Avaya Configuring Data Encryption Services Uživatelský manuál

Procházejte online nebo si stáhněte Uživatelský manuál pro Softwarové příručky Avaya Configuring Data Encryption Services. Avaya Configuring Data Encryption Services User's Manual Uživatelská příručka

  • Stažení
  • Přidat do mých příruček
  • Tisk

Shrnutí obsahu

Strany 1 - Encryption Services

Part No. 303520-A Rev. 00October 1998BayRS Version 13.00Site Manager Software Version 7.00 Configuring Data Encryption Services

Strany 3

303520-A Rev. 00xi PrefaceThis guide describes how to configure data encryption on a Bay Networks® router.Before You BeginBefore using this guide, you

Strany 4

Configuring Data Encryption Servicesxii303520-A Rev. 00Text ConventionsThis guide uses the following text conventions:angle brackets (< >) Indic

Strany 5 - Contents

Preface303520-A Rev. 00xiii Acronymsitalic text Indicates file and directory names, new terms, book titles, and variables in command syntax descriptio

Strany 6

Configuring Data Encryption Servicesxiv303520-A Rev. 00Bay Networks Technical PublicationsYou can now print Bay Networks technical manuals and release

Strany 7

Preface303520-A Rev. 00xv How to Get HelpFor product assistance, support contracts, or information about educational services, go to the following URL

Strany 9

303520-A Rev. 001-1 Chapter 1Data Encryption OverviewBay Networks data encryption services enable you to protect sensitive traffic on your network. En

Strany 10

Configuring Data Encryption Services1-2303520-A Rev. 00Data Encryption Standard (DES)Bay Networks bases encryption services on DES, which the United S

Strany 11 - Before You Begin

Data Encryption Overview303520-A Rev. 001-3 Message Digest 5 (MD5)MD5 is a secure hash algorithm, and is a component in a number of IETF standard prot

Strany 12 - Text Conventions

ii303520-A Rev. 004401 Great America Parkway 8 Federal StreetSanta Clara, CA 95054 Billerica, MA 01821Copyright © 1998 Bay Networks, Inc.All rights re

Strany 13 - Acronyms

Configuring Data Encryption Services1-4303520-A Rev. 00Site SecurityCarefully restrict unauthorized access to routers that encrypt data and the workst

Strany 14 - 303520-A Rev. 00

Data Encryption Overview303520-A Rev. 001-5 Figure 1-1. Hierarchy of Encryption KeysThe keys are the:• Node Protection Key (NPK). It encrypts the LTSS

Strany 15 - How to Get Help

Configuring Data Encryption Services1-6303520-A Rev. 00Node Protection Key (NPK) The NPK encrypts and decrypts LTSSs. The NPK is stored in the router’

Strany 16

Data Encryption Overview303520-A Rev. 001-7 The easiest way to enter the NPK is to use a text editor in read-only mode to display the contents of the

Strany 17 - Data Encryption Overview

Configuring Data Encryption Services1-8303520-A Rev. 00The key manager uses an RNG to generate LTSSs, and you specify a name for each of these values.

Strany 18

Data Encryption Overview303520-A Rev. 001-9 The TEK automatically changes according to the values in the TEK Change Seconds and TEK Change Bytes param

Strany 20 - Encryption Keys

303520-A Rev. 002-1 Chapter 2Considerations Before You Enable EncryptionThis chapter presents some essential points that you should consider in prepar

Strany 21 - Random Number Generator (RNG)

Configuring Data Encryption Services2-2303520-A Rev. 00Synchronizing Router ClocksThe Master Encryption Key (MEK) must be the same at both ends of a l

Strany 22 - Node Protection Key (NPK)

Considerations Before You Enable Encryption303520-A Rev. 002-3 Enabling compression improves bandwidth efficiency by eliminating redundant strings in

Strany 23

303520-A Rev. 00iiiBay Networks, Inc. Software License AgreementNOTICE: Please carefully read this license agreement before copying or using the acco

Strany 24 - Traffic Encryption Key (TEK)

Configuring Data Encryption Services2-4303520-A Rev. 001.Log on as superuser.% su2.Enter the superuser password.password <password>3.Move to the

Strany 25

303520-A Rev. 003-1 Chapter 3Enabling EncryptionThis chapter describes how to configure data encryption. Before You BeginBefore you can start data enc

Strany 26

Configuring Data Encryption Services3-2303520-A Rev. 00Starting EncryptionTo enable Bay Networks data encryption on your network, you must:1.Create th

Strany 27 - Chapter 2

Enabling Encryption303520-A Rev. 003-3 Creating Seeds on a PCTo use a PC to create seeds that the WEP software uses to generate NPKs and LTSSs, you is

Strany 28 - Encryption and Performance

Configuring Data Encryption Services3-4303520-A Rev. 00WEP asks:Do you wish to create the LTSS or NPK Key File? [LTSS]:3.Press Return to create the LT

Strany 29

Enabling Encryption303520-A Rev. 003-5 Creating Seeds on a UNIX PlatformTo create a seed on a UNIX platform: 1.Set the environment variable for the pa

Strany 30 - <directory_name>

Configuring Data Encryption Services3-6303520-A Rev. 00Running the WEP wfkseed CommandThe wfkseed command creates the seed that enables you to generat

Strany 31 - Enabling Encryption

Enabling Encryption303520-A Rev. 003-7 Creating Seeds on the RouterUsing the Technician Interface, you create one seed for the NPK using the kseed com

Strany 32 - Creating Seeds

Configuring Data Encryption Services3-8303520-A Rev. 00The file name that stores NPKs on both PC and UNIX platforms is wep_npk.dat.Creating LTSSsTo ge

Strany 33 - Creating Seeds on a PC

Enabling Encryption303520-A Rev. 003-9 Entering an NPK on a RouterThe router stores its NPK in nonvolatile memory. To enter the NPK, you work in the s

Strany 34 - <n>

iv303520-A Rev. 00its own data and information and for maintaining adequate procedures apart from the Software to reconstruct lost or altered files,

Strany 35

Configuring Data Encryption Services3-10303520-A Rev. 005.At the SSHELL prompt, enter the kset command followed by a space, and paste in the NPK.kset

Strany 36

Enabling Encryption303520-A Rev. 003-11 Changing an NPK on a RouterTo change the router NPK value, follow the procedure in the section, “Entering an N

Strany 37 - Creating NPKs and LTSSs

Configuring Data Encryption Services3-12303520-A Rev. 00The kseed command creates the seed that enables WEP to generate random numbers. To create a TE

Strany 38 - Creating LTSSs

Enabling Encryption303520-A Rev. 003-13 5.Exit the secure shell by entering:kexitYou return to the regular prompt.Starting Encryption for PPPTo config

Strany 39 - Entering an NPK on a Router

Configuring Data Encryption Services3-14303520-A Rev. 003.Enter the NPK.You need to do this once for each router or configuration file.After you enter

Strany 40 - Monitoring NPKs

Enabling Encryption303520-A Rev. 003-15 5.Set the Encrypt Enable parameter to Enable.The Encrypt Enable parameter defaults to Disable. Both the Encryp

Strany 41 - Creating TEKs

Configuring Data Encryption Services3-16303520-A Rev. 00Starting Encryption for Frame RelayTo configure encryption for frame relay:1.Insert the floppy

Strany 42

Enabling Encryption303520-A Rev. 003-17 3.Enter the NPK.You need to do this once for each router or configuration file.After you enter the NPK, the re

Strany 43 - Starting Encryption for PPP

Configuring Data Encryption Services3-18303520-A Rev. 005.Set the Enable Encryption parameter to Enable.The Encrypt Enable parameter defaults to Disab

Strany 44

Enabling Encryption303520-A Rev. 003-19 Configuring WEP ParametersWEP has both line and circuit interface parameters. WEP parameters have default valu

Strany 45

303520-A Rev. 00vContentsPrefaceBefore You Begin ...

Strany 46

Configuring Data Encryption Services3-20303520-A Rev. 00Select the encryption strength that is appropriate for your network. Note that you can select

Strany 47

Enabling Encryption303520-A Rev. 003-21 To set the TEK Change Seconds parameter for a line:4.Click on Done to exit the window.Configuring WEP Interfac

Strany 48

Configuring Data Encryption Services3-22303520-A Rev. 002.Select the encryption strength for this interface.Encryption is available in two versions, r

Strany 49 - Configuring WEP Parameters

Enabling Encryption303520-A Rev. 003-23 The TEK Change Seconds parameter sets the number of seconds between changes in the value of the TEK. To set th

Strany 50

Configuring Data Encryption Services3-24303520-A Rev. 00To disable data encryption on a frame relay circuit, follow these instructions:Deleting Encryp

Strany 51

Enabling Encryption303520-A Rev. 003-25 Deleting Encryption from a RouterTo delete encryption from all circuits on which it is currently configured:1.

Strany 53 - Disabling Encryption

303520-A Rev. 00A-1 Appendix AEncryption ParametersThis appendix contains parameter descriptions for PPP and frame relay encryption parameters, and fo

Strany 54

Configuring Data Encryption ServicesA-2303520-A Rev. 00Parameter: Encrypt EnablePath: PPP: Configuration Manager > Protocols > PPP > PPP Inte

Strany 55

Encryption Parameters303520-A Rev. 00A-3 Parameter: LTSS ValuePath: PPP: Configuration Manager > Protocols > PPP > PPP Interface Lists window

Strany 56

vi303520-A Rev. 00Chapter 2 Considerations Before You Enable EncryptionRequirements for Enabling Encryption ...

Strany 57 - Encryption Parameters

Configuring Data Encryption ServicesA-4303520-A Rev. 00WEP Line ParametersParameter: EnablePath: Configuration Manager > Protocols > WEP > Li

Strany 58

Encryption Parameters303520-A Rev. 00A-5 WEP Circuit Interface ParametersParameter: TEK Change (Bytes)Path: Configuration Manager > Protocols >

Strany 59

Configuring Data Encryption ServicesA-6303520-A Rev. 00Parameter: Cipher Mode MaskPath: Configuration Manager > Protocols > WEP > Circuit Int

Strany 60 - WEP Line Parameters

Encryption Parameters303520-A Rev. 00A-7 Parameter: TEK Change (Seconds)Path: Configuration Manager > Protocols > WEP > LinesDefault: 10 seco

Strany 62

303520-A Rev. 00B-1 Appendix BDefinitions of k CommandsThis appendix contains definitions of the “k” commands that you use to work in the secure shell

Strany 64

303520-A Rev. 00Index-1Numbers40-bit and 56-bit encryption, 1-2, 2-1Aacronyms, xiiiAN routers, using encryption, 2-2authentication, 1-3Cchangingan LTS

Strany 65 - Definitions of k Commands

Index-2303520-A Rev. 00Ffloppy disks, for storing key files, 1-8, 2-3Ggeneratinga TEK, 3-11an LTSS, 3-8an NPK, 3-7Kk commands, B-1key filessecurity, 1

Strany 66

303520-A Rev. 00Index-3seedscreating, 3-2 to 3-6defined, 1-5SEO software license agreement, 1-2setting a path to the key files (UNIX platform), 3-5set

Strany 67

303520-A Rev. 00viiChanging LTSSs ...3-11Creat

Strany 70

303520-A Rev. 00ixFiguresFigure 1-1. Hierarchy of Encryption Keys ..................1-5

Komentáře k této Příručce

Žádné komentáře