With the emergence of wireless networking, ultra slim notebooks, PDAs (personal digital assistants) and smartphones, mobile communications have quickly become an integral part of doing business. Mobile capabilities are set to take another leap forward with the introduction of new standards for wireless broadband wide- and local-area networking.
With connections from the edges to 40-gigabit and 100-gigabit optical fiber networks and Layer 2 network protocols such as Metro Ethernet, the next-generation network landscape is taking shape.Part 1 of this three-part series takes a look at how the need to comply with new, more stringent information security regulations and reporting requirements is prompting carriers and multinational organizations to pursue “Everything over IP” technology plans.
Part 2 explores how this movement is progressing, focusing on the Institute of Electrical and Electronic Engineers’ 802.16 (WiMax) and 802.11n wireless broadband networking standards, as well as 802.11i, more commonly known as “WPA 2” — the all-important latest iteration of wireless communication security protocols.
The Declining Cost of Greater Bandwidth
“The cost of network communications bandwidth has decreased significantly in recent years, and next generation WAN (wide-area network) services like VPLS (virtual private LAN service), VDSL (very high speed digital subscriber line) and Metro Ethernet are helping to drive down costs further,” said Andy Solterbeck, vice president of product management at Layer 2 encryption solutions providerSafeNet’s commercial security division.
“Enterprises are now able to link corporate and regional offices, server farms, data centers and disaster recovery centers across floors or across continents,” he told TechNewsWorld, “with multi-megabit or even gigabit lines at a fraction of the cost they were paying before.”
The role wide-area Ethernet plays in the emerging next-generation network landscape will continue to grow, James Zik,Ciena’s senior product marketing manager for optical transport products, told TechNewsWorld. “Network operators are continuing to migrate their TDM (time-division multiplexing) networks over to IP-based networks. The new media/video services require increasingly higher network availability and reliability to deliver these services with high QoS (quality of service).”
Standards Needed
The development of widely accepted open standards for 40- and 100-gigabit optical Ethernet networking will be necessary to make all this happen. “The hurdles that stand in the way of wide-area Ethernet networking and 100-Gb networking are lack of standards,” Zik explained.
“With wide- area Ethernet networking, the ability to offer advanced OAM&P (operations, administration, maintenance and provisioning), FCAPS (fault management, configuration, accounting and security), interoperability, etc., is required. For 100-Gb networking, the IEEE 802.3 HSSG (Higher Speed Study Group) is addressing 100GbE and client optics and 10km to 40km reach, but not core transport. ITU (International Telecommunications Union) Study Group 15 is beginning to address the standards for core transport of 100GbE,” he pointed out.
“However, there is much debate going on in both of these bodies, which may delay the standards — hence providing additional time for 40-Gb deployments. In addition, there is increasing debate in the IEEE 802.3 HSSG about whether 40GbE should be standardized.”
The Need for Security
In addition to its lower cost and ease of use, wide-area Ethernet enables organizations to better protect and secure their network traffic, be it e-mail messages or application services. That’s a big benefit to U.S. government offices and other organizations subject to information security regulations, such as the Federal Information Security Management Act, Sarbanes-Oxley and the Gramm-Leach-Bliley Act.
“High-speed/high-bandwidth applications such as storage area networks, data replication, and business continuity and disaster recovery must encrypt the data exchanged to protect its confidentiality for privacy concerns,” Juan Asenjo, information assurance global marketing manager atThales e-Security, told TechNewsWorld.
“By encrypting the data in flight between these connections, customers can fulfill these new regulations without sacrificing performance,” he added.
“To adhere to regulations and meet critical throughput and latency requirements, networks must be secured at the lowest possible Open System Interconnect (OSI) layer to achieve maximum efficiencies. Layer 3 IPSec-based encryption solutions, due to latency and packet expansion, introduce unacceptable delays to high-speed/high-bandwidth backbones connections,” Asenjo concluded.
Layer 2 vs. Layer 3
Typically, the lower in the OSI model you put information assurance — that is, encryption — the more information is protected, LeRoy Lundgren, deputy director of the office of information assurance and compliance atNETCOM, told TechNewsWorld. The Layer 2 (the media access control/data link layer) protection hides Layer 3 (the network layer) so that network resource information such as IP addresses are not transmitted “in the clear.”
This helps to protect networks from various Layer 3 attacks — for example, denial of service and port scanning — and intelligence-gathering attempts such as IP mapping and analysis of the internal network, Lundgren explained.
“Layer 2 network encryption is typically used to protect wireless LAN and MAN (metropolitan area network) environments because with wireless, the data and management packets/frames may be unintentionally exposed to people outside of the confines of a trusted environment,” he said.
“Layer 3 encryption is typically used on wired networks because, unlike wireless, people have to be in the trusted environment to access network resources,” concluded Lundgren.
“In wireless networks, we have WPA2 that works very well, but over wired networks we really have nothing,” noted Jon Green, Aruba’s OS xSec product manager. “You can authenticate users with 802.1x, but there is no scheme there for encryption. xSec is really a repackaging of WPA2 and uses very similar techniques, but it works equally well over wired or wireless,” he explained.
“xSec also provides stronger encryption than WPA2, using AES-CBC-256,” he maintained, “and uses a couple other algorithms for a hash function that are stronger than that used in WPA2.”