Switch LAN SCION Access

More security, reliability and control: With Switch LAN SCION Access, you can ensure that your data is only transferred to the parts of the Internet that you want it to reach.

These days, digitalisation requires secure networks that are easy to control. However, the foundation of the Internet was laid last century without any special security mechanisms, and it has hardly been updated since. That makes it vulnerable. Cybercriminals now exploit vulnerabilities so unscrupulously that preventing and eliminating cyberthreats has become a main task for companies’ IT departments. This applies not only to the many security risks, but also to aspects of the transport network. It’s high time for an upgrade. 

CION (Scalability, Control, and Isolation On Next-Generation Networks) is that upgrade. Switch LAN SCION Access combines the security, reliability and control of private networks with the flexibility of the public Internet. Switch has supported SCION’s development at ETH Zurich since 2015. 

The secure Internet architecture of the next generation

Protected against risks

Guarantee your data security with reliable authentication and effective protection against routing attacks.  

Stable systems

Work with smooth connections thanks to seamless integration of multiple paths and automatic failover.  

Complete control

Maintain complete control over your data’s transport route and control its secure transmission.  

Strong protection

Benefit from the best security with hidden paths, transmitter-controlled path selection, and increased protection against DDoS attacks.  

Optimise performance

Optimise your network performance by using SCION to select the best paths based on cost or latency.  

High level of security

SCION’s architecture gives you a high degree of reliability with various features and new concepts. As a result, some attacks can be prevented from the very outset: SCION is immune to prefix hijacking. What’s more, the technology reduces the risk of exposure to distributed denial of service (DDoS) attacks through hidden paths and source authentication. The protection provided against address spoofing even prevents susceptibility to DDoS reflection attacks. 

Reliability and performance through multi-pathing

Multi-pathing allows the SCION protocol to open up multiple potential paths that can be used simultaneously. This increases the usable capacity in the network and enables faster switching in the event of path failures, provided that the application supports this function. In this instance, the granularity of the path selection is restricted to the transfer points between networks (autonomous systems). The path within a network is not controlled by SCION, so alternative paths cannot be used there. 

More control with SCION

SCION gives you path control over your end-to-end communication, allowing you to avoid certain network sections such as networks in unstable regions. Control over path choice also allows you to make selections regarding available bandwidths and latencies. This increases the security of your data in terms of how it is handled and gives you more control over the transport route of your sensitive data. 

Report: SCION Science DMZ

A SCION Science DMZ offers all the advantages of a traditional Science DMZ, but it also authenticates the source of each data packet – even at transfer speed. This avoids the high costs of traditional IP firewalls. 

The technology of SCION

Today’s Internet is made up of a multitude of loosely interconnected networks. Communication between the different networks makes transfers vulnerable to route hijacking. For example, a data packet could be diverted across several countries on its way from Zurich to Geneva and the sender and recipient would be helpless to prevent this from happening. Such hijackings are often detected well after the event.

 Cybercriminals can redirect data packets or disable Internet services with DDoS attacks. This is where SCION comes in – and minimises the area of attack to network level from the outset.

 A team from ETH Zurich has redesigned SCION’s Internet architecture from scratch. The foundation is formed by ‘isolation domains’ (ISDs). These domains can be states, industries or autonomous companies. SCION combines several networks (geographical, for example) to form ISDs. All the Swiss networks can belong to one ISD, for instance. Communication between two networks in the same ISD never goes anywhere else. This means that confidential data can no longer be diverted unchecked via other network sections.

 With SCION, the sender determines what transport route the data packets take, making attacks at routing level essentially impossible. For example, you can also specify certain providers or network paths to avoid.

 At present, the SCION protocol is still in development and the specification has not yet been publicly standardised. The development team at ETH is actively seeking to obtain this standardisation.