Werbung
Netzsicherheit
[ Netzsicherheit > MACsec ]
Mögliche Werte:
1..4294967295 (2³²-1)
Aktiv
Zeigt, ob die Access-Control-Liste auf dem Port oder im VLAN aktiv ist.
Mögliche Werte:
markiert
Die Access-Control-Liste ist aktiv.
unmarkiert
Die Access-Control-Liste ist inaktiv.
4.10
MACsec
[ Netzsicherheit > MACsec ]
Media Access Control Security (MACsec) is a security function for protecting data on Layer 2 when
in transit between 2 MACsec-capable network devices. MACsec is standardized in IEEE 802.1AE.
It is widely used in renewable energy and transportation industries.
MACsec is fast and transparent. It uses a combination of encryption and data integrity checks to
help secure data which is transmitted over switch-to-switch links in Local Area Networks (LAN). The
function helps provide:
•
Confidentiality
–
MACsec performs the encryption on a per-port-basis.
–
MACsec hides Layer 3+ information in transit and thus provides protection for protocols on
Layer 3+, like IP and TCP, without the need for protocol-specific encryption engines on
endpoints or routers.
–
MACsec also protects protocols that operate directly on Layer 2, like ARP, STP, or LLDP.
•
Integrity
–
MACsec performs the data integrity checks on a per-port-basis.
–
When sending a frame, MACsec generates a checksum (the Integrity Check Value, ICV) with
a cryptographic algorithm. Checking the ICV when receiving a MACsec frame helps prevent
attacks like Denial of Service (DoS) and Man in the Middle (MITM) attacks.
•
Data origin authenticity (implicit in integrity)
–
Calculating the ICV includes a shared key. This lets the receiver check if the sender has used
the correct key. If yes, the frame originated from the entity which claims to be the sender.
–
This also helps prevent network attacks like Denial of Service (DoS) and Man in the Middle.
(MITM) attacks.
MACsec is also economical and scales well.
•
Economic efficiency:
–
MACsec provides protection for almost any payload protocol, without the need for protocol-
specific encryption.
•
Performance:
–
MACsec operates on ports with MACsec-capable PHYs and therefore automatically scales
with the bandwidth of the available, MACsec-enabled ports.
–
MACsec basically provides wirespeed for small as well as large payload frame lengths.
256
(Voreinstellung)
RM GUI BRS
Release 10.3 04/2025
Werbung
