Cherry & White can offer layer 1 encrypted network solutions over OTN and DWDM networks whilst maintain full data throughput using PacketLight’s encryption product range.
Our Layer-1 encryption solution supports applications such as secured data centres connectivity for financial institutions, encrypted managed services for carriers, and secured networks for government institutions and utilities.
The need for data security over DWDM links has increased over recent years, especially in financial and government institutions, critical infrastructure, data centres and service providers. Moreover, security requirements such as confidentiality, integrity and authentication have become mandatory in some industries.
The encryption solution ensures the confidentiality and integrity of data, based on GCM-AES-256 encryption standards, supporting Diffie-Hellman (DH) key exchange up to every 1-minute. In addition, the solution is compliant with NIST FIPS 140-2 standards and NSA Suite B requirements for GbE/10/40/100Gb Ethernet, as well as 4/8/10/16/32G FC, STM64/OC-192 SONET/SDH, and OTU2/3/4.
The solution enables users to flexibly activate the encryption/decryption functionality for specific transponders and selected wavelengths.
Up to 20 encrypted signals can be multiplexed into a single 100G or 200G OTN uplink using PacketLight’s muxponder devices. The encryption can be done per client interface (service) or for the entire uplink (line side).
Other Security Solutions
In addition to the data encryption, PacketLight DWDM devices support the following security capabilities:
- Fibre attenuation monitoring – monitors the attenuation levels between two sites in real-time and provides system alerts in case of any degradation in fibre attenuation.
- Firewall – malicious fibre tapping attempts is one of the reasons for degradation in fibre attenuation. PacketLight units comprise alerts, so tapping attempts are identified quickly and remedied.
- Secured access to management console – firewall functionality protects PacketLight’ s device against attacks targeted at the management port by enabling the user to maintain a whitelist of managers that can access the device.