- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
It seems that you have a Hosted Connection and not Dedicated Connection, refer here for more info https://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithConnections.html
- Yes, this is private link between your on-prem and AWS resources.
- Mac Security is a Direct Connect feature used to encrypt the traffic traversing over Direct Connect, however MACsec is only supported over a dedicated direct connect connection. To encrypt the traffic over a hosted connection, for that you would have to use Site-to-Site VPN connection over a public or transit VIF.
Here is a guide on how to accomplish that https://repost.aws/knowledge-center/create-vpn-direct-connect
The accepted answer is good (upvoted) but I'd like to add a little more detail to question (2):
MACsec is designed to encrypt traffic between two adjacent network devices - that is, two devices that are connected directly together. Traffic comes into (say) device A and before it goes to device B (which is directly connected) it is encrypted. Device B receives the traffic and decrypts it before sending it on its way. So while MACsec is excellent at preventing eavesdropping on the physical link between the two devices it does not provide end-to-end protection. The traffic is decrypted at every step of the way (assuming MACsec is enabled on each link). If any of those devices are compromised, so is the data they are carrying.
It is much better to use application layer encryption (TLS normally) to achieve end-to-end encryption. I appreciate that not all protocols (particularly those used by legacy applications) support encryption. Enabling MACsec can help mitigate some risk but it is not an answer to all "encrypt in transit" challenges. I think it would be better to spend the time and money upgrading those legacy applications - that provides a greater degree of security in the long run.
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 7 Monaten