Avaya Configuring Data Encryption Services Manuel d'utilisateur télécharger pdf (Page 20)

Configuring Data Encryption Services

1-4

117386-A Rev. A

Site Security

Carefully restrict access to routers that encrypt data and the workstations you use

to conﬁgure encryption. Because DES is a public standard, data is secure only if

you properly protect the encryption keys. The conﬁguration ﬁles that contain

these keys include safeguards to prevent unauthorized access. However, the best

strategy is to physically protect your equipment.

Conﬁguration Security

Bay Networks recommends that you store the key management ﬁles that our

encryption services use on removable media, such as ﬂoppy disks, and that you

store this media in a secure place. This is the easiest way to prevent unauthorized

persons from gaining access to these ﬁles.

You should always conﬁgure the NPKs locally, not over a network. When you

connect a computer to a router’s console port to conﬁgure encryption, use a

computer that is not connected to any other equipment.

You can conﬁgure LTSSs remotely because LTSSs are encrypted.

Note further recommendations about network security in the following sections of

this guide.

Encryption Keys

igure 1-1 illustrates the hierarchy of secret keys that Bay Networks encryption

uses to protect and transmit data.

1 2 ... 15 16 17 18 19 20 21 22 23 24 25 ... 61 62

Pas de commentaire

Avaya Configuring Data Encryption Services Manuel d'utilisateur Page 20