Announcement

Collapse
No announcement yet.

Layer 2 Encryption options?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Layer 2 Encryption options?

    We are investigating the option to lease a dark fiber circuit between our two offices in neighboring towns. We recently found out that the circuit would enter a data center and be routed through some patch panels. This adds considerable risk of eavesdropping (we're a financial institution) so our new options are to pay an extra $10,000 to route the fiber around town to reach different splice points or find a way to encrypt the traffic. We want to establish a full 1Gbps link, but the cost of encryption devices is astronomical.

    I found two units (site won't allow me to post links before I've made 5 posts) in the $20,000-$30,000 per unit range.
    Certes Networks VSE and
    SafeNet SafeEnterprise Ethernet Encryptor

    We're just looking for a simple layer 2 encryption device that will take traffic from each end and secure it for transport. We don't need auditing or compliance features.

    Any assistance pointing us into a direction with information on such devices will be greatly appreciated!

  • #2
    Re: Layer 2 Encryption options?

    Is this circuit a layer 2 circuit (QinQ tunnel) or a layer 3 circuit? Typically at layer 3 it will be a MPLS VPN. Your traffic will be segragated from other clients in the ISP's network by using VRF's (Virtual Routing and Forwarding tables on the PE routers) Therefore there is no chance of your data being sent to another customer. In reality you have to "trust" your provider to make sure this is the case. It you need that additional layer of security then run a ipsec vpn over the Layer 3 MPLS vpn circuit.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: Layer 2 Encryption options?

      We want to lease a single strand of dark fiber from a wholesaler. There is no other traffic, we will be lighting it with our own fiber media converter equipment.

      It's not a matter of our traffic going to other customers, but being relatively safe with the idea that no one can sniff our data.

      To purchase equipment capable of 1Gbps ipsec vpn throughput, we're looking at the same price of ~$40k+.

      Comment


      • #4
        Re: Layer 2 Encryption options?

        If its going through a providers cloud then there is always a chance they can sniff your data. Like I said, you have to trust your provider during transport. GIG ipsec throughput is going to be expensive. Better solution would be to contact an ISP and inquire about a Layer 3 MPLS VPN. Its cheaper and just as secure.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment

        Working...
        X