Layer 4 Encryption: Network Transparent Encryption

One of the biggest drawbacks with both Layer 2 (Ethernet) and Layer 3 (IP) encryption is that they mask critical information such as application identification (port number) and other critical Layer 4 services, such as NetFlow statistics.

This can impact security in two key ways:

First, security and network administrators use application statistics to determine baselines for network usage. When anomalous behavior is detected (such as a usage peak during off hours) security administrators can take action to ensure that a cyber attack or information breach is stopped before it can cause serious harm. With traditional network encryption, the data is protected but the Layer 4 header information is also encrypted. In some cases, the hackers can use your security to mask their activity.

Secondly, network engineers often use application data and port numbers to help troubleshoot the network or identify routing issues. Because this is not possible if the Layer 4 header is encrypted, engineers often must disable data protection in order to troubleshoot the problem at the worst possible time – when the network is not performing the way it ought to.

Layer 4 Encryption Overview

Certes Networks solves both of these problems by offering the industry's only Layer 4 encryption solution, which protects data with standards-based encryption while leaving application identifiers and other TCP/UDP data in the clear. With TrustNet Manager™, a powerful web-based management platform that simplifies security management while preserving network performance and functionality, organizations can now protect data at wire speed while maintaining application visibility and other Layer 4 services. TrustNet also allows network administrators to take advantage of network/application monitoring tools, such as Netflow and J-flow, while encryption is active on the network. With TrustNet, network administrators no longer have to choose between security and visibility.

Benefits of Layer 4 Encryption

By preserving the original header information as seen below and encrypting only the payload, Layer 4 encryption also makes it possible to encrypt data over load-balanced, redundant and resilient networks. The solution also provides additional security by decoupling security from the underlying networking infrastructure. This provides significant performance improvements over Layer 3 IPSec. In fact organizations who switch from Layer 3 IPSec tunnels can see as much as 20%-40% improvement in throughput. Additional Layer 4 Encryption benefits include:

• Ability to pass encrypted data through NAT devices
• Support for policy-based routing and load balancing
• Lower packet overhead
• Netflow/Jflow support
• Infrastructure independent
• Network high availability and failover transparent
• Improves performance over Layer 3 IPsec tunnels

You don't have to take our word for it. One of the largest service providers in the U.S. tested our Layer 4 encryption solution in their labs to gauge the impact on network services. You can download the test results here.

With encryption speeds ranging from 3Mbps to 10Gbps, our Layer 4 encryption solutions ensure your data is protected and the network services are preserved- without impacting application or network performance.

To see just how easy it can be to take advantage of our Layer 4 encryption capabilities, contact us at 1-888-833-1142 or feel free to ask us a question.

Learn More:
Variable Speed Encryptors
FIPS 140-2 Validated Encryptors
TrustNet Manager™

Downloads:
TrustNet Difference
TrustNet Manager Whitepaper
Group Encryption Whitepaper
Layer 4 Encryption Test Results

Copyright 2002-2011 Certes Networks, Inc. | All rights reserved | 1-888-833-1142
Trademark and Legal Notices | Privacy Policy | Site Map