Meeting Today s Data Security Requirements with Cisco Next-Generation Encryption



Similar documents
WHITE PAPER COMBATANT COMMAND (COCOM) NEXT-GENERATION SECURITY ARCHITECTURE USING NSA SUITE B

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

National Security Agency Perspective on Key Management

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Introduction to Security and PIX Firewall

MPLS/IP VPN Services Market Update, United States

Best Practices for Outdoor Wireless Security

PCI Solution for Retail: Addressing Compliance and Security Best Practices

Conquering PCI DSS Compliance

Cisco Wireless Security Gateway R2

Is Your SSL Website and Mobile App Really Secure?

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services

Secure Network Access Solutions for Banks and Financial Institutions. Secure. Easy. Protected. Access.

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

BMC s Security Strategy for ITSM in the SaaS Environment

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Chapter 1: Introduction

DRAFT Standard Statement Encryption

White Paper. Enhancing Website Security with Algorithm Agility

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

November Defining the Value of MPLS VPNs

Virtual Privacy vs. Real Security

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

Site to Site Virtual Private Networks (VPNs):

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

TrustNet CryptoFlow. Group Encryption WHITE PAPER. Executive Summary. Table of Contents

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

CCNA Security 2.0 Scope and Sequence

Nine Network Considerations in the New HIPAA Landscape

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

CCNA Security 1.1 Instructional Resource

WHITE PAPER. The Linksys Connected Office portfolio includes:

Passing PCI Compliance How to Address the Application Security Mandates

VPN. Date: 4/15/2004 By: Heena Patel

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

Network Test Labs (NTL) Software Testing Services for igaming

Supporting Municipal Business Models with Cisco Outdoor Wireless Solutions

INFORMATION SUPPLEMENT. Migrating from SSL and Early TLS. Version 1.0 Date: April 2015 Author: PCI Security Standards Council

PCI Data Security Standards (DSS)

Cisco Group Encrypted Transport VPN: Tunnel-less VPN Delivering Encryption and Authentication for the WAN

Securing Unified Communications for Healthcare

Cisco Medical-Grade Network: Build a Secure Network for HIPAA Compliance

TrustNet Group Encryption

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Design and Implementation Guide. Apple iphone Compatibility

How Proactive Business Continuity Can Protect and Grow Your Business. A CenturyLink White Paper

SIP SECURITY JULY 2014

Secure Network Design: Designing a DMZ & VPN

WHITE PAPER WHY ORGANIZATIONS NEED LTO-6 TECHNOLOGY TODAY

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Link Layer and Network Layer Security for Wireless Networks

Securing an IP SAN. Application Brief

How To Encrypt Data With Encryption

BUY ONLINE AT:

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Application Note: Onsight Device VPN Configuration V1.1

WHITEPAPER MPLS: Key Factors to Consider When Selecting Your MPLS Provider

The Internet of ANYthing

Cisco Cisco 3845 X X X X X X X X X X X X X X X X X X

Encryption Key Management for Microsoft SQL Server 2008/2014

Group Encryption. The key to protecting data in motion BLACK BOX blackbox.com

MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

SCADA/Business Network Separation: Securing an Integrated SCADA System

SafeNet Network Encryption Solutions Safenet High-Speed Network Encryptors Combine the Highest Performance With the Easiest Integration and

Healthcare Compliance Solutions

Securing SIP Trunks APPLICATION NOTE.

Our Key Security Features Are:

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Cisco Security Optimization Service

SECURING DATA IN TRANSIT

The Fortinet Secure Health Architecture

Cisco ASA 5500 Series Firewall Edition for the Enterprise

The Fortinet Secure Health Architecture

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

Security Requirements for Wireless Networking

SSL VPN Technical Primer

Jort Kollerie SonicWALL

Integrated Services Router with the "AIM-VPN/SSL" Module

Bellevue University Cybersecurity Programs & Courses

BlackRidge Technology Transport Access Control: Overview

VNS3 to Cisco ASA Instructions. ASDM 9.2 IPsec Configuration Guide

Wireless and Mobile Technologies for Healthcare: Ensuring Privacy, Security, and Availability

Compliance and Security Challenges with Remote Administration

Transcription:

White Paper Meeting Today s Data Security Requirements with Cisco Next-Generation Encryption Today s Encryption Environments The number of cyber attacks targeting US organizational data has doubled over the past three years. Today s firms experience more than 100 successful attacks per week and average losses of nearly $9 million per attack, according to a recent study by the Ponemon Institute. Still worse are the results of government data breaches, with the potential for disruption or sabotage of public, utility, safety, and financial services. As the encryption algorithms protecting such data continues to age, these systems are becoming increasingly easy to penetrate, especially with mobile devices and centralized cloud services providing new points of access for attacking or stealing critical data. Organizations are well aware of these problems, and over the past few years, data encryption has increasingly shifted from simple data breach remediation to becoming a key strategic business issue. Ponemon Institute studies demonstrate that companies and government agencies are increasingly working toward establishing management strategies that help to assure secure and operationally efficient encrypted systems. A significant percentage of investment is therefore focused on achieving compliance with privacy or data security initiatives or regulation. Financial services, healthcare, retail, and public safety organizations are all looking for new ways to encrypt their environments, assure information security over managed carrier services, and secure data in the cloud and other shared infrastructures. Advanced technologies such as Cisco Next-Generation Encryption (NGE) provide organizations with the tools they need to defend and maintain the security of information traffic. 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 6

The Evolving Data Security Threat Cryptography is by no means static. Threats to sensitive data can literally evolve within days or even hours, as persistent, well-funded attackers continuously develop new ways to penetrate supposedly secure systems. Steady advances in computing and in the science of cryptanalysis have made it necessary to adopt newer, stronger algorithms and larger key sizes. Older algorithms and key sizes no longer provide adequate protection from modern threats. Currently effective encryption systems will become progressively less so. Over the next generation, new, stronger encryption technologies are needed to continue to secure data for the future. Cisco Network-Based Encryption Today s encryption solutions are often application-based, meaning that each application must support its own strong cryptography. Not surprisingly, this requires organizations to incur per-application operating and compliance costs. Applications may also suffer from lower performance; this is especially notable in today s rapidly expanding mobile environments. Cisco s solution is to encrypt, not each application, but the network itself. Relying on a single architectural foundation provides encryption support for: All applications, both current and future Any device, including mobile, legacy, and industry-specific devices All traffic, including multicast, control data, and messaging The Cisco network enabled with NGE transitions readily to more advanced encryption capabilities, as opposed to having to upgrade each and every application. Once deployed, it supports regular provisioning and updates (including security patches) for better regulatory compliance. Centralized expert management also lowers maintenance costs compared to the price of maintaining many separate applications. As well, a single, consistent approach to network security helps to keep the entire system more secure, instead of relying on a variety of individual approaches from different application specialists. By providing a permanent foundation for ongoing data security, network-based encryption is the safest way to protect data in transit over the network, and enables new best practices in critical industries. The Shift to Next-Gen Encryption (NGE) Next-Gen Encryption provides a security level of up to 256 bits, significantly higher than today s 128-bit standard. Integrated into Internet Engineering Task Force (IETF) standards, NGE algorithms create a secure, interoperable foundation that facilitates collaboration in environments where costs or logistics have traditionally hindered information sharing for business, government, and military use. NGE also supports public and private sector organizations that need to meet compliance requirements, including the Payment Card Industry Data Security Standard (PCI DSS) for retail, the Health Insurance Portability and Accountability Act (HIPAA) for healthcare, and the Federal Information Processing Standards 140-2 (FIPS), among others. 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 6

Next-Gen Encryption secures information travelling over networks using well established, public-domain cryptographic algorithms: Encryption based on the Advanced Encryption Standard (AES) using 128- or 256-bit keys Digital signatures with the Elliptic Curve Digital Signature Algorithm (ECDSA) using curves with 256- and 384-bit prime moduli Key exchange, either pre-shared or dynamic, using the Elliptic Curve Diffie-Hellman (ECDH) method Hashing (digital fingerprinting) based on the Secure Hash Algorithm-2 (SHA-2) The use of public-domain algorithms simplifies adoption, strengthens the overall architecture security, and minimizes operational costs. Other encryption solutions have been promoted from time to time, for example, Quantum Key Distribution (QKD). This encryption system relies on the transmission of individual photons from the encryption device to the decryption device. It does not depend on any computational assumptions such as the conjectured difficulty of factoring the product of two large prime numbers. While this novel approach has garnered a certain amount of attention in the press, QKD brings considerable drawbacks to the table. It works only over a limited range at a limited data rate, it cannot be used in mobile networks or devices, and it requires its own physical layer, adding complexity to the network. Industry Best Practices with Advanced Encryption By relying on advanced encryption such as NGE, a variety of industries are able to protect their data in today s rapidly transforming any-to-anywhere environments. Public Sector: Government organizations are migrating rapidly into the cloud and mobile environments with the growing use of networked citizen services. These systems also require more large-scale data centers. However, agencies are increasingly the target of hacker attacks. Advanced encryption keeps government organizations in compliance with the FIPS 140-2 and IRS 1075 standards, as well as helping to meet security requirements for citizen data confidentiality. Public Safety: Local and state public safety organizations increasingly depend on mobile networking for data sharing in emergency situations. Wireless devices in police, fire, and medical vehicles connect to a network backbone to enable rapid disaster response and coordination. However, relying on wireless data transmission also increases the possibility of interference with or attacks upon critical data. Cisco encryption protects data traversing these wireless backhaul links to protect information during emergencies. It also secures routine data within the overall infrastructure for regular office communications. Finance: Today s financial organizations are faced with increased regulation of information security, while at the same time needing to meet growing customer demand for secure mobile and wireless transaction capabilities. Advanced encryption protects ATMs, kiosks, and bring your own device (BYOD)-based transactions, helping to assure compliance with regulatory requirements. Companies avoid the financial penalties and lower consumer confidence engendered by data breaches. 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 6

Healthcare: To meet HIPAA requirements, today s healthcare organizations are sharing confidential patient information between hospitals, out-patience clinics, doctors offices, labs and special units, and the patient s bedside. Advanced encryption allows this expanding network to comply with regulatory standards for medical data, while protecting in-house hot spots and wireless networks. Retail: Today s stores are managing complex environments based on strong trends toward mobile shopping, online shopping, and in-store use of Wi-Fi hot spots. As well, employees and management are relying on mobile devices to provide up-to-date information and manage customer concerns. Advanced encryption keeps the retailer in compliance with PCI security standards while protecting Internet access, social media, use of Q-codes, and other online activities. Cisco Next-Generation Encryption Cisco NGE leads the industry in advanced encryption, providing support for Suite B and an extended family of U.S. and international standards. It is currently available on most Cisco virtual private network products and architectures, and is progressively being added to all Cisco technologies. NGE s algorithms are based on more than 30 years of global advances and evolution in cryptography, supported by extensive, broad-ranging academic and community review. Cisco NGE: Helps meet business and regulatory requirements for a variety of industries Uses upgraded algorithms, key sizes, protocols, and entropy to meet security requirements up to AES 256 Offers a complete algorithm suite in which each component provides a consistently high level of security Can effectively scale to meet high throughput and large numbers of connections Can scale down to meet the security needs of low-power devices while supporting efficient battery use Is included in international protocols developed by bodies such as the IETF, IEEE, and Wi-Fi Alliance and standards such as IPSec, TLS, MACSec, etc. 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 6

Is applied to the Internet Key Exchange Version 2 (IKEv2) and Transport Layer Security (TLS) Version 1.2. Continues to support older algorithms to help ensure backward compatibility Companies can use Cisco s NGE to lay the groundwork for future security and scalability needs while meeting current encryption requirements. The NGE-Based Encrypted Network The Cisco NGE encrypted network is based on virtual private network (VPN) technology. VPNs offer data security within private networks that are extended across public networks such as the Internet. Appearing to the user as private network links, VPNs actually create a highly secured wide area network through the use of dedicated connections and encryption. Ten years ago, SSL-based VPNs were perceived as inflexible, complex, and difficult to deploy. However, dramatic advances have transformed the segmentation approach into one of the most dynamic security options available. VPN solutions are now available for most of today s topologies, including mobile environments. The encrypted VPN is designed to: Secure traffic using NGE and authentication Connect remote users to each other and to the network Quickly add new sites or users, without impacting existing infrastructure Improve productivity by extending corporate networks, applications, tools Reduce communications costs while increasing flexibility Provide secure management capabilities Enable secure wireless functions Cisco VPNs include: Site-to-Site Encrypted VPNs for reliable, high-quality transport of complex, mission-critical traffic over an Internet-based WAN infrastructure to branches, home offices, and business sites Remote Access Encrypted VPNs extend almost any data, voice, or video application to remote desktops and devices, supporting personnel who require NGE-level encryption, especially in the mobile network Group Encrypted Transport VPNs (GET VPNs) for large-scale video and voice support Dynamic Multipoint VPNs (DMVPNs) for centralized management of mobile environments 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 6

Conclusion A leader in cryptography and security, Cisco encrypted networks offer significant benefits across today s vital industries and national infrastructures. Your organization becomes future-ready with more efficient security, significant cost savings, and improved ability to stay ahead of bad actors even at a time when your data is becoming more unsafe every day. Cisco NGE: Supports a new range of algorithms to help secure data traffic for the next generation Connects remote users to each other and to the network Enables more secure management capabilities and wireless functions across the network instead through each application Quickly adds new sites or users, without impacting existing infrastructure Improves productivity by extending corporate networks, applications, and tools To learn more about Cisco NGE, please contact your Cisco representative. Printed in USA C11-728371-00 05/13 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information