Protected against risks
Guarantee your data security with reliable authentication and effective protection against routing attacks.
More security, reliability and control: With Â̲èÖ±²¥ LAN SCION Access, you can ensure that your data is only transferred to the parts of the Internet that you want it to reach.
These days, digitalisation requires secure networks that are easy to control. However, the foundation of the Internet was laid last century without any special security mechanisms, and it has hardly been updated since. That makes it vulnerable. Cybercriminals now exploit vulnerabilities so unscrupulously that preventing and eliminating cyberthreats has become a main task for companies’ IT departments. This applies not only to the many security risks, but also to aspects of the transport network. It’s high time for an upgrade.Â
CION (Scalability, Control, and Isolation On Next-Generation Networks) is that upgrade. Â̲èÖ±²¥ LAN SCION Access combines the security, reliability and control of private networks with the flexibility of the public Internet. Â̲èÖ±²¥ has supported SCION’s development at ETH Zurich since 2015.Â
Guarantee your data security with reliable authentication and effective protection against routing attacks.
Work with smooth connections thanks to seamless integration of multiple paths and automatic failover.
Maintain complete control over your data’s transport route and control its secure transmission.
Benefit from the best security with hidden paths, transmitter-controlled path selection, and increased protection against DDoS attacks.
Optimise your network performance by using SCION to select the best paths based on cost or latency.
SCION’s architecture gives you a high degree of reliability with various features and new concepts. As a result, some attacks can be prevented from the very outset: SCION is immune to prefix hijacking. What’s more, the technology reduces the risk of exposure to distributed denial of service (DDoS) attacks through hidden paths and source authentication. The protection provided against address spoofing even prevents susceptibility to DDoS reflection attacks.Â
Multi-pathing allows the SCION protocol to open up multiple potential paths that can be used simultaneously. This increases the usable capacity in the network and enables faster switching in the event of path failures, provided that the application supports this function. In this instance, the granularity of the path selection is restricted to the transfer points between networks (autonomous systems). The path within a network is not controlled by SCION, so alternative paths cannot be used there.Â
SCION gives you path control over your end-to-end communication, allowing you to avoid certain network sections such as networks in unstable regions. Control over path choice also allows you to make selections regarding available bandwidths and latencies. This increases the security of your data in terms of how it is handled and gives you more control over the transport route of your sensitive data.Â
A SCION Science DMZ offers all the advantages of a traditional Science DMZ, but it also authenticates the source of each data packet – even at transfer speed. This avoids the high costs of traditional IP firewalls.
Today’s Internet is made up of a multitude of loosely interconnected networks. Communication between the different networks makes transfers vulnerable to route hijacking. For example, a data packet could be diverted across several countries on its way from Zurich to Geneva and the sender and recipient would be helpless to prevent this from happening. Such hijackings are often detected well after the event.
Cybercriminals can redirect data packets or disable Internet services with DDoS attacks. This is where SCION comes in – and minimises the area of attack to network level from the outset.
A team from ETH Zurich has redesigned SCION’s Internet architecture from scratch. The foundation is formed by ‘isolation domains’ (ISDs). These domains can be states, industries or autonomous companies. SCION combines several networks (geographical, for example) to form ISDs. All the Swiss networks can belong to one ISD, for instance. Communication between two networks in the same ISD never goes anywhere else. This means that confidential data can no longer be diverted unchecked via other network sections.
With SCION, the sender determines what transport route the data packets take, making attacks at routing level essentially impossible. For example, you can also specify certain providers or network paths to avoid.
At present, the SCION protocol is still in development and the specification has not yet been publicly standardised. The development team at ETH is actively seeking to obtain this standardisation.