SlideShare a Scribd company logo

Making networks secure with multi-layer encryption

ADVA
ADVA

Stephan Lehmann's NetNordic session discussed the most effective encryption methods for safeguarding external network connections against unauthorized access. He debated how the latest technology for encryption at multiple layers can provide a comprehensive state-of-the-art security infrastructure for all connectivity applications, and explored how new solutions are ensuring that data is encrypted without impacting network performance.

1 of 12
Making networks secure with multi-layer encryption
22 September 2022
Stephan Lehmann
© 2022 ADVA. All rights reserved.
2
Network security provides secure foundation
Critical infrastructures require reliable networks
Confidentiality – Integrity – Availability
Required
Actual
Time
Security Level
© 2022 ADVA. All rights reserved.
3
Cryptography is crucial for network security
Encryption and authentication support different layers
Application
TLS/SSL (App)
SSH (Admin)
VPN IPsec (L3)
Transport
MACsec (L2)
OTNsec (L1)
Network
security
Firewalling
Segmentation
Encryption
Authentication
Intrusion Detection
>100 Gbit/s
1-100 Gbit/s
0,1-1 Gbit/s
<100 Mbit/s
<100 Mbit/s
© 2022 ADVA. All rights reserved.
4
Traditional VPN not sufficient for modern networks
Evolution of encryption requirements
VPN (IPsec)
Client-site (RAS)
Move to cloud
Mobile first
Site-site
Growing bandwidths
Network requirements
(QKD, Multi-tenancy)
TLS/SSL
PerApp VPN
MACsec
OTNsec
ZeroTrust
StrongAuth
© 2022 ADVA. All rights reserved.
5
Secure Out-Of-Band
Management
• Protection of management traffic
running over 3rd party networks
Client Separation
(„multi-tenancy“)
• Client-specific keys and management
• Cryptographic separation per interface
or per VLAN
Quantum-safe keys
• See:
„Quantum threat: How to protect your
optical network” tomorrow
Sidetrack: security for managed networks
Extended requirements especially for service provider
© 2022 ADVA. All rights reserved.
6
Multi-layer encryption covering every use case
Several encryption tunnel on different layers
OTNsec (L1)
MACsec (L2)
IPsec (L3)
TLS/SSL (L4++)
Mobile
Small office
Home office
Sub
Sub
HQ
Production
Cloud

Recommended

Introducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeIntroducing Coherent 100ZR for the optical edge
Introducing Coherent 100ZR for the optical edgeADVA
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)Soham Kansodaria
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorADVA
 
Dynamic Source Routing Sink hole attack
Dynamic Source Routing Sink hole attackDynamic Source Routing Sink hole attack
Dynamic Source Routing Sink hole attackDr Praveen Jain
 
Symmetric ciphers questions and answers
Symmetric ciphers questions and answersSymmetric ciphers questions and answers
Symmetric ciphers questions and answersprdpgpt
 
wireless network IEEE 802.11
 wireless network IEEE 802.11 wireless network IEEE 802.11
wireless network IEEE 802.11Shreejan Acharya
 
Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Sabreen Irfana
 

More Related Content

What's hot

Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
A* Path Finding
A* Path FindingA* Path Finding
A* Path Findingdnatapov
 
Technical overview of new cisco catalyst multigigabit switches
Technical overview of new cisco catalyst multigigabit switchesTechnical overview of new cisco catalyst multigigabit switches
Technical overview of new cisco catalyst multigigabit switchesCisco Mobility
 
Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameJaime Sánchez
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private NetworkPeter R. Egli
 
Dss digital signature standard and dsa algorithm
Dss  digital signature standard and dsa algorithmDss  digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithmAbhishek Kesharwani
 
The Halo Network
The Halo NetworkThe Halo Network
The Halo Networksree1000
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design PrinciplesSHUBHA CHATURVEDI
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
IT pagrindai. Sąvokos.Ir kita.
IT pagrindai. Sąvokos.Ir kita.IT pagrindai. Sąvokos.Ir kita.
IT pagrindai. Sąvokos.Ir kita.Lina
 
Introduction to FPGA acceleration
Introduction to FPGA accelerationIntroduction to FPGA acceleration
Introduction to FPGA accelerationMarco77328
 

What's hot (20)

Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
Sdn ppt
Sdn pptSdn ppt
Sdn ppt
 
Mobile Communication
Mobile CommunicationMobile Communication
Mobile Communication
 
A* Path Finding
A* Path FindingA* Path Finding
A* Path Finding
 
Technical overview of new cisco catalyst multigigabit switches
Technical overview of new cisco catalyst multigigabit switchesTechnical overview of new cisco catalyst multigigabit switches
Technical overview of new cisco catalyst multigigabit switches
 
Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse game
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
 
Dss digital signature standard and dsa algorithm
Dss  digital signature standard and dsa algorithmDss  digital signature standard and dsa algorithm
Dss digital signature standard and dsa algorithm
 
The Halo Network
The Halo NetworkThe Halo Network
The Halo Network
 
Cryptography
CryptographyCryptography
Cryptography
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design Principles
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
IT pagrindai. Sąvokos.Ir kita.
IT pagrindai. Sąvokos.Ir kita.IT pagrindai. Sąvokos.Ir kita.
IT pagrindai. Sąvokos.Ir kita.
 
Pure aloha
Pure alohaPure aloha
Pure aloha
 
09 spread spectrum
09 spread spectrum09 spread spectrum
09 spread spectrum
 
Introduction to FPGA acceleration
Introduction to FPGA accelerationIntroduction to FPGA acceleration
Introduction to FPGA acceleration
 
SHA 1 Algorithm
SHA 1 AlgorithmSHA 1 Algorithm
SHA 1 Algorithm
 

Similar to Making networks secure with multi-layer encryption

Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud ADVA
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of SystemsJamal Jamali
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsLinaro
 
Bloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20eyad alaa
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_diveNur Shiqim Chok
 
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génératione-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere générationSylvain Maret
 
Deliver the ultimate network edge protection with the ADVA FSP 150-XG118Pro (...
Deliver the ultimate network edge protection with the ADVA FSP 150-XG118Pro (...Deliver the ultimate network edge protection with the ADVA FSP 150-XG118Pro (...
Deliver the ultimate network edge protection with the ADVA FSP 150-XG118Pro (...ADVA
 
Fortinet FortiGate 100D
Fortinet FortiGate 100DFortinet FortiGate 100D
Fortinet FortiGate 100DHoai Duyen
 
Endüstriyel Router Çözümleri
Endüstriyel Router ÇözümleriEndüstriyel Router Çözümleri
Endüstriyel Router ÇözümleriElmarkPlusTurkiye
 
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Cohesive Networks
 
Bloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server SpecificationsBloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server SpecificationsBloombase
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityCCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityVuz Dở Hơi
 
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...Paul Stevens
 
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric VanderburgNetworking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric VanderburgEric Vanderburg
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 

Similar to Making networks secure with multi-layer encryption (20)

Accessing remote networks
Accessing remote networksAccessing remote networks
Accessing remote networks
 
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of Systems
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
 
Bloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server Brochure
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
 
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génératione-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
 
Deliver the ultimate network edge protection with the ADVA FSP 150-XG118Pro (...
Deliver the ultimate network edge protection with the ADVA FSP 150-XG118Pro (...Deliver the ultimate network edge protection with the ADVA FSP 150-XG118Pro (...
Deliver the ultimate network edge protection with the ADVA FSP 150-XG118Pro (...
 
Fortinet FortiGate 100D
Fortinet FortiGate 100DFortinet FortiGate 100D
Fortinet FortiGate 100D
 
Endüstriyel Router Çözümleri
Endüstriyel Router ÇözümleriEndüstriyel Router Çözümleri
Endüstriyel Router Çözümleri
 
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
Microsoft Infopedia webinar "Secure Your Azure Cloud Deployments with VNS3 Ov...
 
Bloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server SpecificationsBloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server Specifications
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityCCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
 
Airheads vail 2011 pci 2.0 compliance
Airheads vail 2011   pci 2.0 complianceAirheads vail 2011   pci 2.0 compliance
Airheads vail 2011 pci 2.0 compliance
 
Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...Virtual security gateways at network edge are key to protecting ultra broadba...
Virtual security gateways at network edge are key to protecting ultra broadba...
 
ID Quantic encryption
ID Quantic encryptionID Quantic encryption
ID Quantic encryption
 
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric VanderburgNetworking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 

More from ADVA

Industrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockIndustrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockADVA
 
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...ADVA
 
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350  SePRC™ optical cesium clockIndustry's longest holdover with the OSA 3350  SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockADVA
 
Addressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureAddressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureADVA
 
Precise and assured timing for enterprise networks
Precise and assured timing for enterprise networksPrecise and assured timing for enterprise networks
Precise and assured timing for enterprise networksADVA
 
Introducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandIntroducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandADVA
 
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ADVA
 
Sync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareSync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareADVA
 
Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingADVA
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkADVA
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...ADVA
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)ADVA
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networksADVA
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceADVA
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™ADVA
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environmentsADVA
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networksADVA
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum servicesADVA
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edgeADVA
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!ADVA
 

More from ADVA (20)

Industrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockIndustrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clock
 
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
 
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350  SePRC™ optical cesium clockIndustry's longest holdover with the OSA 3350  SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
 
Addressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureAddressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructure
 
Precise and assured timing for enterprise networks
Precise and assured timing for enterprise networksPrecise and assured timing for enterprise networks
Precise and assured timing for enterprise networks
 
Introducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandIntroducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demand
 
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
 
Sync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareSync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with software
 
Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networking
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical network
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networks
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation device
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environments
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networks
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum services
 
The coherent optical edge
The coherent optical edgeThe coherent optical edge
The coherent optical edge
 
Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!Get your timing right for 5G OpenRAN!
Get your timing right for 5G OpenRAN!
 

Recently uploaded

Artificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeArtificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeJosh Gellers
 
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...htrindia
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Product School
 
How AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxHow AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxInfosec
 
"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor FesenkoFwdays
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfinfogdgmi
 
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)François
 
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...DianaGray10
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxNeo4j
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaISPMAIndia
 
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Product School
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...Fwdays
 
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro KozhevinFwdays
 
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptxGraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptxNeo4j
 
LF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIELF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIEDanBrown980551
 
The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolProduct School
 
My Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceMy Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceVijayananda Mohire
 
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...Product School
 
Utilising Energy Modelling for LCSF and PSDS Funding Applications
Utilising Energy Modelling for LCSF and PSDS Funding ApplicationsUtilising Energy Modelling for LCSF and PSDS Funding Applications
Utilising Energy Modelling for LCSF and PSDS Funding ApplicationsIES VE
 

Recently uploaded (20)

Artificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeArtificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human Justice
 
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
 
How AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxHow AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptx
 
In sharing we trust. Taking advantage of a diverse consortium to build a tran...
In sharing we trust. Taking advantage of a diverse consortium to build a tran...In sharing we trust. Taking advantage of a diverse consortium to build a tran...
In sharing we trust. Taking advantage of a diverse consortium to build a tran...
 
"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdf
 
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
 
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
 
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
 
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
 
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptxGraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
 
LF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIELF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIE
 
The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product School
 
My Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceMy Journey towards Artificial Intelligence
My Journey towards Artificial Intelligence
 
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
 
Utilising Energy Modelling for LCSF and PSDS Funding Applications
Utilising Energy Modelling for LCSF and PSDS Funding ApplicationsUtilising Energy Modelling for LCSF and PSDS Funding Applications
Utilising Energy Modelling for LCSF and PSDS Funding Applications
 

Making networks secure with multi-layer encryption

  • 1. Making networks secure with multi-layer encryption 22 September 2022 Stephan Lehmann
  • 2. © 2022 ADVA. All rights reserved. 2 Network security provides secure foundation Critical infrastructures require reliable networks Confidentiality – Integrity – Availability Required Actual Time Security Level
  • 3. © 2022 ADVA. All rights reserved. 3 Cryptography is crucial for network security Encryption and authentication support different layers Application TLS/SSL (App) SSH (Admin) VPN IPsec (L3) Transport MACsec (L2) OTNsec (L1) Network security Firewalling Segmentation Encryption Authentication Intrusion Detection >100 Gbit/s 1-100 Gbit/s 0,1-1 Gbit/s <100 Mbit/s <100 Mbit/s
  • 4. © 2022 ADVA. All rights reserved. 4 Traditional VPN not sufficient for modern networks Evolution of encryption requirements VPN (IPsec) Client-site (RAS) Move to cloud Mobile first Site-site Growing bandwidths Network requirements (QKD, Multi-tenancy) TLS/SSL PerApp VPN MACsec OTNsec ZeroTrust StrongAuth
  • 5. © 2022 ADVA. All rights reserved. 5 Secure Out-Of-Band Management • Protection of management traffic running over 3rd party networks Client Separation („multi-tenancy“) • Client-specific keys and management • Cryptographic separation per interface or per VLAN Quantum-safe keys • See: „Quantum threat: How to protect your optical network” tomorrow Sidetrack: security for managed networks Extended requirements especially for service provider
  • 6. © 2022 ADVA. All rights reserved. 6 Multi-layer encryption covering every use case Several encryption tunnel on different layers OTNsec (L1) MACsec (L2) IPsec (L3) TLS/SSL (L4++) Mobile Small office Home office Sub Sub HQ Production Cloud
  • 7. © 2022 ADVA. All rights reserved. 7 How do we evaluate encryption quality? Characteristics of encryption solutions Strong encryption Weak encryption No encryption
  • 8. © 2022 ADVA. All rights reserved. 8 What do you need for a strong encryption solution? Powerful encryption in hardware with open, reviewed and proven algorithms Secret session keys with high entropy and periodic re-keying Countermeasures against potential quantum computer attacks Detection of physical and logical manipulation attempts Review of architecture and implementation by independent security bodies Platform / algorithm Unpredictable keys Quantum-safe Tamper-proof Security certifications
  • 9. © 2022 ADVA. All rights reserved. 9 What does ADVA provide for encryption? FPGA with Advanced Encryption Standard (AES) and 256 bits encryption keys Multiple true random number generators (TRNG) with ephemeral keys allowing perfect forward secrecy (PFS) Quantum key distribution (QKD) and post-quantum cryptography (PQC) Physical tamper protection, secure boot and secure software download, on-board smart cards and eFuses Certified by NIST and German BSI Hardware true random number generator Classical and PQC key exchange Suitable for L1, L2, Lx encryption Self protecting, tamper detection Crypto agility and full flexibility Platform / algorithm Unpredictable keys Quantum-safe Tamper-proof Security certifications
  • 10. © 2022 ADVA. All rights reserved. 10 Secure foundation by encryption and authentication Network interface device* with MACsec hardware encryption and VNF Compute Node (VNF) Trusted Side Untrusted Side Segment A Segment B Segment C Network security (firewall, IDS, IP VPN, etc.) Network segmentation (physical and virtual) Port 1 Port 2 Port 3 Port 4 Port 5 Port 6 Port 7 Port 8 Port 9+10 *FSP 150-XG118Pro (CSH)
  • 11. © 2022 ADVA. All rights reserved. 11 POP POP POP Location 2 Location N Location 1 Certified multi-layer encryption for SD-WAN The big picture Ethernet 1-100 Gbit/s Optical (DWDM) 100-400 Gbit/s FSP 150 (MACsec aggregation) ENC FSP 150 (MACsec, VNF) FSP 150 (MACsec, VNF) FSP 150 (MACsec, VNF) FSP 150 (MACsec aggregation) FSP 3000 FSP 3000 FSP 3000 ENC …
  • 12. © 2022 ADVA. All rights reserved. 12 Stephan Lehmann Senior product line manager +49 151 44 01 40 42 slehmann@adva.com linkedin.com/in/stelehmann/ Encryption and authentication on multiple layers for a secure foundation for modern and software-defined networks Security-certified and carrier- grade solutions to secure optical transport (Layer 1) and metro networks (Layer 2) Further listening: „Quantum threat: How to protect your optical network” by Vincent Sleiffer on Friday Further reading: Making networks secure with multi-layer encryption Takeaways