Nokia IP265 Security Guide - Page 33

des-cbc, set ssh hostkey, v2 rsa size 1024

Get Nokia IP265 - Security Appliance PDF manuals and user guides View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 33 highlights

4. Allow only FIPS-approved algorithms for encryption and configure the SSH protocol by entering the following commands: set ssh server ciphers 3des-cbc ` keepalives listen-addr IPv4/IPv6 address listen-addr2 IPv4/IPv6 address port server-key-bits 1024 5. Generate host keys for either SSHv1, SSHv2, or both by entering the following commands: set ssh hostkey v1 size 1024 set ssh hostkey v2 rsa size 1024 ` v2 dsa size 1024 6. Enter the Crypto Officer's authorized public key for SSHv1, SSHv2, or both with the following commands: add ssh authkeys v1 user name bits 1024 exponent integer modulus name comment name v2 rsa user name comment name v2 dsa user name comment name 7. For optional configuration settings, see the CLI Reference Guide for IPSO 3.9 or IPSO 4.1 as appropriate. The module can now be managed remotely with SSH-secured management sessions. When changing the configuration, the preceding settings denoted by bold letters and numbers must not be changed. 3.1.6 Management and Monitoring After the initial setup, the Crypto Officer can locally or remotely manage, configure, and monitor the IPSO module with the CLI, or monitor with SNMPv3 (when using IPSO 3.9; SNMP support is not included in IPSO v4.1). The Crypto Officer can manage the Check Point module with the remote management server via the Check Point SmartDashboard application. Through this server, the Crypto Officer can configure policies for the module. These policies determine how the firewall and VPN services of the module function. Screen shots from the Check Point © Copyright 2005, 2006, 2007 Nokia Page 33 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
4. Allow only FIPS-approved algorithms for encryption and configure
the SSH protocol by entering the following commands:
set ssh server
ciphers
3des-cbc
`
keepalives <0
1>
listen-addr
IPv4/IPv6 address
listen-addr2
IPv4/IPv6 address
port
<1
2
1,2>
server-key-bits
1024
5. Generate host keys for either SSHv1, SSHv2, or both by entering
the following commands:
set ssh hostkey
v1 size
1024
set ssh hostkey
v2 rsa size 1024
`
v2 dsa size
1024
6. Enter the Crypto Officer’s authorized public key for SSHv1, SSHv2,
or both with the following commands:
add ssh authkeys
v1 user
name
bits
1024
exponent
integer
modulus
name
comment
name
v2 rsa
user
name
<openssh-format
name
ssh-format file
name
> comment
name
v2 dsa user
name
<openssh-format
name
ssh-format file
name
> comment
name
7. For optional configuration settings, see the
CLI Reference Guide
for
IPSO 3.9
or IPSO 4.1 as appropriate.
The module can now be managed remotely with SSH-secured
management sessions.
When changing the configuration, the preceding settings denoted by bold
letters and numbers must not be changed.
3.1.6
Management and Monitoring
After the initial setup, the Crypto Officer can locally or remotely manage,
configure, and monitor the IPSO module with the CLI, or monitor with
SNMPv3 (when using IPSO 3.9; SNMP support is not included in IPSO
v4.1). The Crypto Officer can manage the Check Point module with the
remote management server via the Check Point SmartDashboard
application. Through this server, the Crypto Officer can configure policies
for the module. These policies determine how the firewall and VPN
services of the module function. Screen shots from the Check Point
© Copyright 2005, 2006, 2007
Nokia
Page 33 of 43
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.