
Considerations Before You Enable Encryption
303520-A Rev. 00
2-3
Enabling compression improves bandwidth efficiency by eliminating redundant
strings in data streams. This, in turn, improves network response times and
reduces line costs. Hardware compression is particularly effective in improving a
router’s throughput when you use encryption.
When you use encryption with compression, the software compresses the data
before it encrypts it.
For instructions on how to use data compression, refer to Configuring Data
Compression Services.
Maintenance Considerations for the NPK
Your configuration file includes a fingerprint of the Node Protection Key (NPK).
The NPK in the MIB must match the NPK in the router’s nonvolatile memory, or
encryption cannot occur. This means that if you want to change anything in your
encryption configuration after you have exited from the original configuration
session, you must reenter the NPK exactly as you entered it initially. For
instructions on how to enter an NPK on a router, see page 3-9
.
If you install a new CPU board on a router, or swap boards between routers, you
must reenter the NPK on the affected routers.
The NPK remains on a board that you remove from a router using data encryption.
For security reasons, you need to plan ahead to make sure that an NPK you are
using resides only on a router that carries encrypted traffic.
Using Floppy Disks to Store Key Files
For security reasons, you should use removable media such as floppy disks to
store key files.
Reading Key Files on PC Floppy Disk from UNIX
You can use the same floppy disks on both PCs and UNIX platforms if you have
UNIX personal computer file system (pcfs) compatibility, which allows UNIX
platforms to access data on floppy disks formatted for PCs. Issue the following
series of commands:
Komentáře k této Příručce