PacketLight Networks offers Layer-1 encryption solutions for OTN and dark fiber networks, while delivering full data throughput.
PacketLight’s Layer-1 encryption solution supports applications such as secured data center connectivity for financial institutions, encrypted managed services for carriers, and secured networks for government institutions and utilities.
PacketLight's encryption solution ensures the confidentiality and integrity of data, based on GCM-AES-256 encryption standards, supporting Diffie-Hellman (DH) key exchange up to every 1-minute. In addition, the solution supports multiple protocols including 1G/10G/40G/100G LAN and 4G/8G/16G/32G FC.
The PacketLight Layer-1 Encryption solution is achieved by the PL-1000TE-Crypto multi-rate, multi-service Dense Wavelength Division Multiplexing transponder (DWDM), supporting innovative cryptographic capability for 40GE, 10GbE, GbE data and 4/8/10/16G FC storage services.
PacketLight’s encryption is transparent to the traffic without any degradation to the DWDM link performance or to the QoS of transferred data. The PL-1000TE provides full end-to-end transparency of service data and clock with a low latency of less than 12 usec for 10GbE.
Historically, fiber optic communications have been considered more secure than copper infrastracture, since the cabling does not radiate. However, in recent years, it has been proven that it is possible to tap a fiber optic cable and extract all the data streams passing over through. As a result, awareness of data security over DWDM links has increased in many organizations, especially in banks, government entities, data centers and service providers.
PacketLight’s innovative cryptography solution offers high security level for the fiber infrastructure by encrypting and protecting the service level data flow. PacketLight’s encryption is transparent to the traffic without any degradation to the DWDM link performance or to the QoS of transferred data providing full end-to-end transparency of service data and clock with a low latency of less than 12 usec for 10GbE.
PacketLight’s cryptography solution (PL-1000TE Crypto) performs GCM-AES-256 Encryption on layer-1 of the client signal, thus supporting full bandwidth of the 1/10/40G services. PacketLight’s cryptography solution is compliant with NIST FIPS 140-2 standards and NSA Suite B requirements for 40G Eth, 10G Eth and GbE services as well as 4/8/10/16Gb FC.
PacketLight’s comprehensive encryption solution ensures three major concerns of optical link security:
The PL-1000TE Crypto solution is applicable for services of GbE, 10GbE and 40GbE as well as 4/8/10Gb FC. The user can flexibly activate the encryption/decryption functionality for specific transponders and selected wavelengths.
In addition to the data encryption, there are two additional security capabilities supported by all PacketLight DWDM devices:
The Fiber Attenuation Monitoring method monitors the attenuation levels between two sites in real time and provides system alerts in case of any degradation in the fiber attenuation. Malicious fiber tapping attempts are one of the reasons that causes degradation in the fiber attenuation. With alerts provided by PacketLight’s units, such tapping attempts can be quickly identified and remedied.
The firewall functionality provides protection for PacketLight’s device against attacks targeted against the management port by enabling the user to maintain a white list of managers that can access the device and specify the list of blocked/allowed management protocols.