Tamper protection for monitoring networks in banks

Your Task

Banks' security requirements are generally as stringent as those of government authorities or the armed forces: They involve mutual supervision, personnel weighing scales and video surveillance. To protect assets and valuables, access to all areas within banks is tracked and supervised using sophisticated access control systems. These systems depend on monitoring networks that are capable of safeguarding the integrity and authenticity of the data they transmit.

Increasingly, this data is carried on flat networks. Such networks are popular because they are flexible and allow devices to be connected efficiently over public landlines, radio relay links or proprietary lines. However, attackers who gain access to these communications links could potentially intercept and tamper network data, something that needs to be prevented at all costs.

Encryption from Rohde & Schwarz

The R&S®SITLine ETH encryption devices can secure communications on flat networks against data manipulation and espionage. The R&S®SITLine ETH devices use the most advanced elliptic curve cryptography, X.509v3 certificates and AES-256, and are approved for use in NATO and EU member countries.

Linking access control and networking monitoring systems securely

Video surveillance and access control systems on monitoring networks use the Internet protocol (IP) as a reliable medium for transporting data. Data recorded locally is evaluated in central offices. However, IP has a number of security vulnerabilities: Data is easy to intercept and manipulate, regardless of whether it is transmitted on a public service provider's infrastructure or on an organization's own network. Even optical communications lines can be monitored by relatively simple means. Hence the need for strong encryption.

The R&S®SITLine ETH devices not only secure network data reliably, they are also protected against physical tampering, making it impossible to disable or circumvent their cryptographic functionality.

Encryption is transparent to the IT infrastructure

There is no need for IT administrators to access the R&S®SITLine ETH device configurations in order to manage their networks, because the encryption functionality is completely transparent to the network.

Device certificates and encryption parameters are configured by security officers who use personal security tokens to log in to the security management system, which is protected with strong, two-factor authentication.

Flexible deployment of cash center equipment in flat networks

Flat networks allow cost-intensive machines (e.g. cash center equipment) to be deployed flexibly at different locations if needed. Due to the flat network structure, machines can be moved to another location without incurring additional IT maintenance costs.

The R&S®SITLine ETH devices secure flat networks. The transmitted Ethernet data is encrypted and integrity protected.