Nortel Networks Contivity Secure IP Services Gateway 4600 Manuel d'utilisateur télécharger pdf (Page 14)



 14

containedonthefloppydiskviathemodule’smanagementinterface.The

formatutilitythencausesthefirmwareofthemoduletobeerased



• RSAkeys:TheseRSApublic/privatekey-pairsareusedforgeneratingand

verifyingdigitalsignaturesforauthenticationofusersduringIPSectunneling

sessions.Themodule’skeysaregeneratedinternallybythePKCS#1standard

usingapseudo-randomnumbergenerator.Thekeysarestoredinuniquely

nameddirectoriesinPKCS#5andPKCS#8formats,respectively.AllRSA

keyscanbezeroizedbytheadministratorbyenteringcommandstodeleteand

zeroizethekeydirectories.Theprivatekeyisneveroutputfromthemodule

whilethemodule’spublickeyisoutputtoobtainacertificatefromathird

partyCertificateAuthority(CA).



• RSACertificates:Thesepublickeybasedcertificatesareusedtoauthenticate

usersforIPSectunnelsessions.Inaddition,themodulehasitsowncertificate

thatitusestoauthenticatetousers.TheseX.509certificatesareissuedbya

thirdpartyCAandstoredintheinternalLDAP.



2.6 Self-tests

Itisimportanttotestthecryptographiccomponentsofasecuritymoduletoinsureall

componentsarefunctioningcorrectly.TheContivitySwitchincludesanarrayofself-tests

thatarerunduringstartupandperiodicallyduringoperations.Theself-testsrunat

power-upincludeacryptographicknownanswertests(KAT)ontheFIPS-approved

cryptographicalgorithmsimplementedinbothHardwareandSoftware(DES,3DES),on

themessagedigest(SHA-1),andonsignatures(RSAwithSHA-1).Additionalself-tests

performedatstartupincludesoftwareintegritytestsusingaDESMACperFIPS113and

acontinuousrandomnumbergeneratortest.Othertestsarerunperiodicallyor

conditionallysuchasasoftwareloadtestforFIPS-approvedupgradesusingaDESMAC

andthecontinuousrandomnumbergeneratortest.Inaddition,therearechecksumtests

ontheflashmemorythatareupdatedwithflashchanges.



Ifanyoftheseself-testfailtheswitchwilltransitionintoanerrorstate.Withintheerror

state,allsecuredatatransmissionishaltedandtheswitchoutputsstatusinformation

indicatingthefailure.

1 2 ... 9 10 11 12 13 14 15 16

Pas de commentaire

Nortel Networks Contivity Secure IP Services Gateway 4600 Manuel d'utilisateur Page 14