Defence Technology
European Security & Defence 2015
31
SINA SOLID – an award-winning, patented solution for secure, dynamic VPN networks (BSC/Secunet) The unique SINA SOLID (Secure Overlay for IPsec Discovery) technology is a new feature of the SINA L3 Box and the successful outcome of years of research. SINA SOLID can automatically configure very large, flexible IPsec networks, thereby significantly increasing performance at the highest security level. The feature creates a dynamic VPN network, which automatically configures the connection between individual network nodes – all without affecting the security features of IPsec or SINA. SINA SOLID also greatly reduces the administrative
Private VPN approval
burden in large, complex networks, because the system can respond autonomously to changes in the network and manual intervention is no longer required. Ver-
Public multiprotocol layer switching (MPLS) transport network
sion 3.9 onwards of the SINA L3 Box will contain SINA SOLID
Graphic: Secunet
and will be available with BSI (German Federal Office for Security for Information Security) approval for VS-NfD (restricted) use from the second quarter of 2016. IPsec-based VPNs (virtual private networks) offer extensive
The transparent and secure overlay network coordinates the full meshing of the VPN itself. It manages the dynamic arran-
protection against attacks on the confidentiality and integrity of
gement of all VPN participants in a logical ring and enables all
transmitted data. However, due to their complex and often sta-
nodes to conduct search queries to build security associations.
tic configuration, the integration of new IPsec gateways into a
All routing information is then held in the VPN node itself and is
network and the adjustment of VPN routes are often associated
regularly optimised.
with higher costs. Generally speaking, the IPsec infrastructures
SINA SOLID is a new feature that will be provided with
typically used for this have to be configured manually. This me-
software version 3.9 for the SINA L3 Box S. SINA SOLID is
ans that paired security associations are established between
therefore one of the core components of the central SINA IT
the IPsec gateways concerned, even in large networks. This
infrastructure.
process, for which the expenditures increase quadratically with the number of IPsec gateways, can prove to be cost-intensive
The benefits of SOLID
and prone to error. The availability of the network and the establishment of VPNs. As yet, no product for the dynamic,
Auto-configuration: » Lower configuration and administrative costs
automated full meshing of VPNs has been approved by the
» Security associations are configured automatically
German Federal Office for Information Security.
» Routing information is held in the network itself
operating costs for central nodes are deciding factors in the
SINA SOLID makes it possible to dynamically mesh VPNs by automatically configuring large to very large network infrastruc-
» Topological changes take place dynamically during runtime » Dynamic meshing according to transport needs
tures. It responds to topology changes and route redundancy during runtime, which can help to keep the administrative burden low – particularly for complex, potentially highly meshed
High availability: » SOLID-driven cluster formation for central infrastructure
tually guaranteed. In addition, the feature increases sabotage
nodes » Redundant routing during runtime in the SOLID network
resistance against denial-of-service (DoS) attacks and enables
» High sabotage resistance due to the elimination of central
dynamic responses to system failure through self-optimised
concentrators » Dynamic network responses to node failure
VPN topologies. As a result, faster communication setup is vir-
route selection between SOLID nodes.
