Cisco has announced a hardware encryption module for its ISR G2 router that allows point-to-point encryption of IP traffic based on what's called "Suite B," the set of encryption algorithms designated by the National Security Agency for Department of Defense communications.
According to Sarah Vanier, security solutions marketing at Cisco, the VPN Internal Service Module for the Cisco ISR G2 router lets information technology managers select how to use any of the main encryption algorithms as well as the SHA-2 hash algorithm to protect sensitive information traveling between any two routing points equipped with the module.
"The module allows you to offload the encryption process on to the card," says Vanier, with the hardware doing the hard work of encryption and decryption of traffic at the beginning and terminating points.
The selection of encryption and hash algorithms in the Cisco card include the Advanced Encryption Standard, standards-based elliptic-curve cryptography or Triple-DES, to satisfy encryption requirements that might range from unclassified to Top Secret in military networks, she said.
The card, which is said to support up to 3,000 concurrent tunnels with throughput of up to 1.2Gbps, can make use of the SHA-2 hash algorithm to assure data integrity between the two router points.
Nelson Chao, Cisco product manager, said the Cisco encryption card does not currently support multi-cast encryption, but that is anticipated to be supported by Cisco in the future, perhaps late next year.
Cisco also points out that the encryption module is still undergoing official encryption testing to achieve the government's FIPS-level certification, but the module is shipping now.
The Cisco VPN Internal Service Module for the ISR G2 starts at $2,000.