It is the one aspect many companies tend to neglect in their security architecture: encryption. And, in most wide area networks carrying data and voice – the lifelines of global communications – it isn’t used at all. Not so at Rohde & Schwarz (R&S), an electronics group that has over 10,000 employees at locations in 70 different countries, where cyber spies’ best attempts are thwarted by extra encryption of all communications.
Author: Roger Homrich Photos: Shutterstock.com, Marcus Jacobs, PR
Protection against cybercrime: encrypted wide area networks
Data communications in global corporate networks rarely come close to the level of protection afforded by data centers, which resemble high-security vaults. If IT service providers nonetheless want to make it difficult for cyber crooks to steal sales quotations, financial figures or development and customer information, they will have to meet exceptionally strict security requirements.
“In 2014, we decided to go with EthernetConnect, a T-Systems product that combines previously separated LANs into one logical network. It lets us meet our high bandwidth requirements and use our own encryption technology at the same time,” said Andreas Rau, who is in charge of WAN infrastructure at Rohde & Schwarz. “The solution is a perfect extension of our IP-based WAN infrastructure.”
T-Systems now operates a Telekom Designed Network (TDN) for the company, connecting twelve German locations through an IP network. Production and development sites in Memmingen, Teisnach, Berlin and Stuttgart in Germany and a production plant in Vimperk in the Czech Republic are linked to the Munich headquarters by redundant gigabit EthernetConnect lines.
High-performance proprietary encryption
Maximum security isn’t optional for a company that’s one of Germany’s innovation leaders and a significant government contractor. That’s why Rohde & Schwarz encrypts all of the data it sends across the Wide Area Ethernet. Not only that, but the company also uses Rohde & Schwarz Cybersecurity’s SITLine ETH. This high-security encryptor is approved by the German Office for Information Security (BSI) for communications classified VS-NfD (RESTRICTED) and NATO RESTRICTED. The BSI audit covers the entire system with all implementation details including software, hardware, crypto management and algorithms in use. Every change requires a re-evaluation.
By pairing its encryption technology with T-Systems’ EthernetConnect network infrastructure, R&S has developed an all-in-one solution that combines the best of two worlds. The encryptor additionally protects the highly available, fully redundant T-Systems network from curious eavesdroppers. Hardware-based Ethernet encryption provides high bandwidths with low latencies. Low transmission rates caused by IP-based encryption are a thing of the past.
Encryption throughput of up to 40 Gbps
Rohde & Schwarz Cybersecurity’s current solution enables an encryption throughput of up to 40 Gbps per device. Since it virtually eliminates overhead, it makes Ethernet an attractive option in combination with cryptography. That fact, combined with its simple administration, separate network and security management, compact design and low system costs, makes it a viable choice for encrypted Ethernet communications in WANs. Data is secured by AES 256 bit encryption. The solution works without a central key server, making it highly available and effectively protected against attacks.