Avaya Configuring BFE Services Bedienungsanleitung PDF herunterladen (Seite 23)

Introduction

305753-A Rev 00

1-3

Revised IP Security Option (RIPSO)

IP routers support the Department of Defense (DoD) Revised IP Security Option

(RIPSO), as defined in RFC 1108, on a per-interface basis. RFC 1108 specifies

both “basic” and “extended” security options; the Bay Networks implementation

supports only the basic option.

RIPSO allows end systems and intermediate systems (routers) to add labels to or

process security labels in IP datagrams that they transmit or receive on an IP

network. The labels specify security classifications (for example, Top Secret,

Secret, Confidential, and Unclassified, in descending order), which can limit the

devices that can access these labeled IP datagrams.

As a labeled IP datagram traverses an IP network, only those systems that have the

proper clearance (that is, whose security classification range covers the

classification specified by the datagram) should accept and forward the datagram.

Any system whose security classification range does not cover the classification

specified by the security label should drop the datagram.

For information about configuring and customizing RIPSO, see Chapter 4,

“Configuring RIPSO on an IP Interface.”

Note:

RIPSO does not include any method of preventing a system that does

not support RIPSO from simply accepting and forwarding labeled datagrams.

Thus, in order for RIPSO to be effective, all systems in a network must support

RIPSO and process IP datagrams as described.

1 2 ... 18 19 20 21 22 23 24 25 26 27 28 ... 179 180

Keine Kommentare

Avaya Configuring BFE Services Bedienungsanleitung Seite 23