Avaya Configuring IPsec Services Manual de usuario descargar pdf (Pagina 41)

Installing IPsec

308630-15.1 Rev 00

2-5

Random Number Generator

The router software uses the secure random number generator (RNG) to generate

initialization vectors (IVs) that are used in the ESP DES encryption transform.

These values are statistically random. As its source, the RNG uses a seed that you

supply from the Technician Interface secure shell. See “

Entering an Initial NPK

and a Seed for Encryption” on page 2-6.

Creating and Using NPKs

The NPK encrypts manually configured IPsec ESP cipher and integrity keys or

IKE preshared authentication keys for management information base (MIB)

storage. It does not encrypt, decrypt, or authenticate data.

The NPK is stored in the router nonvolatile random access memory (NVRAM). Its

fingerprint, which is a 128-bit version of the NPK generated by a hash algorithm,

is stored in the MIB. For encryption to occur, the NPK and its fingerprint in the

MIB must match.

Create and configure a different NPK for each secure router on your network. The

NPK should be different on every router because, if an NPK is compromised, the

security gateway for the router is compromised. If the same NPK is used for all

secure routers, the entire network could be compromised.

Generating NPKs

You create NPKs using the Technician Interface secure shell. You must then enter

the same NPKs into the Site Manager NPK parameter for that router.

To generate an NPK, use a method available at your site to create random 16-digit

hexadecimal numbers. Write down the generated number; you will need to enter it

on the router.

Caution:

Make sure that you protect all files where NPKs are stored. Store

your NPKs on removable media (for example, diskettes) and keep the media in

a secure location.

1 2 ... 36 37 38 39 40 41 42 43 44 45 46 ... 121 122

Sin comentarios

Avaya Configuring IPsec Services Manual de usuario Pagina 41