Security
34
System Management Guide
3HE 11018 AAAC TQZZA Edition: 01
3.4.4 Encryption
Data Encryption Standard (DES) and Triple DES (3DES) are supported for
encryption.
• DES is a widely used method of data encryption using a private (secret) key.
Both the sender and the receiver must know and use the same private key.
• 3DES is a more secure version of the DES protocol.
3.4.5 802.1x Network Access Control
The 7705 SAR supports network access control of client devices (PCs, STBs, and
so on) on an Ethernet network using the IEEE 802.1x standard. 802.1x is known as
Extensible Authentication Protocol (EAP) over a LAN network or EAPOL.
Refer to the 7705 SAR Interface Configuration Guide for more information about
IEEE 802.1x.
3.4.6 TCP Enhanced Authentication and Keychain
Authentication
The 7705 SAR supports non-keychain MD5 authentication for OSPF, IS-IS, and
RSVP-TE and TCP MD5 authentication for BGP and LDP. In previous releases, only
a single authentication key or pre-hashed MD5 digest could be defined at a time
using the authentication-key command. If this key was changed, the adjacency was
reset, causing both the local and remote router to reconverge based on the lost
adjacency. When a new key or digest was added, the adjacency was re-established,
causing another reconvergence event within the network.
In Release 8.0, the 7705 SAR also supports the TCP Enhanced Authentication
Option, as specified in draft-bonica-tcpauth-05.txt, Authentication for TCP-based
Routing and Management Protocols. The TCP Enhanced Authentication option is a
TCP extension that enhances security for BGP, LDP, and other TCP-based
protocols. It extends the MD5 authentication option to include the ability to change
keys in a BGP or LDP session seamlessly without tearing down the session, and
allows for stronger authentication algorithms to be used. It is intended for
applications where secure administrative access to both endpoints of the TCP
connection is normally available.
To Next Page
Loading...
