HOTSPOT GATEWAY
18 Introduction
Secure Management
There are many different ways to configure, manage and monitor the performance and
up-time of network devices. SNMP, Telnet, HTTP and ICMP are all common
protocols to accomplish network management objectives. And within those objectives
is the requirement to provide the highest level of security possible.
While several network protocols have evolved that offer some level of security and
data encryption, the preferred method for attaining maximum security across all
network devices is to establish an IPSec tunnel between the NOC (Network
Operations Center) and the edge device (early VPN protocols such as PPTP have been
widely discredited as a secure tunneling method).
As part of Nomadix’ commitment to provide outstanding carrier-class network
management capabilities to its family of public access gateways, we offer secure
management through the NSE’s standards-driven, peer-to-peer IPSec tunneling with
strong data encryption. Establishing the IPSec tunnel not only allows for the secure
management of the Nomadix gateway using any preferred management protocol, but
also the secure management of third party devices (for example, WLAN Access
Points and 802.3 switches) on private subnets on the subscriber side of the Nomadix
gateway. See also, “Enabling Secure Management {VPN Tunnel}” on page 136.
Two subsequent events drive the secure management function of the Nomadix
gateway and the devices behind it:
1. Establishing an IPSec tunnel to a centralized IPSec termination server (for
example, Nortel Contivity). As part of the session establishment process, key
tunnel parameters are exchanged (for example, Hash Algorithm, Security
Association Lifetimes, etc.).
2. The exchange of management traffic, either originating at the NOC or from the
edge device through the IPSec tunnel. Alternatively, AAA data such as RADIUS
Authentication and Accounting traffic can be sent through the IPSec tunnel. See
also, “RADIUS-driven Auto Configuration” on page 16.
To Next Page
Loading...
