"FD 100/320Gbps NT and FX NT IHub System
Basics, Management and OAM Guide"
Security
Issue: 10 3HH-11982-AAAA-TQZZA 41
4 Security
4.1 Security Features
4.2 Configuring Security with CLI
4.3 Security CLI Command Reference
4.4 Security CLI Commands
4.1 Security Features
4.1.1 Encryption
Data Encryption Standard (DES) and Triple DES (3DES) are supported for
encryption.
• DES is a widely-used method of data encryption using a private (secret) key. Both
the sender and the receiver must know and use the same private key.
• 3DES is an encryption method that allows proprietary information to be
transmitted over untrusted networks.
4.1.2 TCP Enhanced Authentication Option
The TCP Enhanced Authentication Option, currently covered in
draft-bonica-tcp-auth-05.txt, Authentication for TCP-based Routing and
Management Protocols, extends the previous MD5 authentication option to include
the ability to change keys without tearing down the session, and allows for stronger
authentication algorithms to be used.
The TCP Enhanced Authentication Option is a TCP extension that enhances security
for BGP and other TCP-based protocols. This includes the ability to change keys in
a BGP or LDP session seamlessly without tearing down the session. It is intended
for applications where secure administrative access to both the end-points of the
TCP connection is normally available.
TCP peers can use this extension to authenticate messages passed between one
another. This strategy improves upon current practice, which is described in RFC
2385, Protection of BGP Sessions via the TCP MD5 Signature Option. Using this
new strategy, TCP peers can update authentication keys during the lifetime of a TCP
connection. TCP peers can also use stronger authentication algorithms to
authenticate routing messages.
To Next Page
Loading...
