Avaya Configuring IP Security Services Manuel d'utilisateur télécharger pdf (Page 41)

Getting Started With IPsec

304111-B Rev 00

2-5

Random Number Generator (RNG)

The router software uses the secure random number generator (RNG) to generate

initialization vectors (IVs) that are used in the ESP DES encryption

transformation. These values are statistically random. As its source, the RNG uses

a seed that you supply from the Technician Interface secure shell. See “

Entering

an Initial NPK and a Seed for Encryption” on page 2-6.

Creating a Node Protection Key (NPK)

The NPK encrypts manually configured IPsec ESP cipher and integrity keys or

IKE pre-shared authentication keys for management information base (MIB)

storage. Note that it does not encrypt, decrypt, or authenticate data.

The NPK is stored in the router nonvolatile random access memory (NVRAM). Its

fingerprint, which is a 128-bit version of the NPK generated by a hash algorithm,

is stored in the MIB. For encryption to occur, the NPK and its fingerprint in the

MIB must match.

Create and configure a different NPK for each secure router on your network. The

NPK should be different on every router because, if an NPK is compromised, the

security gateway for the router is compromised. If the same NPK is used for all

secure routers, the entire network could be compromised.

Generating NPKs

You create NPKs using the Technician Interface secure shell. You must then enter

the same NPKs into the Site Manager NPK parameter for that router.

Caution:

Be very careful to protect all files where NPKs are stored. You

should store your NPKs on removable media (for example, diskettes) and keep

the media in a secure location.

1 2 ... 36 37 38 39 40 41 42 43 44 45 46 ... 99 100

Pas de commentaire

Avaya Configuring IP Security Services Manuel d'utilisateur Page 41