Avaya Configuring Data Encryption Services Uživatelský manuál

Procházejte online nebo si stáhněte Uživatelský manuál pro Softwarové příručky Avaya Configuring Data Encryption Services. Avaya Configuring Data Encryption Services User's Manual Uživatelská příručka

  • Stažení
  • Přidat do mých příruček
  • Tisk

Shrnutí obsahu

Strany 1 - Services

BayRS Version 14.00Part No. 308618-14.00 Rev 00September 19994401 Great America ParkwaySanta Clara, CA 95054Configuring Data Encryption Services

Strany 3

308618-14.00 Rev 00xi PrefaceThis guide describes data encryption and what you do to start and customize data encryption services on a Nortel Networks

Strany 4

Configuring Data Encryption Servicesxii308618-14.00 Rev 00Text ConventionsThis guide uses the following text conventions:angle brackets (< >) In

Strany 5 - Contents

Preface308618-14.00 Rev 00xiii AcronymsThis guide uses the following acronyms:italic text Indicates file and directory names, new terms, book titles,

Strany 6

Configuring Data Encryption Servicesxiv308618-14.00 Rev 00Hard-Copy Technical ManualsYou can print selected technical manuals and release notes free,

Strany 7

Preface308618-14.00 Rev 00xv How to Get HelpIf you purchased a service contract for your Nortel Networks product from a distributor or authorized rese

Strany 9

308618-14.00 Rev 001-1 Chapter 1Data Encryption OverviewNortel Networks data encryption services enable you to protect sensitive traffic on your netwo

Strany 10

Configuring Data Encryption Services1-2308618-14.00 Rev 00Data Encryption Standard (DES)Nortel Networks bases encryption services on DES, which the Un

Strany 11 - Before You Begin

Data Encryption Overview308618-14.00 Rev 001-3 Message Digest 5 (MD5)MD5 is a secure hash algorithm, and is a component in a number of IETF standard p

Strany 12 - Text Conventions

ii308618-14.00 Rev 00 Copyright © 1999 Nortel NetworksAll rights reserved. Printed in the USA. September 1999.The information in this document is subj

Strany 13 - Acronyms

Configuring Data Encryption Services1-4308618-14.00 Rev 00Site SecurityCarefully restrict unauthorized access to routers that encrypt data and the wor

Strany 14 - Hard-Copy Technical Manuals

Data Encryption Overview308618-14.00 Rev 001-5 Figure 1-1. Hierarchy of Encryption KeysThe keys are the:• Node Protection Key (NPK). It encrypts the L

Strany 15 - How to Get Help

Configuring Data Encryption Services1-6308618-14.00 Rev 00Node Protection Key (NPK) The NPK encrypts and decrypts LTSSs. The NPK is stored in the rout

Strany 16

Data Encryption Overview308618-14.00 Rev 001-7 The easiest way to enter the NPK is to use a text editor in read-only mode to display the contents of t

Strany 17 - Data Encryption Overview

Configuring Data Encryption Services1-8308618-14.00 Rev 00The key manager uses an RNG to generate LTSSs, and you specify a name for each of these valu

Strany 18 - 308618-14.00 Rev 00

Data Encryption Overview308618-14.00 Rev 001-9 The TEK automatically changes according to the values in the TEK Change Seconds and TEK Change Bytes pa

Strany 20 - Encryption Keys

308618-14.00 Rev 002-1 Chapter 2Considerations Before You Enable EncryptionThis chapter presents some essential points that you should consider in pre

Strany 21 - Random Number Generator (RNG)

Configuring Data Encryption Services2-2308618-14.00 Rev 00Synchronizing Router ClocksThe Master Encryption Key (MEK) must be the same at both ends of

Strany 22 - Node Protection Key (NPK)

Considerations Before You Enable Encryption308618-14.00 Rev 002-3 Enabling compression improves bandwidth efficiency by eliminating redundant strings

Strany 23

308618-14.00 Rev 00iiithese terms and conditions, return the product, unused and in the original shipping container, within 30 days of purchase to obt

Strany 24 - Traffic Encryption Key (TEK)

Configuring Data Encryption Services2-4308618-14.00 Rev 001.Log on as superuser.% su2.Enter the superuser password.password <password>3.Move to

Strany 25

308618-14.00 Rev 003-1 Chapter 3Enabling EncryptionThis chapter describes how to configure data encryption. Before You BeginBefore you can start data

Strany 26

Configuring Data Encryption Services3-2308618-14.00 Rev 00Starting EncryptionTo enable Nortel Networks data encryption on your network, you must:1.Cre

Strany 27 - Chapter 2

Enabling Encryption308618-14.00 Rev 003-3 Creating Seeds on a PCTo use a PC to create seeds that the WEP software uses to generate NPKs and LTSSs, you

Strany 28 - Encryption and Performance

Configuring Data Encryption Services3-4308618-14.00 Rev 00WEP asks:Do you wish to create the LTSS or NPK Key File? [LTSS]:3.Press Return to create the

Strany 29

Enabling Encryption308618-14.00 Rev 003-5 Creating Seeds on a UNIX PlatformTo create a seed on a UNIX platform: 1.Set the environment variable for the

Strany 30 - Encryption with Dial Backup

Configuring Data Encryption Services3-6308618-14.00 Rev 00Running the WEP wfkseed CommandThe wfkseed command creates the seed that enables you to gene

Strany 31 - Enabling Encryption

Enabling Encryption308618-14.00 Rev 003-7 Creating Seeds on the RouterUsing the Technician Interface, you create one seed for the NPK using the kseed

Strany 32 - Creating Seeds

Configuring Data Encryption Services3-8308618-14.00 Rev 00The file name that stores NPKs on both PC and UNIX platforms is wep_npk.dat.Creating LTSSsTo

Strany 33 - Creating Seeds on a PC

Enabling Encryption308618-14.00 Rev 003-9 Entering an NPK on a RouterThe router stores its NPK in nonvolatile memory. To enter the NPK, you work in th

Strany 34 - <n>

iv308618-14.00 Rev 00SHALL THE LIABILITY OF NORTEL NETWORKS RELATING TO THE SOFTWARE OR THIS AGREEMENT EXCEED THE PRICE PAID TO NORTEL NETWORKS FOR T

Strany 35

Configuring Data Encryption Services3-10308618-14.00 Rev 005.At the SSHELL prompt, enter the kset command followed by a space, and paste in the NPK.ks

Strany 36

Enabling Encryption308618-14.00 Rev 003-11 Changing an NPK on a RouterTo change the router NPK value, follow the procedure in the section “Entering an

Strany 37 - Creating NPKs and LTSSs

Configuring Data Encryption Services3-12308618-14.00 Rev 00The kseed command creates the seed that enables WEP to generate random numbers. To create a

Strany 38 - Creating LTSSs

Enabling Encryption308618-14.00 Rev 003-13 5.Exit the secure shell by entering:kexitYou return to the regular prompt.Starting Encryption for PPPTo con

Strany 39 - Entering an NPK on a Router

Configuring Data Encryption Services3-14308618-14.00 Rev 003.Enter the NPK.You need to do this once for each router or configuration file.After you en

Strany 40 - Monitoring NPKs

Enabling Encryption308618-14.00 Rev 003-15 5.Set the Encrypt Enable parameter to Enable.The Encrypt Enable parameter defaults to Disable. Both the Enc

Strany 41 - Creating TEKs

Configuring Data Encryption Services3-16308618-14.00 Rev 00Starting Encryption for Frame RelayTo configure encryption for frame relay:1.Insert the flo

Strany 42

Enabling Encryption308618-14.00 Rev 003-17 3.Enter the NPK.You need to do this once for each router or configuration file.After you enter the NPK, the

Strany 43 - Starting Encryption for PPP

Configuring Data Encryption Services3-18308618-14.00 Rev 005.Set the Enable Encryption parameter to Enable.The Encrypt Enable parameter defaults to Di

Strany 44

Enabling Encryption308618-14.00 Rev 003-19 Configuring WEP ParametersWEP has both line and circuit interface parameters. WEP parameters have default v

Strany 45

308618-14.00 Rev 00vContents PrefaceBefore You Begin ...

Strany 46

Configuring Data Encryption Services3-20308618-14.00 Rev 002.Select the encryption strength for this line.Encryption is available in two versions, reg

Strany 47

Enabling Encryption308618-14.00 Rev 003-21 The TEK Change Seconds parameter sets the number of seconds between changes in the value of the TEK. To set

Strany 48

Configuring Data Encryption Services3-22308618-14.00 Rev 002.Select the encryption strength for this interface.Encryption is available in two versions

Strany 49 - Configuring WEP Parameters

Enabling Encryption308618-14.00 Rev 003-23 To set the TEK Change Bytes parameter for an interface:The TEK Change Seconds parameter sets the number of

Strany 50

Configuring Data Encryption Services3-24308618-14.00 Rev 00To disable data encryption on a frame relay circuit, follow these instructions:4. Click on

Strany 51

Enabling Encryption308618-14.00 Rev 003-25 Deleting Encryption from an InterfaceTo delete encryption from an interface on which it is currently config

Strany 52

Configuring Data Encryption Services3-26308618-14.00 Rev 00Deleting Encryption from a RouterTo delete encryption from all circuits on which it is curr

Strany 53 - Disabling Encryption

308618-14.00 Rev 00A-1 Appendix AEncryption ParametersThis appendix contains parameter descriptions for PPP and frame relay encryption parameters, and

Strany 54

Configuring Data Encryption ServicesA-2308618-14.00 Rev 00Parameter: Encrypt EnablePath: PPP: Configuration Manager > Protocols > PPP > PPP I

Strany 55 -

Encryption Parameters308618-14.00 Rev 00A-3 Parameter: LTSS ValuePath: PPP: Configuration Manager > Protocols > PPP > PPP Interface Lists win

Strany 56

vi308618-14.00 Rev 00Chapter 2 Considerations Before You Enable EncryptionRequirements for Enabling Encryption ...

Strany 57 - Encryption Parameters

Configuring Data Encryption ServicesA-4308618-14.00 Rev 00WEP Line ParametersParameter: EnablePath: Configuration Manager > Protocols > WEP >

Strany 58

Encryption Parameters308618-14.00 Rev 00A-5 WEP Circuit Interface ParametersParameter: TEK Change (Bytes)Path: Configuration Manager > Protocols &g

Strany 59

Configuring Data Encryption ServicesA-6308618-14.00 Rev 00Parameter: Cipher Mode MaskPath: Configuration Manager > Protocols > WEP > Circuit

Strany 60 - WEP Line Parameters

Encryption Parameters308618-14.00 Rev 00A-7 Parameter: TEK Change (Seconds)Path: Configuration Manager > Protocols > WEP > LinesDefault: 10 s

Strany 62

308618-14.00 Rev 00B-1 Appendix BDefinitions of k CommandsThis appendix contains definitions of the “k” commands that you use to work in the secure sh

Strany 64

308618-14.00 Rev 00Index-1Numbers40-bit and 56-bit encryption, 1-2, 2-1Aacronyms, xiiiAN routers, using encryption, 2-2authentication, 1-3Cchangingan

Strany 65 - Definitions of k Commands

Index-2308618-14.00 Rev 00entering an NPK on a router, 3-9Ffloppy disks, for storing key files, 1-8, 2-3Ggeneratinga TEK, 3-11an LTSS, 3-8an NPK, 3-7K

Strany 66

308618-14.00 Rev 00Index-3seedscreating, 3-2 to 3-6defined, 1-5SEO software license agreement, 1-2setting a path to the key files (UNIX platform), 3-5

Strany 67

308618-14.00 Rev 00viiChanging an NPK in the MIB ...3-11Changing LTSSs .

Strany 70

308618-14.00 Rev 00ixFiguresFigure 1-1. Hierarchy of Encryption Keys ..................1-5

Komentáře k této Příručce

Žádné komentáře