Basics of MACsec
Media Access Control Security
Media Access Control security (MACsec) offers point-to-point security on Ethernet connection. It is defined by IEEE standard 802.1AE and works in layer-2 encryption technology. It can be used in combination with other security protocols, such as IP Security (IPsec) and Secure Sockets Layer (SSL), to provide end-to-end network security.
It is used at ethernet networks, WAN routers, LAN switches, Data Centre routers and switches, Servers, router to switch, switch to switch, server to switch and end devices.
For end-to-end security, data needs to be secured when at rest (stored in a device) and when in motion (communicated between connected devices).
After configuring and enabling MACsec, when data is in motion or transit, security added in communication layer and one bi-directional secure communication link is established and is combined with data integrity check and encryption.
MACsec can identify and preventing most security threats such as denial of service (DoS), intrusion, man-in-the-middle attack, etc.
- Static connectivity association key (S-CAK)
- Static secure association key (S-SAK)
- Dynamic secure association key (D-SAK)
- Device to device security
- Confidentiality
- Data origin authenticity
- Data integrity
- Replay protection
- Deployment flexibility
No comments:
Post a Comment