Tunnel Security and Encryption
Multapplied SD-WAN provides both a physical form of security and encryption for customer data. By virtue of aggregating bandwidth from multiple circuits into a single tunnel, packets are transmitted across multiple circuits and transported across multiple carrier networks and circuit types. Packet sniffing techniques are less successful in this environment as packets need to be intercepted from multiple carrier circuits.
Multapplied SD-WAN offers perfect forward secrecy with all ciphers. Perfect forward secrecy is the property that encrypted traffic cannot be decrypted at a later time even if the private key is compromised. Encryption is performed using private keys generated when the Aggregator and CPE were provisioned, and hosts are authenticated with x.509 certificates signed by certificate authority on the management server
HMAC (Hash-Based Message Authentication Codes)
Three ciphers are available:
- AES 128, the default due to being accelerated on some CPUs (requires 64-bit operating system)
- AES 256
- Salsa20 256