INTERNATIONAL LAW ENFORCEMENT CCTV NETWORK SERVICES

Similar documents
INTERNATIONAL LAW ENFORCEMENT CCTV NETWORK SERVICES

INTERNATIONAL LAW ENFORCEMENT HD CCTV NETWORK

AVAYA FABRIC CONNECT SOLUTION WITH SENETAS ETHERNET ENCRYPTORS

ADVANCED DEFENCE-GRADE

VERSATILE ENTRY-LEVEL

HIGH-ASSURANCE FLEXIBLE 1-10GBPS ENCRYPTION CN6000 SERIES

BIG DATA INDUSTRY PAPER

SENETAS CERTIFIED HIGH-ASSURANCE NETWORK ENCRYPTION FOR GOVERNMENT

CN9000 Series 100Gbps Encryptors

SENETAS CERTIFIED HIGH-ASSURANCE ENCRYPTION FOR THE DEFENCE INDUSTRY

TRAFFIC FLOW SECURITY USING SENETAS HIGH- ASSURANCE ENCRYPTORS TECHNICAL PAPER

100GBPS, ULTRA-FAST, CERTIFIED HIGH- ASSURANCE NETWORK ENCRYPTION FOR MEGA DATA

UNDERSTANDING SENETAS LAYER 2 ENCRYPTION TECHNICAL-PAPER

Understanding Layer 2 Encryption

SENETAS ENCRYPTION KEY MANAGEMENT STATE-OF-THE-ART KEY MANAGEMENT FOR ROBUST NETWORK SECURITY

SENETAS CN8000 MULTI-LINK 10x10 GBPS ENCRYPTOR FREQUENTLY ASKED QUESTIONS

Innovative Security Solutions For Protecting Data in Motion

PassTorrent. Pass your actual test with our latest and valid practice torrent at once

HIGH-ASSURANCE ENCRYPTION SOLUTIONS SECURING FINANCIAL SERVICES DATA IN TRANSIT SOLUTION PAPER

OPTera Metro 8000 Services Switch

Technical Document. What You Need to Know About Ethernet Audio

Cisco Group Encrypted Transport VPN

Encryption in high-speed optical networks

Evaluating networking technologies

Datacryptor Key Features. Page 1 of 5. Document Number 40676

Cisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide

VXLAN Overview: Cisco Nexus 9000 Series Switches

INTRODUCTORY Q&A AMX SVSI NETWORKED AV

QUALITY OF SERVICE AND THE EFFECTS OF DATA ENCRYPTION ON VSAT NETWORKS (GOVERNMENT NETWORKS)

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Midrange Routing Solutions

Military Messaging. Over Low. Bandwidth. Connections

Alcatel-Lucent 1850 TSS Product Family. Seamlessly migrate from SDH/SONET to packet

Multi-Dimensional Service Aware Management for End-to-End Carrier Ethernet Services By Peter Chahal

Choosing the Right. Ethernet Solution. How to Make the Best Choice for Your Business

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

MX MIDRANGE ROUTING SOLUTIONS Sales Guide

Virtualizing The Network For Fun and Profit. Building a Next-Generation Network Infrastructure using EVPN/VXLAN

Mobile IoT: The Ideal Fit for Smart Cities

ENTERPRISE CONNECTIVITY

SD-WAN Deployment Guide (CVD)

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

Nuclias by D-Link is a complete cloud-managed networking solution for small to medium-sized organisations with one or more sites.

Data Center Interconnect Solution Overview

Multipoint Bridged Ethernet Using MPLS Virtual Private LAN Services

Secure Connectivity for Multi-Site Organisations

REDUCING THE COST OF METRO FIBRE ACCESS A SOLUTION GUIDE FOR SERVICE PROVIDERS

- Hubs vs. Switches vs. Routers -

Wireless Network Policy and Procedures Version 1.5 Dated November 27, 2002

Hands-On VPLS: Virtual Private LAN Service

Datacryptor AP Layer 3 IP Encryptor

MPLS VPN: Business Ready Networks. The cost-effective, scalable and robust network solution

IT & Healthcare. Services. Systems

Seven Criteria for a Sound Investment in WAN Optimization

Setting the standard in class-leading aggregation and service richness An Alcatel-Lucent Bell Labs 7750 SR-a total cost of ownership modeling study

VPN Cloud. Mako s SD-WAN Technology

Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC)

Hands-On IP Multicasting for Multimedia Distribution Networks

Configure Multicast on Cisco Mobility Express AP's

Datasheet. Millimeter-Wave Radio (MMW) Security of MMW. Overview

MASERGY S MANAGED SD-WAN

Local Area Networks (LANs): Packets, Frames and Technologies Gail Hopkins. Part 3: Packet Switching and. Network Technologies.

Virtual Private Networks Advanced Technologies

Data Center Applications and MRV Solutions

IBM Europe Announcement ZP , dated November 6, 2007

VIRTUAL CLUSTER SWITCHING SWITCHES AS A CLOUD FOR THE VIRTUAL DATA CENTER. Emil Kacperek Systems Engineer Brocade Communication Systems.

CCIE Routing & Switching

Virtual Private Networks Advanced Technologies

Executive Summary...1 Chapter 1: Introduction...1

LANCOM Techpaper Routing Performance

Scalability Considerations

From Zero Touch Provisioning to Secure Business Intent

Carrier Ethernet Services Delivery

Central Office Testing of Network Services


MyCloud Computing Business computing in the cloud, ready to go in minutes

LOCAL AREA NETWORKS Q&A Topic 4: VLAN

6WINDGate. White Paper. Packet Processing Software for Wireless Infrastructure

Introduction to iscsi

MetroWAVE CWDM REFERENCE GUIDE

Service Managed Gateway TM. How to Configure and Debug Generic Routing Encapsulation (GRE)

NCIT*net 2 General Information

WhitePaper: XipLink Real-Time Optimizations

Implementation of Multicast Routing on IPv4 and IPv6 Networks

Unity EdgeConnect SP SD-WAN Solution

Cisco Service Advertisement Framework Deployment Guide

Cisco RV180 VPN Router

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

Enterprise Case Study

Carrier Ethernet Evolution

Nokia Passive Optical LAN solution

USING ISCSI AND VERITAS BACKUP EXEC 9.0 FOR WINDOWS SERVERS BENEFITS AND TEST CONFIGURATION

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ

RBRIDGES LAYER 2 FORWARDING BASED ON LINK STATE ROUTING

MetroEthernet Options

A Plexos International Network Operating Technology May 2006

MPLS in the DCN. Introduction CHAPTER

Implementing VXLAN. Prerequisites for implementing VXLANs. Information about Implementing VXLAN

HP S1500 SSL Appliance. Product overview. Key features. Data sheet

Cisco ONS Port 10/100 Ethernet Module

Transcription:

INTERNATIONAL LAW ENFORCEMENT CCTV NETWORK SERVICES CASE STUDY Application of High-Assurance Network Encryption Sector: Use Case: Solution: Goverment CCTV security HD video transmission in real time Layer 2 network architecture

A Major CCTV network and surveilance services provider chose Senetas certified high-assurance encryptors to protect European law enforcement CCTV network transmitted data. Senetas CN Series encryptors enable certified data security and integrity without compromising CCTV network s performance. OUR CUSTOMER AND ITS NEEDS Our customer is a specialist in delivering intelligent and secure surveillance information in challenging environments; they work with governments and multinational corporations on the most complex and critical surveillance challenges within the defence, law enforcement and critical infrastructure sectors. Working with a law enforcement organisation in Northern Europe the challenge was to design a secure video distribution infrastructure that would allow sensitive CCTV streams to be securely distributed across the whole country. CCTV technology is commonly used to help protect high-profile locations such as borders, airports, public buildings, military bases, oil and gas facilities, public gathering areas and streets, ports and public transportation systems. Demand for live video is being driven by many sectors and has led to a proliferation of network video traffic much of which is sensitive and must be securely and efficiently transmitted across communication infrastructures. Specifically, CCTV data requires protection against privacy breaches and input of rogue data and any unauthorised access that may adversely affect the CCTV data s integrity. These are particularly important issues to law enforcement. Importantly, efficient video distribution, which typically involves very large volumes of data) uses multicast transmission protocols to ensure that data is only sent to devices that have requested it. CCTV Network Services Case Study

Secure Cloud service Figure 1 CCTV Network A first solution was considered based on a regular Layer 3 routed data network with all traffic to be encrypted using the common IPSec security protocol. IPSec is an industry standard for securing data across Layer 3 routed data network environments it is optimised for use on best-effort networks such as the Internet. However, the IPSec protocol has several limitations, especially when high-performance delivery of the CCTV feeds is required maximum speed, low latency and minimum network overhead. There are also technical issues of complexity that arise when encrypting at Layer 3. Layer 3 IPSec encryption solutions typically require customers to increase the network bandwidth at considerable cost to help overcome (in part) some of these limitations. IPSec introduces a high additional per frame overhead that may generate significant additional network bandwidth and latency when compared to the unencrypted traffic. CCTV Network Services Case Study

Secure Cloud service Figure 2 IPSec encryption overhead Also, securing multicast encryption at Layer 3 is problematic because the underlying network requires additional routing protocols to support multicast traffic such as the Protocol-Independent Multicast (PIM) routing family. These protocols provide an additional level of complexity when required to interoperate with IPSec encryption. In practice the issue is that much of multicast IP (Internet Protocol) traffic is therefore encapsulated using GRE (Generic Routing Encapsulation) tunnels to allow the simpler encryption of unicast traffic, albeit with far higher overheads. Consequently, when encrypting at Layer 3, the underlying data network and equipment typically need to be of a higher specification and cost; and data delivery is very inefficient for larger scale multicast deployments. SENETAS HIGH-ASSURANCE PRODUCT SOLUTION With the limitations and disadvantages of transmitting encrypted multi-location CCTV data across Layer 3 network links clearly identified, an alternative network architecture was considered. The alternative network architecture proposed and ultimately preferred) was based on a pure Layer 2 WAN service with high-speed encryption at the Ethernet layer. The Senetas CN high-speed encryptors would not add overheads to the network data; offered near-zero latency and have no impact on other network assets. Importantly at Layer 2, the Senetas encryptors provide far simpler set and forget implementation and ongoing management making the solution mush more efficient technically and financially. The Senetas encryption solution is optimised for network services such as Metro Ethernet E-LAN, E-LINE or E-TREE, layer 2 MPLS (VPLS) or across simple point-to-point dark fibre and WDM (Wavelength Division Multiplexor) connections. Because Layer 2 encryption occurs at the data link layer on Ethernet networks, the Ethernet payload is encrypted but the Ethernet header (including MAC addresses and VLAN identifiers) is unmodified allowing transmission across service provider networks. The Ethernet payload fully encapsulates the IP header and IP payloads which are also encrypted providing the additional security benefit of hiding all IP addresses in the transmitted data. By taking advantage of the underlying Layer 2 network characteristics, encryption at Layer 2 may deliver 100% encrypted throughput even at speeds up to 10Gbps with little or no additional per frame overhead. And because encryption occurs at the data link layer, no special configuration or protocols are required to encrypt multicast or broadcast traffic. CCTV Network Services Case Study

Figure 3 Ethernet encryption overhead To ensure efficient multicast data transmission across a Layer 2 network, protocols such as IGMP or MLD are often deployed between hosts and routers. Network switches may also perform IGMP monitoring to listen in on the IGMP conversation allowing them to maintain a map of links that need IP multicast streams. This mechanism maintains data network efficiency by only delivering frames where they are needed. By allowing IGMP/MLD traffic to be bypassed (when required) a Layer 2 encryptor allows the network to continue operating with maximum efficiency without requiring any underlying changes to its operation. Ultimately, for these reasons of encryption and data network performance and efficiencies, the CCTV services provider and its customer chose to implement Senetas high-performance Ethernet encryptors. The Senetas CN encryptors protect data transmitted from approximately one hundred end points throughout northern Europe from where video traffic is distributed. By reducing the data latency and network overheads and minimising technical complexities, the Senetas CN encryptors maximise the available bandwidth for the customer s use. The customer is able to significantly reduce its bandwidth and network management requirements and ultimately its costs. THE OUTCOME AND CUSTOMER BENEFITS Senetas CN series Ethernet encryptors provide certified information security; full line rate encryption for all data transmitted across point-point, hub and spoke and fully meshed data network environments. Network performance is maximised for delivery of multicast as well as unicast traffic. Simple, automatic zero-touch key management ensures that encryption scales efficiently to the largest deployments. Figure 4 CN6040 Ethernet encryptor CCTV Network Services Case Study

The continuous and consistent near-zero latency performance is enabled by Senetas s unique technology purpose built hardware encryption engines which perform cut-through processing of network traffic at wire speed. Their tamper resistant chassis provides protection to all encryption keys and user credentials at government certified levels. Senetas CN encryptors hold all three leading international, independent testing authority certifications FIPS, Common Criteria and CAPS.

Figure 6 CM7 Management tool To assist the ease of implementation and encryptor management, Senetas CM7 remote management software is provided to all customers. Large numbers of encryptors are easily and securely managed using Senetas CM7. Using SNMPv3 this tool provides simple, secure remote management either out-ofband or in-band using the encrypted Ethernet port. Other important benefits to our customer include: >> FLEXIBILITY AND INTEROPERABILITY Senetas s unique Field Programmable Gate Array technology which enables customisation flexibility. All CN encryptors are interoperable providing an efficient longterm investment. >> ZERO IMPACT Senetas CN encryptors have no impact on other network assets and do not require any network changes during implementation. >> OUTSTANDING RELIABILITY Senetas encryptors provide 99.999% uptime in the most demanding 24/7 availability environments. Their defence-grade design and manufacture ensure peace of mind. >> FIELD UPGRADABILITY among the various CN encryptors, many have field replaceable and upgradeable components. SCALABILITY - unlike other encryption solutions, Senetas CN series encryptors are scalable to as many as 300 connections

SENETAS CORPORATION LIMITED E info@senetas.com www.senetas.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback