Black Box ET0010A User Manual
EncrypTight Overview
22
EncrypTight User Guide
To securely transfer data between two PEPs over an untrusted network, both PEPs must share a key. One
PEP uses the shared key to encrypt the data for transmission over the untrusted network, while the second
PEP uses the same shared key to decrypt the data.
PEP uses the shared key to encrypt the data for transmission over the untrusted network, while the second
PEP uses the same shared key to decrypt the data.
two PEPs.
Figure 5
Shared keys
In this example, traffic moves between two trusted networks: Network A and Network B. PEP A and
PEP B work in unison to insure data security as the traffic passes through an unsecured network. PEP A
uses Shared Key 2 to encrypt all outbound traffic intended for Network B. PEP B uses the same shared
key to decrypt all traffic inbound from Network A. Traffic flowing in the opposite direction is secured in
the same manner using Shared Key 1.
PEP B work in unison to insure data security as the traffic passes through an unsecured network. PEP A
uses Shared Key 2 to encrypt all outbound traffic intended for Network B. PEP B uses the same shared
key to decrypt all traffic inbound from Network A. Traffic flowing in the opposite direction is secured in
the same manner using Shared Key 1.
EncrypTight Policy Enforcement Points (PEPs) can be configured for Layer 2 or Layer 3/4 operation.
Models include:
Models include:
●
ET0010A
●
ET0010A
●
ET1000A
Point-to-Point Negotiated Topology
You can protect simple, point-to-point Ethernet links using ETEMS. Two PEPs can be configured with
ETEMS to protect a Layer 2 Ethernet link, without any need for ETPM or ETKMS. The policies and key
are negotiated directly by the two PEPs, without requiring a centralized key generation and distribution
tool.
ETEMS to protect a Layer 2 Ethernet link, without any need for ETPM or ETKMS. The policies and key
are negotiated directly by the two PEPs, without requiring a centralized key generation and distribution
tool.
This option provides a simple, quick, and straightforward way to secure a single point-to-point Layer 2
Ethernet link. All you need to secure your traffic is ETEMS and two ETEP encryption appliances.
Ethernet link. All you need to secure your traffic is ETEMS and two ETEP encryption appliances.
The ETEP can be managed in-line or out-of-band through a dedicated Ethernet management interface, as
shown in
shown in
.