Ethernet Encryptors

CEP10, CEP100 and CEP1000
10Mbps, 100Mbps and 1Gbps Ethernet Encryptors

Product Overview
The CipherEngine Enforcement Points (CEPs) are FIPS 140-2 L2 Certified hardware accelerated encryption appliances that provide flexible Ethernet frame encryption. The CEPs are available in three models, offering full-duplex wire-speed encryption at 10Mbps, 100Mbps or 1Gbps speeds.

The CEPs integrate easily into your existing Ethernet network without the need for network changes. They operate transparently over any network, encrypting data transmissions without compromising network operations or application performance. The CEPs enable you to encrypt any Ethernet topology including:

Multipoint-to-multipoint

Point-to-multipoint

Point-to-point Ethernet

Layer 2 multicast

Layer 2 unicast topologies

The CEPs utilize the CipherEngine Encapsulating Security Payload protocol(CE-ESP), to provide Ethernet payload encryption and Ethernet frame authentication. CE-ESP is CipherOptics' packet encapsulation protocol that is based on the IPsec ESP protocol standards.

Ethernet Frame Encryption
The CE-ESP protocol preserves the original Ethernet header information on each packet while providing native Layer 2 encryption for the Ethernet payload, as shown in the illustration below. AES-256 is the payload encryption algorithm.

Ethernet Frame Encryption

Per Frame Authentication
As part of the encryption process with the CEPs, each and every Ethernet frame is authenticated. Once the payload has been encrypted, the Ethernet frame is authenticated and then sent out to the Ethernet network. Only authenticated frames are processed by the other CEPs and non-authenticated packets are dropped at wire-speed, preventing any denial of service or man-in-the-middle attacks.

VLAN Encryption

CipherEngine Video

Watch a nine-node encryption deployment take place in less than 10 minutes

In a multipoint-to-multipoint Ethernet network, the CEPs can encrypt using a VLAN ID as the encryption selector. This unique ability allows organizations to cryptographically segment their network based on VLANs. For point-to-point topologies, the CEPs can use VLAN identifiers or simply encrypt all Ethernet frames between the two network endpoints.

Centralized Administration
Managing the CEPs is easy with CipherOptics CipherEngine. Within CipherEngine, CEPs can be grouped into network sets with every member of the group using the same key material. This grouping capability greatly reduces the complexity of large-scale Ethernet encryption deployments.

To learn just how easy it can be to deploy encryptors on your Ethernet network, contact us at 1-877-878-6655 or feel free to ask us a question.

Datasheets

ESG100 and ESG1002 Datasheet