Nokia IP265 Security Guide - Page 13

Initialization of Secure Internal

Get Nokia IP265 - Security Appliance PDF manuals and user guides View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 13 highlights

Service Description Input Output Monitoring commands Configure, manage, and view monitoring settings through the CLI: configure CPU utilization reports, memory utilization reports, interface linkstate reports, rate shaping bandwidth reports, interface throughput reports by turning data collection on or off and setting the data collection time interval; display interface settings, system logs, system statistics, interface monitor, resource statistics, forwarding table, system status information Commands and configuration data Status of commands, configuration data, and status information Check Point's CLI commands Initial configuration of the Check Point firmware: install licenses, configure the SNMP daemon, modify the list of UNIX groups authorized to run VPN-1 services, register a cryptographic token, enter random data to help seed the PRNG, configure the one-time SIC password, and specify whether the VPN-1 services should automatically start at boot time Command (cpconfig), menu options, and configuration information Status of commands and menu options and status information (configuration information) Check Point SmartDashBoard services Create and configure users and user groups: define users and user groups; create permission for individual users or a whole group of users; set permissions such as access hours, user priority, authentication mechanisms, protocols allowed, filters applied, and types of encryption Commands and configuration data (policy files) Status of commands and configuration data (policy files) Define and implement security policies: configure and install security policies that are applied to the network and users. These policies contain a set of rules that govern the communications flowing into and out of the module, and provide the Crypto Officer with a means to control the types of traffic permitted to flow through the module. Commands and configuration data (policy files) Status of commands and configuration data (policy files) Management of keys: configure the digital certificates and/or pre-shared keys for use by IKE for authentication Commands and configuration data (policy files) Status of commands and configuration data (policy files) Initialization of Secure Internal Commands Status of © Copyright 2005, 2006, 2007 Nokia Page 13 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Critical Security Parameter (CSP) Access None One-time SIC password (read/write access) None None RSA key pair for IKE (read/write access); pre-shared keys for IKE (read/write access) RSA key pair for TLS

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
Service
Description
Input
Output
Critical Security
Parameter
(CSP) Access
Monitoring
commands
Configure, manage, and view
monitoring settings through the CLI:
configure CPU utilization reports,
memory utilization reports, interface
linkstate reports, rate shaping
bandwidth reports, interface
throughput reports by turning data
collection on or off and setting the
data collection time interval; display
interface settings, system logs,
system statistics, interface monitor,
resource statistics, forwarding table,
system status information
Commands
and
configuration
data
Status of
commands,
configuration
data, and
status
information
None
Check Point’s CLI
commands
Initial configuration of the Check
Point firmware: install licenses,
configure the SNMP daemon, modify
the list of UNIX groups authorized to
run VPN-1 services, register a
cryptographic token, enter random
data to help seed the PRNG,
configure the one-time SIC
password, and specify whether the
VPN-1 services should automatically
start at boot time
Command
(cpconfig),
menu options,
and
configuration
information
Status of
commands
and menu
options and
status
information
(configuration
information)
One-time SIC
password (read/write
access)
Create and configure users and user
groups: define users and user
groups; create permission for
individual users or a whole group of
users; set permissions such as
access hours, user priority,
authentication mechanisms,
protocols allowed, filters applied, and
types of encryption
Commands
and
configuration
data (policy
files)
Status of
commands
and
configuration
data (policy
files)
None
Define and implement security
policies: configure and install security
policies that are applied to the
network and users. These policies
contain a set of rules that govern the
communications flowing into and out
of the module, and provide the
Crypto Officer with a means to
control the types of traffic permitted
to flow through the module.
Commands
and
configuration
data (policy
files)
Status of
commands
and
configuration
data (policy
files)
None
Management of keys: configure the
digital certificates and/or pre-shared
keys for use by IKE for authentication
Commands
and
configuration
data (policy
files)
Status of
commands
and
configuration
data (policy
files)
RSA key pair for IKE
(read/write access);
pre-shared keys for
IKE (read/write
access)
Check Point
SmartDashBoard
services
Initialization of Secure Internal
Commands
Status of
RSA key pair for TLS
© Copyright 2005, 2006, 2007
Nokia
Page 13 of 43
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.