Avaya Configuring Data Encryption Services User Manual download pdf (Page 22)

Configuring Data Encryption Services

1-6

303520-A Rev. 00

Node Protection Key (NPK)

The NPK encrypts and decrypts LTSSs. The NPK is stored in the router’s

nonvolatile memory and its fingerprint, which is a 128-bit version of the NPK

generated by the hash algorithm, is in the management information base (MIB).

The NPK and its fingerprint must match for encryption to occur.

You should create and use a different NPK for each secure router on your network.

The process of generating and using NPKs is as follows:

The key management software uses an RNG in Site Manager to generate as

many NPKs as your network requires, and you specify a name for each NPK.

You use the Technician Interface to enter an NPK value in the router’s

nonvolatile memory. You do this for each secure router.

You enter the same NPK in the Site Manager PPP or frame relay Node

Protection Key parameter for that router.

Generating an NPK

To generate an NPK you must:

Use the WEP software to create a seed that initializes the random number

generator for the NPKs.

Use the WEP NPK Key Manager in Site Manager to generate NPKs.

Entering the NPK on the Router

You enter the NPK into a router locally using the console port and the secure shell

section of the Technician Interface. A password protects access to the secure shell.

Caution:

The NPK is the most critical key in the hierarchy. If the NPK is

compromised, all encrypted data on the router could be compromised. Protect

the files that store the NPKs, preferably by using removable media that you

store securely. Also protect the routers on which the NPKs reside.

1 2 ... 17 18 19 20 21 22 23 24 25 26 27 ... 69 70

No comments

Avaya Configuring Data Encryption Services User Manual Page 22