It may seem like it has been forever since the Target credit card breach in 2013, which cost the company $162 million, but unfortunately it has set a new trend that hasn’t let up. It feels like network security compromises have constantly been in the news. It was just last month that Ashley Madison was breached, and now this month over 225,000 Apple iPhone accounts were hacked according to a recent report from Palo Alto Networks.
These hacks are surely very sophisticated and not always well understood, but going forward it’s a fair assumption that any data gleaned by a hacker from an unsecured network or data center can be leveraged to help strengthen their ability to break in and take much, much more.
Extreme Networks has taken a comprehensive approach to helping customers secure their networks for years, from pioneering a unified policy architecture to recently releasing portfolio updates around intrusion protection, and this month we’re making network security even more durable. The Extreme Networks S-Series modular and 7100 fixed 1/10Gb LAN and data center switches are introducing MACsec support to provide strong encryption of user data to the network. Under this IEEE standard (802.1ae) all data that traverses a given physical link is encrypted, assuring network operators of security against any potential compromises to a network line, and bringing network security to a whole new level.
Figure 1: Example Topology using MACsec Physical Network Encryption
What is the impact this will have on you as a network administrator?
- Anywhere in your network that a cable leaves a building or enters an unsecured area or for some other reason is at risk of being tapped, encryption can now secure that threat.
- Secure traffic between switches at 1 Gigabit or 10 Gigabit Ethernet speeds, be it between buildings or within a wiring closet or data center.
- Secure the traffic running to your CoreFlow-powered Purview application intelligence and analytics.
- Consider the future potential for encryption down to wired end systems (requires end system support) – something you already have when the client is wireless, thanks to wireless encryption.
PS – This new software release – 8.41 – also brings VXLAN capabilities to the S-Series and K-Series, including the ability to monitor application traffic within VXLAN (and now also MPLS) tunnels at the application layer. Expect to hear more on VXLAN in future postings.