Avaya Configuring Data Encryption Services Manuel d'utilisateur télécharger pdf (Page 22)

Configuring Data Encryption Services

1-6 117386-A Rev. A

Node Protection Key (NPK)

The NPK encrypts and decrypts LTSSs.

The NPK is stored in the router’s nonvolatile memory and its ﬁngerprint is in the

MIB. The NPK and its ﬁngerprint must match for encryption to occur.

The process of generating and using NPKs is as follows:

1. The key management software uses an RNG in Site Manager to generate as

many NPKs as your network requires, and you specify a name for each NPK.

2. You use the Technician Interface to enter an NPK in the router’s nonvolatile

RAM. You do this for each secure router.

3. You enter the same NPK in the Site Manager Frame Relay or PPP Node

Protection Key parameter for that router.

Bay Networks recommends that you create and use a different NPK for each

secure router on your network.

Generating an NPK

To generate an NPK you must

1. Use the WEP software to create a seed that initializes the random number

generator for the NPKs.

2. Use the WEP Key Manager on Site Manager to generate NPKs.

Entering the NPK on the Router

You enter the NPK into a router locally via the console port and the secure shell

section of the Technician Interface. A password protects access to the secure shell.

Both the NPK and the secure shell password are stored in the router’s nonvolatile

memory. You cannot access the NPK or the password via the MIB or by using

normal Technician Interface debug commands. You cannot invoke the secure shell

in a Telnet session.

Caution: The NPK is the most critical key in the hierarchy. If the NPK is

compromised, all encrypted data on the router could be compromised. Protect

the ﬁles that store the NPKs, preferably by using removable media that you

store securely. Also protect the routers on which the NPKs reside.

1 2 ... 17 18 19 20 21 22 23 24 25 26 27 ... 61 62

Pas de commentaire

Avaya Configuring Data Encryption Services Manuel d'utilisateur Page 22