Nokia IP265 Security Guide - Page 14
SSH, RSA-based authentication TLS, IKE and SSH, DSA-based - base system
View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 14 highlights
Service Description Input Output Communication (SIC): establish trust between management server and the module to allow configuration of the module's services and configuration data (SIC policy) commands Critical Security Parameter (CSP) Access (read/write access) Monitoring: provides detailed information for both monitoring of connection activities and the system status Commands Status of commands and status information (logs) None 2.4.2 User Role The User role accesses the module IPSec and IKE services. Service descriptions, inputs, and outputs are listed in Table 4. Service IKE Description Access the module IKE functionality to authenticate to the module and negotiate IKE and IPSec session keys Input IKE inputs and data Output IKE outputs, status, and data IPSec Access the module's IPSec services in order to secure network traffic IPSec inputs, commands, and data IPSec outputs, status, and data CSP RSA key pair for IKE (read access); DiffieHellman key pair for IKE (read/write access); preshared keys for IKE (read access) Session keys for IPSec (read/write access) Table 4 - User Services, Descriptions, Inputs and Outputs 2.4.3 Authentication Mechanisms The modules implement password-based authentication (console and SSH), RSA-based authentication (TLS, IKE and SSH), DSA-based authentication (SSHv2). HMAC SHA-1 is used for data packet integrity during authentication functions (IKE with pre-shared keys). 2.4.3.1 Crypto Officer Authentication The Crypto Officer must successfully authenticate before a management interface can be accessed. The authentication methods are described below. © Copyright 2005, 2006, 2007 Nokia Page 14 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.