Creating Distributed Key Policies

Figure 69 Data payload encryption

Encryption and Authentication Algorithms

For Layer 3 IP policies, you can specify the encryption and authentication algorithms that you want to use. The encryption algorithms include the Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES).

AES is a symmetric block cipher capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits. Triple DES, or 3DES, is a more secure variant of DES. 3DES uses a key length of 168 bits. The Data Encryption Standard (DES) is a symmetric block cipher with a block size of 64 bits and a key length of 56 bits.

The authentication algorithms available include Secure Hash Algorithm 1 (HMAC-SHA-1) and Message Digest #5 (HMAC-MD5). Both are hash algorithms. HMAC-SHA-1 is more secure than HMAC-MD5.

Layer 2 Ethernet encryption policies utilize AES with 256-bit keys to encrypt and decrypt the data and HMAC-SHA-1 to provide data origin authentication and data integrity.

Layer 4 IP encryption policies use AES-256 for encryption and HMAC-SHA-1 for authentication. The ETEP PEPs do not support 3DES or HMAC-MD5 at Layer 4.

ARIA Encryption

In addition to the standard encryption algorithms listed above, the ARIA encryption algorithm is available on ETEP PEPs. ARIA provides 256-bit encryption, and is implemented in software.

Note the following usage guidelines and constraints:

ARIA-256 is available for use in Layer 3 and Layer 4 policies. Layer 2 Ethernet encryption policies do not support ARIA.

ARIA-256 is incompatible with the ETEP’s FIPS mode of operation. Disable FIPS mode on the ETEP prior to using ARIA in encryption policies.

ARIA-256 is available only when using the local ETKMS software External ETKMSs do not support policies that use ARIA encryption.

To use ARIA in an encryption policy, do the following:

1Quit EncrypTight if it is running (File > Exit).

2Edit the EncrypTight config.ini file. The file is located in the <installDir>\configuration directory, where <installDir> is the directory in which EncrypTight is installed.

a Using a text editor such as Notepad, open the config.ini file.

bChange the AriaSupport setting from false to true. The modified line should look like this:

AriaSupport=true

cSave the file, and then close the text editor.

3Restart EncrypTight.

4In ETPM, select ARIA as the encryption algorithm in the policy editor. This algorithm is available in any Layer 3 or Layer 4 policy type: mesh, point-to-point, multicast, or hub and spoke. After defining the encryption policy, deploy the policy to the ETEPs.

184

EncrypTight User Guide

Page 183
Image 183
Black Box ET0100A, ET1000A, ET0010A, EncrypTight manual Encryption and Authentication Algorithms, Aria Encryption

EncrypTight, ET0100A, ET0010A, ET1000A specifications

The Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are advanced solutions designed for secure data transmission and network management, catering to modern enterprise needs. These tools integrate cutting-edge technologies to enhance connectivity, security, and efficiency within various environments.

The Black Box ET1000A is primarily a high-performance Ethernet over Twisted Pair (EoTP) solution. It enables users to extend Ethernet signals over long distances using existing twisted-pair cabling without sacrificing speed or reliability. With support for speeds up to 100 Mbps, this device is ideal for organizations looking to upgrade their existing infrastructure without extensive rewiring. Key features include plug-and-play installation, which simplifies deployment, and versatile compatibility with both legacy and modern ethernet networks.

The ET0010A model takes connectivity a step further by providing seamless integration with fiber optics. This device supports transmission distances that far exceed traditional copper solutions, making it a perfect fit for larger facilities or multi-building campuses. Its built-in Ethernet switch enhances network efficiency by providing multiple ports for device connectivity, thus facilitating greater data flow.

EncrypTight technology is a notable feature across these Black Box models, offering advanced encryption capabilities to safeguard sensitive data during transmission. With military-grade encryption protocols, EncrypTight ensures that corporate information remains secure from potential eavesdroppers. This technology is essential for businesses operating in regulated industries or that handle confidential customer information.

The ET0100A model combines intelligence with monitoring features to provide users with comprehensive network insights. It boasts built-in diagnostic tools that enable IT professionals to troubleshoot issues quickly and efficiently. Additionally, it features real-time performance monitoring, allowing users to analyze bandwidth usage and optimize network performance accordingly.

In conclusion, the Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are powerful tools that embody the latest in data transmission and network management technologies. With their unique features—including extended connectivity capabilities, robust encryption technologies, and real-time monitoring solutions—these devices cater to the growing demands of businesses seeking to enhance their network infrastructure while ensuring robust security and efficiency. Integrating these tools into any organization’s operations can fundamentally improve both performance and data protection, making them indispensable in today’s digital landscape.