Policy Concepts

Key Generation and ETKMSs

With multicast IP policies and Layer 2 Ethernet policies, you choose a single ETKMS to generate and distribute the keys. With point-to-point, hub and spoke, and mesh IP policies there are two options for specifying which ETKMSs generate and distribute keys.

By Network Set - The default ETKMS within each network set generates and distributes the keys to the PEPs included in those network sets.

Global ETKMS - A single ETKMS, referred to as a global ETKMS, generates the keys and sends them to the default ETKMSs in each network set for distribution to all of PEPs included in the policy.

Addressing Mode

When you create network sets in the network sets editor, you specify the IP address the PEPs will use in the outer header of the encrypted packets. The options include the original IP address of the packets received at the PEP’s local port (the default setting), the remote port IP address of the PEP, or a virtual IP address that is configured as part of a network set. The second two options are used when the original source IP address must be concealed or when traffic must be routed over the internet.

Even when you configure network sets to conceal the original source IP addresses, you might need to preserve the original IP addresses for other traffic that is routed through the same network sets. For example, you might need to transmit traffic that must comply with Service Level Agreements.

To handle these situations, you can create additional policies that use the same network sets, but override the specified network addressing mode. In the policy editor, the network addressing mode can use one of two options:

Preserve only the original internal network addresses. The source and destination addresses in the IP header are sent in the clear. The protocol and port, as well as the payload of the packet are encrypted. This is referred to as a Layer 3 policy.

Preserve the original internal network address, protocol, and port. The source and destination addresses, protocol, and port in the IP header are sent in the clear. With this option, only the payload of the packet is encrypted. This allows you to send the Layer 4 header information in the clear for traffic engineering and Service Level Agreement management (for example, Quality of Service controls or NetFlow statistics monitoring). This is referred to as a Layer 4 policy.

Related topics:

“Network Addressing for IP Networks” on page 35

“Adding a Network Set” on page 170

“Encapsulation” on page 183

Using Encrypt All Policies with Exceptions

You can design your policies many different ways for the same results. If you design your policies based on chunks of data such as which port or which source or destination address encrypts, drops, or passes in the clear, a large number of policies can result. With a large number of policies, the policy management overhead increases and keeping track of the priority of each policy can become difficult. You can simplify this process by doing the following:

EncrypTight User Guide

185

Page 183 Page 185
Page 184
Image 184
Black Box ET1000A, ET0010A, ET0100A Key Generation and ETKMSs, Addressing Mode, Using Encrypt All Policies with Exceptions
Page 183 Page 185

EncrypTight, ET0100A, ET0010A, ET1000A specifications

The Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are advanced solutions designed for secure data transmission and network management, catering to modern enterprise needs. These tools integrate cutting-edge technologies to enhance connectivity, security, and efficiency within various environments.

The Black Box ET1000A is primarily a high-performance Ethernet over Twisted Pair (EoTP) solution. It enables users to extend Ethernet signals over long distances using existing twisted-pair cabling without sacrificing speed or reliability. With support for speeds up to 100 Mbps, this device is ideal for organizations looking to upgrade their existing infrastructure without extensive rewiring. Key features include plug-and-play installation, which simplifies deployment, and versatile compatibility with both legacy and modern ethernet networks.

The ET0010A model takes connectivity a step further by providing seamless integration with fiber optics. This device supports transmission distances that far exceed traditional copper solutions, making it a perfect fit for larger facilities or multi-building campuses. Its built-in Ethernet switch enhances network efficiency by providing multiple ports for device connectivity, thus facilitating greater data flow.

EncrypTight technology is a notable feature across these Black Box models, offering advanced encryption capabilities to safeguard sensitive data during transmission. With military-grade encryption protocols, EncrypTight ensures that corporate information remains secure from potential eavesdroppers. This technology is essential for businesses operating in regulated industries or that handle confidential customer information.

The ET0100A model combines intelligence with monitoring features to provide users with comprehensive network insights. It boasts built-in diagnostic tools that enable IT professionals to troubleshoot issues quickly and efficiently. Additionally, it features real-time performance monitoring, allowing users to analyze bandwidth usage and optimize network performance accordingly.

In conclusion, the Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are powerful tools that embody the latest in data transmission and network management technologies. With their unique features—including extended connectivity capabilities, robust encryption technologies, and real-time monitoring solutions—these devices cater to the growing demands of businesses seeking to enhance their network infrastructure while ensuring robust security and efficiency. Integrating these tools into any organization’s operations can fundamentally improve both performance and data protection, making them indispensable in today’s digital landscape.
Top Page Image Contents