2 minute read
secunet
SINA SOLID – an award-winning, patented solution for secure, dynamic VPN networks
(BSC/Secunet) The unique SINA SOLID (Secure Overlay for IPsec Discovery) technology is a new feature of the SINA L3 Box and the successful outcome of years of research. SINA SOLID can automatically configure very large, flexible IPsec networks, thereby significantly increasing performance at the highest security level.
The feature creates a dynamic VPN network, which automatically configures the connection between individual network nodes – all without affecting the security features of IPsec or SINA. SINA SOLID also greatly reduces the administrative burden in large, complex networks, because the system can respond autonomously to changes in the network and manual intervention is no longer required. Version 3.9 onwards of the SINA L3 Box will contain SINA SOLID and will be available with BSI (German Federal Office for Security for Information Security) approval for VS-NfD (restricted) use from the second quarter of 2016.
IPsec-based VPNs (virtual private networks) offer extensive protection against attacks on the confidentiality and integrity of transmitted data. However, due to their complex and often static configuration, the integration of new IPsec gateways into a network and the adjustment of VPN routes are often associated with higher costs. Generally speaking, the IPsec infrastructures typically used for this have to be configured manually. This means that paired security associations are established between the IPsec gateways concerned, even in large networks. This process, for which the expenditures increase quadratically with the number of IPsec gateways, can prove to be cost-intensive and prone to error. The availability of the network and the operating costs for central nodes are deciding factors in the establishment of VPNs. As yet, no product for the dynamic, automated full meshing of VPNs has been approved by the German Federal Office for Information Security.
SINA SOLID makes it possible to dynamically mesh VPNs by automatically configuring large to very large network infrastructures. It responds to topology changes and route redundancy during runtime, which can help to keep the administrative burden low – particularly for complex, potentially highly meshed VPN topologies. As a result, faster communication setup is virtually guaranteed. In addition, the feature increases sabotage resistance against denial-of-service (DoS) attacks and enables dynamic responses to system failure through self-optimised route selection between SOLID nodes.
Private VPN approval
Public multiprotocol layer switching (MPLS) transport network
Graphic: Secunet
The transparent and secure overlay network coordinates the full meshing of the VPN itself. It manages the dynamic arrangement of all VPN participants in a logical ring and enables all nodes to conduct search queries to build security associations. All routing information is then held in the VPN node itself and is regularly optimised.
SINA SOLID is a new feature that will be provided with software version 3.9 for the SINA L3 Box S. SINA SOLID is therefore one of the core components of the central SINA IT infrastructure.
The benefits of SOLID
Auto-configuration: » Lower configuration and administrative costs » Security associations are configured automatically » Routing information is held in the network itself » Topological changes take place dynamically during runtime » Dynamic meshing according to transport needs
High availability: » SOLID-driven cluster formation for central infrastructure nodes » Redundant routing during runtime in the SOLID network » High sabotage resistance due to the elimination of central concentrators » Dynamic network responses to node failure
