Avaya Configuring Data Encryption Services Manual de usuario descargar pdf (Pagina 20)

Configuring Data Encryption Services

1-4

303520-A Rev. 00

Site Security

Carefully restrict unauthorized access to routers that encrypt data and the

workstations you use to configure encryption. Because DES is a public standard,

data is secure only if you properly protect the encryption keys. The configuration

files that contain these keys include safeguards to prevent unauthorized access.

However, a good strategy is to physically protect your equipment.

Configuration Security

You store the key management files that Bay Networks encryption services use on

removable media, such as floppy disks, and you should store this media in a

secure place. This is the easiest way to prevent unauthorized persons from gaining

access to these files.

You should always configure the node protection keys (NPKs) locally, not over a

network. When you connect a computer to a router’s console port to configure

encryption, use a computer that is not connected to any other equipment.

You can, however, configure long term shared secrets (LTSSs) remotely because

LTSSs are encrypted.

Follow recommendations about network security in this guide.

Encryption Keys

Figure 1-1 illustrates the hierarchy of keys that Bay Networks encryption uses to

protect and transmit data.

1 2 ... 15 16 17 18 19 20 21 22 23 24 25 ... 69 70

Sin comentarios

Avaya Configuring Data Encryption Services Manual de usuario Pagina 20