the network types efficiencies; encryption security robustness and the CCTV streaming quality and real time availability. The Senetas encryptors stood out in each element of the business case. CCTV Network Services Case Study

Secure Cloud service Figure 2 IPSec encryption overhead Furthermore, securing multicast encryption at Layer 3 is problematic because the underlying network requires additional routing protocols to support multicast traffic such as the Protocol- Independent Multicast (PIM) routing family. These protocols provide an additional level of complexity when required to interoperate with IPSec encryption. In practice the issue is that much of multicast IP (Internet Protocol) traffic is therefore encapsulated using GRE (Generic Routing Encapsulation) tunnels to allow the simpler encryption of unicast traffic, albeit with far higher overheads. Consequently, when encrypting at Layer 3, the underlying data network and equipment typically need to be of a higher specification and cost; and data delivery is very inefficient for larger scale multicast deployments. These potentially hidden costs were also important to the business case. SENETAS HIGH-ASSURANCE LAYER 2 NETWORK ENCRYPTION With the limitations and disadvantages of transmitting encrypted multi-location CCTV data across Layer 3 network links clearly identified, an alternative (dedicated) Layer 2 network architecture was considered. The alternative network architecture proposed and ultimately preferred was based on a pure Layer 2 WAN service with high-speed encryption at the Ethernet layer. The Senetas CN high-speed encryptors would not add overheads to the network data; offered near-zero latency and have no impact on other network assets. These features ensured the customer of high-assurance encryption security and both real time and maximum HD image quality. Importantly at Layer 2, the Senetas encryptors provide far simpler set and forget implementation and ongoing management making the solution much more efficient technically and financially. The Senetas encryption solution is optimised for network services such as Metro Ethernet E-LAN, E-LINE or E-TREE, layer 2 MPLS (VPLS) or across simple point-to-point dark fibre and WDM (Wavelength Division Multiplexor) connections. Because Layer 2 encryption occurs at the data link layer on Ethernet networks, the Ethernet payload is encrypted but the Ethernet header (including MAC addresses and VLAN identifiers) is unmodified allowing transmission across service provider networks. The Ethernet payload fully encapsulates the IP header and IP payloads which are also encrypted providing the additional security benefit of hiding all IP addresses in the transmitted data. By taking advantage of the underlying Layer 2 network characteristics, encryption at Layer 2 may deliver 100% encrypted throughput even at speeds up to 10Gbps with little or no additional per frame overhead. And because encryption occurs at the data link layer, no special configuration or protocols are required to encrypt multicast or broadcast traffic. CCTV Network Services Case Study

Figure 3 Ethernet encryption overhead To ensure efficient multicast data transmission across a Layer 2 network, protocols such as IGMP or MLD are often deployed between hosts and routers. Network switches may also perform IGMP monitoring to listen in on the IGMP conversation allowing them to maintain a map of links that need IP multicast streams. This mechanism maintains data network efficiency by only delivering frames where they are needed. By allowing IGMP/MLD traffic to be bypassed (when required) a Layer 2 encryptor allows the network to continue operating with maximum efficiency without requiring any underlying changes to its operation. Ultimately, for these reasons of encryption and data network performance and efficiencies, the CCTV services provider and its customer chose to implement Senetas high-performance Ethernet encryptors. The Senetas CN encryptors protect data transmitted from approximately one hundred end points throughout northern Europe from where video traffic is distributed. By reducing the data latency and network overheads and minimising technical complexities, the Senetas CN encryptors maximise the available bandwidth for the customer s use. The customer is able to significantly reduce its bandwidth and network management requirements and ultimately its costs. THE OUTCOME AND CUSTOMER BENEFITS Senetas high-assurance CN Series Ethernet encryptors provide certified information security; full line rate encryption for all data transmitted across point-point, hub and spoke and fully meshed data network environments. Network performance is maximised for delivery of multicast as well as unicast traffic. Simple, automatic zero-touch encryption key management ensures that encryption scales efficiently to the largest deployments. Figure 4 A Senetas CN6000 Ethernet encryptor CCTV Network Services Case Study

The continuous and consistent near-zero latency performance is enabled by Senetas s unique technology purpose built hardware encryption engines which perform cut-through processing of network traffic at wire speed. Their tamper resistant chassis provides protection to all encryption keys and user credentials at government certified levels. Senetas CN encryptors have certified by the four leading international, independent testing authority certifications FIPS, Common Criteria, NATO and CAPS. HIGH-ASSURANCE CUSTOMER SECURITY BENEFITS The underlying data security requirement sought by the customer was to implement a certified highassurance encryption solution for its CCTV network data. The customer sought to avoid low-assurance hybrid encryption products and standard-assurance products. The features and benefits that define Senetas CN Series encryptors as high-assurance are: Dedicated secure and tamper proof hardware State-of-the-art client side encryption key management encrypted and securely stored keys only available to the customer Gapless end-to-end and authenticated network encryption Standards based encryption algorithms. Senetas CN Series encryptors are all certified high-assurance network data encryption products. All Senetas CN Series encryptors are interoperable and support all Layer 2 network protocols and topologies. They are also crypto-agile making them Quantum safe. These features gave our customer peace of mind that its investment would be long-term and safe from future redundancy.

Figure 6 CM7 Management tool To assist the ease of implementation and encryptor management, Senetas CM7 remote management software is provided to all customers. Large numbers of encryptors are easily and securely managed using Senetas CM7. Using SNMPv3 this tool provides simple, secure remote management either out-of-band or in-band using the encrypted Ethernet port. Other important benefits to our customer s solution include: >> FLEXIBILITY AND INTEROPERABILITY Senetas s unique Field Programmable Gate Array technology enables customisation flexibility, such as custom entropy and curves. They may be tailored to customer requirements. All CN encryptors are interoperable providing an efficient long-term investment. >> ZERO IMPACT Senetas CN encryptors have no impact on other network assets and do not require any network changes during implementation. >> OUTSTANDING RELIABILITY Senetas encryptors provide 99.999% uptime in the most demanding 24/7 availability environments. Their high-assurance design and manufacture ensure peace of mind. >> FIELD UPGRADABILITY among the various CN encryptors, many have field replaceable and upgradeable components. Some models enable field-upgradable bandwidth performance. SCALABILITY - unlike other encryption solutions, Senetas CN series encryptors are scalable to as many as 500 connections

GLOBAL SUPPORT AND DISTRIBUTION Senetas CN series encryptors are supported and distributed glob- ally by Gemalto under its SafeNet encryption brand. Gemalto also provides pre-sales technical support to hundreds of accredited partners around the world; including systems integrators, networks providers, cloud and data centre service providers, telecommunications companies and network security specialists. For more information click here TALK TO SENETAS OR OUR PARTNERS Senetas and Gemalto also work with customers existing data network service providers, systems integrators and information security specialists to specify the optimal high-assurance encryption solution for their needs. Wherever you are, simply contact Gemalto or Senetas to discuss your needs. Or, if you prefer, your service provider may contact Gemalto or Senetas on your behalf. HIGH-ASSURANCE NETWORK ENCRYPTION Whatever your Layer 2 Ethernet network security needs, Senetas has a high-assurance solution to suit. They support modest 10Mbps to high-speed 10Gbps links and multiport 10x10Gbps links. Scalable, agile and easy to use; Senetas high-assurance encryptors provide maximum security without compromising network performance. SENETAS CORPORATION LIMITED E info@senetas.com www.senetas.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback