About MACsec

Provides Layer 2 security protecting network communications against a range of attacks including: denial of service, intrusion, man-in-the-middle, and eavesdropping. These attacks exploit Layer 2 vulnerabilities and often cannot be detected.

Provides Layer 2 hop-by-hop encryption on point-to-point Ethernet links.

Enables a bi-directional secure link after an exchange and verification of security keys between two connected devices.

系统(ss7)保护基础设施使用MKA (MACsec Key Agreement) protocol and Static CAK (Connectivity Association Key).

Is intended for wired LANs.

Connectionless data integrity: Unauthorized changes to data cannot be made without being detected. Each MAC frame carries a separate integrity verification code.

Data origin authenticity: A received MAC frame is guaranteed to have been sent by the authenticated device.

Confidentiality: The data payload of each MAC frame is encrypted to prevent it from being eavesdropped by unauthorized parties.

Replay protection: MAC frames copied from the network by an attacker cannot be resent into the network without being detected.

Bounded receive delay: MAC frames cannot be intercepted by a man-in-the-middle attack and delayed by more than a few seconds without being detected.