The Certes Net Enforcer Variable Speed Encryptors (VSEs) are bandwidth customizable multi-layer encryption appliances that provide tunnel-less data protection, including Ethernet frame encryption for Layer 2 networks, IP packet encryption for Layer 3 networks, and Layer 4 data payload encryption for IP and MPLS networks. The VSEs offer full-duplex encryption at 15 standardized rates ranging from 3Mbps to 10Gbps using the AES-256 algorithm. The VSEs enable organizations to standardize on a single platform capable of encrypting at various throughputs, based on software licenses. This allows organizations to continue to use the same encryption hardware as their bandwidth needs increase, providing both flexibility and investment protection. The VSEs integrate easily into any existing network, operating transparently to the network infrastructure. They ensure data transmissions are encrypted,
without compromising performance.
Scalable and Secure Group Encryption – The VSEs use scalable group encryption to provide encrypted and authenticated low-latency any-to-any connectivity. CryptoFlow Net Creator, Certes Networks’ web-based management platform, manages the VSEs to securely generate and distribute group keys to authorized endpoints. By avoiding the use of IPsec tunnels, group encryption greatly reduces deployment complexity and provides fully meshed encryption that is easy to manage. The solution is also compatible with load balancing, highly available network designs, QoS and network monitoring tools.
Ethernet Frame Encryption – The VSEs are compatible with all Layer 2 unicast, multicast, point-to-point, and multi-point-to-multipoint topologies. They also authenticate all Ethernet frames, preventing man in the middle attacks. Encryption polices can be based on VLAN ID’s Ethertype (L2 option) for crypto-graphic segmentation of data or can be set to encrypt all Ethernet frames. Persistent authentication of frames ensures that the data received at the remote end of a connection originated from a trusted source. While encryption directly protects data, without authentication, data streams remain vulnerable to modification from man in the middle attacks. Unlike many encryption solutions, the VSE’s provide continuous authentication to ensure that both the data and the communication streams are uncompromised. Without both, the network and data are less than secure.
IP Packet Encryption – Using the IP Security (IPsec) protocol, the VSEs provide full data encryption for Layer 3 IP networks. The VSE family utilizes the Certes Networks Encapsulating Security Payload protocol (CN-ESP) to encrypt the IP packet, while preserving the original IP header. This unique functionality maintains network transparency while
providing maximum data protection. By preserving the original header and encrypting only the payload, the VSEs can protect data over any IP infrastructure including multi-carrier, load-
balanced, and high availability networks.
Payload Only Encryption – In addition to standard IPsec encryption, (which encrypts the Layer 4 header), the VSEs offer a Layer 4 compatible “payload only” encryption option. This unique, patent-pending capability allows network services, such as Net flow/Jflow, and Class of Service (CoS) based traffic shaping, to be maintained through the service provider network while the payload itself is encrypted.
Central Policy Management – The VSEs can be configured and centrally managed via the CryptoFlow Net Creator software. CryptoFlow Net Creator allows both security and network administrators to quickly and easily manage network security from a centralized interface with simple, yet powerful, drag-and-drop policy creation capability. Encryption policies can be based on source or destination IP addresses, source or destination port numbers, protocol
IDs, or VLAN tags. Policies can be quickly and easily modified in seconds on even the largest networks, without traffic disruptions or interaction with remote personnel. CryptoFlow Net Creator also provides logging and audit capabilities.
About USAccess, LLC
USAccess, LLC has been in business since 1997 as a Telecom Consultancy representing 40 Carriers serving domestic and International markets. We are also a Value Added Reseller of Network Security Products and Services providing data protection for corporate digital assets and cloud applications.
Call us today for pricing on Certes Networks - Security Networks Solutions. Your data assets are valuable, so don’t settle for less if you can have the best!