Avaya Configuring Data Encryption Services Bedienungsanleitung

BayRS Version 14.00Part No. 308618-14.00 Rev 00September 19994401 Great America ParkwaySanta Clara, CA 95054Configuring Data Encryption Services

308618-14.00 Rev 00xi PrefaceThis guide describes data encryption and what you do to start and customize data encryption services on a Nortel Networks

Configuring Data Encryption Servicesxii308618-14.00 Rev 00Text ConventionsThis guide uses the following text conventions:angle brackets (< >) In

Preface308618-14.00 Rev 00xiii AcronymsThis guide uses the following acronyms:italic text Indicates file and directory names, new terms, book titles,

Configuring Data Encryption Servicesxiv308618-14.00 Rev 00Hard-Copy Technical ManualsYou can print selected technical manuals and release notes free,

Preface308618-14.00 Rev 00xv How to Get HelpIf you purchased a service contract for your Nortel Networks product from a distributor or authorized rese

308618-14.00 Rev 001-1 Chapter 1Data Encryption OverviewNortel Networks data encryption services enable you to protect sensitive traffic on your netwo

Configuring Data Encryption Services1-2308618-14.00 Rev 00Data Encryption Standard (DES)Nortel Networks bases encryption services on DES, which the Un

Data Encryption Overview308618-14.00 Rev 001-3 Message Digest 5 (MD5)MD5 is a secure hash algorithm, and is a component in a number of IETF standard p

ii308618-14.00 Rev 00 Copyright © 1999 Nortel NetworksAll rights reserved. Printed in the USA. September 1999.The information in this document is subj

Configuring Data Encryption Services1-4308618-14.00 Rev 00Site SecurityCarefully restrict unauthorized access to routers that encrypt data and the wor

Data Encryption Overview308618-14.00 Rev 001-5 Figure 1-1. Hierarchy of Encryption KeysThe keys are the:• Node Protection Key (NPK). It encrypts the L

Configuring Data Encryption Services1-6308618-14.00 Rev 00Node Protection Key (NPK) The NPK encrypts and decrypts LTSSs. The NPK is stored in the rout

Data Encryption Overview308618-14.00 Rev 001-7 The easiest way to enter the NPK is to use a text editor in read-only mode to display the contents of t

Configuring Data Encryption Services1-8308618-14.00 Rev 00The key manager uses an RNG to generate LTSSs, and you specify a name for each of these valu

Data Encryption Overview308618-14.00 Rev 001-9 The TEK automatically changes according to the values in the TEK Change Seconds and TEK Change Bytes pa

308618-14.00 Rev 002-1 Chapter 2Considerations Before You Enable EncryptionThis chapter presents some essential points that you should consider in pre

Configuring Data Encryption Services2-2308618-14.00 Rev 00Synchronizing Router ClocksThe Master Encryption Key (MEK) must be the same at both ends of

Considerations Before You Enable Encryption308618-14.00 Rev 002-3 Enabling compression improves bandwidth efficiency by eliminating redundant strings

308618-14.00 Rev 00iiithese terms and conditions, return the product, unused and in the original shipping container, within 30 days of purchase to obt

Configuring Data Encryption Services2-4308618-14.00 Rev 001.Log on as superuser.% su2.Enter the superuser password.password <password>3.Move to

308618-14.00 Rev 003-1 Chapter 3Enabling EncryptionThis chapter describes how to configure data encryption. Before You BeginBefore you can start data

Configuring Data Encryption Services3-2308618-14.00 Rev 00Starting EncryptionTo enable Nortel Networks data encryption on your network, you must:1.Cre

Enabling Encryption308618-14.00 Rev 003-3 Creating Seeds on a PCTo use a PC to create seeds that the WEP software uses to generate NPKs and LTSSs, you

Configuring Data Encryption Services3-4308618-14.00 Rev 00WEP asks:Do you wish to create the LTSS or NPK Key File? [LTSS]:3.Press Return to create the

Enabling Encryption308618-14.00 Rev 003-5 Creating Seeds on a UNIX PlatformTo create a seed on a UNIX platform: 1.Set the environment variable for the

Configuring Data Encryption Services3-6308618-14.00 Rev 00Running the WEP wfkseed CommandThe wfkseed command creates the seed that enables you to gene

Enabling Encryption308618-14.00 Rev 003-7 Creating Seeds on the RouterUsing the Technician Interface, you create one seed for the NPK using the kseed

Configuring Data Encryption Services3-8308618-14.00 Rev 00The file name that stores NPKs on both PC and UNIX platforms is wep_npk.dat.Creating LTSSsTo

Enabling Encryption308618-14.00 Rev 003-9 Entering an NPK on a RouterThe router stores its NPK in nonvolatile memory. To enter the NPK, you work in th

iv308618-14.00 Rev 00SHALL THE LIABILITY OF NORTEL NETWORKS RELATING TO THE SOFTWARE OR THIS AGREEMENT EXCEED THE PRICE PAID TO NORTEL NETWORKS FOR T

Configuring Data Encryption Services3-10308618-14.00 Rev 005.At the SSHELL prompt, enter the kset command followed by a space, and paste in the NPK.ks

Enabling Encryption308618-14.00 Rev 003-11 Changing an NPK on a RouterTo change the router NPK value, follow the procedure in the section “Entering an

Configuring Data Encryption Services3-12308618-14.00 Rev 00The kseed command creates the seed that enables WEP to generate random numbers. To create a

Enabling Encryption308618-14.00 Rev 003-13 5.Exit the secure shell by entering:kexitYou return to the regular prompt.Starting Encryption for PPPTo con

Configuring Data Encryption Services3-14308618-14.00 Rev 003.Enter the NPK.You need to do this once for each router or configuration file.After you en

Enabling Encryption308618-14.00 Rev 003-15 5.Set the Encrypt Enable parameter to Enable.The Encrypt Enable parameter defaults to Disable. Both the Enc

Configuring Data Encryption Services3-16308618-14.00 Rev 00Starting Encryption for Frame RelayTo configure encryption for frame relay:1.Insert the flo

Enabling Encryption308618-14.00 Rev 003-17 3.Enter the NPK.You need to do this once for each router or configuration file.After you enter the NPK, the

Configuring Data Encryption Services3-18308618-14.00 Rev 005.Set the Enable Encryption parameter to Enable.The Encrypt Enable parameter defaults to Di

Enabling Encryption308618-14.00 Rev 003-19 Configuring WEP ParametersWEP has both line and circuit interface parameters. WEP parameters have default v

308618-14.00 Rev 00vContents PrefaceBefore You Begin ...

Configuring Data Encryption Services3-20308618-14.00 Rev 002.Select the encryption strength for this line.Encryption is available in two versions, reg

Enabling Encryption308618-14.00 Rev 003-21 The TEK Change Seconds parameter sets the number of seconds between changes in the value of the TEK. To set

Configuring Data Encryption Services3-22308618-14.00 Rev 002.Select the encryption strength for this interface.Encryption is available in two versions

Enabling Encryption308618-14.00 Rev 003-23 To set the TEK Change Bytes parameter for an interface:The TEK Change Seconds parameter sets the number of

Configuring Data Encryption Services3-24308618-14.00 Rev 00To disable data encryption on a frame relay circuit, follow these instructions:4. Click on

Enabling Encryption308618-14.00 Rev 003-25 Deleting Encryption from an InterfaceTo delete encryption from an interface on which it is currently config

Configuring Data Encryption Services3-26308618-14.00 Rev 00Deleting Encryption from a RouterTo delete encryption from all circuits on which it is curr

308618-14.00 Rev 00A-1 Appendix AEncryption ParametersThis appendix contains parameter descriptions for PPP and frame relay encryption parameters, and

Configuring Data Encryption ServicesA-2308618-14.00 Rev 00Parameter: Encrypt EnablePath: PPP: Configuration Manager > Protocols > PPP > PPP I

Encryption Parameters308618-14.00 Rev 00A-3 Parameter: LTSS ValuePath: PPP: Configuration Manager > Protocols > PPP > PPP Interface Lists win

vi308618-14.00 Rev 00Chapter 2 Considerations Before You Enable EncryptionRequirements for Enabling Encryption ...

Configuring Data Encryption ServicesA-4308618-14.00 Rev 00WEP Line ParametersParameter: EnablePath: Configuration Manager > Protocols > WEP >

Encryption Parameters308618-14.00 Rev 00A-5 WEP Circuit Interface ParametersParameter: TEK Change (Bytes)Path: Configuration Manager > Protocols &g

Configuring Data Encryption ServicesA-6308618-14.00 Rev 00Parameter: Cipher Mode MaskPath: Configuration Manager > Protocols > WEP > Circuit

Encryption Parameters308618-14.00 Rev 00A-7 Parameter: TEK Change (Seconds)Path: Configuration Manager > Protocols > WEP > LinesDefault: 10 s

308618-14.00 Rev 00B-1 Appendix BDefinitions of k CommandsThis appendix contains definitions of the “k” commands that you use to work in the secure sh

308618-14.00 Rev 00Index-1Numbers40-bit and 56-bit encryption, 1-2, 2-1Aacronyms, xiiiAN routers, using encryption, 2-2authentication, 1-3Cchangingan

Index-2308618-14.00 Rev 00entering an NPK on a router, 3-9Ffloppy disks, for storing key files, 1-8, 2-3Ggeneratinga TEK, 3-11an LTSS, 3-8an NPK, 3-7K

308618-14.00 Rev 00Index-3seedscreating, 3-2 to 3-6defined, 1-5SEO software license agreement, 1-2setting a path to the key files (UNIX platform), 3-5

308618-14.00 Rev 00viiChanging an NPK in the MIB ...3-11Changing LTSSs .

308618-14.00 Rev 00ixFiguresFigure 1-1. Hierarchy of Encryption Keys ..................1-5