Upload
mehdimehdi
View
246
Download
0
Embed Size (px)
Citation preview
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
1/17
Proprietary and Confidential
FibeAir IP-10 G-Series
EMS Security Configuration
®
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
2/17
Proprietary and Confidential
Agenda
2
• SS
• !!PS
• SF!P
• "sers # Groups
• Pass$ord
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
3/17
Proprietary and Confidential
Security Configuration"pdate first F!P connection
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
4/17
Proprietary and Confidential
SS % Secured S&ell
• S'1 and SS'( are supported)
• SS protocol can be used as a secured alternati'e to *!elnet*)• SS protocol is al$ays be operational) Ad+in user can c&oose $&et&er to
disable
• *!elnet* protocol, $&ic& $ill be *enabled* by default) Ser'er aut&entication$ill be based on IP-10s *public .ey*)
• /ey ec&ange algorit&+ is SA)• Supported Encryptions2 aes1(3-cbc, 4des-cbc, blo$fis&-cbc, cast1(3-cbc,arcfour1(3, arcfour(56, arcfour, aes17(-cbc, aes(56-cbc, aes1(3-ctr,
aes17(-ctr, aes(56-ctr)
• MAC 8Message Aut&entication Code92 SA-1-76 8MAC lengt& : 76 bits, .eylengt& : 160 bit9) Supported MAC2 &+ac-+d5, &+ac-s&a1, &+ac-
ripe+d160, &+ac-s&a1-76, &+ac+d5-76;
• !&e ser'er $ill aut&enticate t&e user based on
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
5/17
Proprietary and Confidential
!!PS
In order to +anage t&e syste+ using !!PS protocol, user s&ould
follo$ t&e follo$ing steps2
• 1) Create t&e I?" certificate based on I?";s public .ey)
• () ?o$nload t&e I?" certificate)
• 4) "sing CA certificate 8@ptional steps9
i) ?o$nload t&e I?" CA;s certificate)
ii) Enable EB CA certificate)
• ) Set EB Protocol para+eter to !!PS
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
6/17
Proprietary and Confidential
!!PS % Public /ey "pload
!&e public .ey s&ould be uploaded by t&e user for generating t&e I?"s
digital certificate2
• !&e upload $ill be done by using F!PDSF!P 8s
• !&e public .ey file $ill be in PEM for+at)
• Clic.
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
7/17Proprietary and Confidential
!!PS % Certificate ?o$nload 819
?o$nload I?" ser'er certificate andDor I?" CA certificate 8optional9 2
• ?o$nload is done by using F!PDSF!P)
• PEM and ?E certificate for+ats are supported)
• For do$nloading t&e I?" ser'er certificate andDor I?";s CA certificate to t&e syste+, t&efollo$ing steps +ust be fulfilled for eac& file type2
?eter+ine certificate file na+e 8ser'er digital certificate9 or
?eter+ine certificate file for+at 8
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
8/17Proprietary and Confidential
!!PS % Certificate ?o$nload 8(9
After setting t&e abo'e configurations, a
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
9/17Proprietary and Confidential
!!PS - Acti'ation
EB interface protocol can be configured to be !!P 8default9 or !!PS
8cannot be bot& at t&e sa+e ti+e9)
While switching to HTTPS mode, the following must be fulfilled:
• EB ser'er certificate file eist)
• Certificate public .ey is co+patible to I?"s pri'ate .ey)• If one of t&e abo'e tests fails, t&e operation $ill return an appropriate error
indication)
• @pen EB Bro$ser and type t&e " =&ttps2IP of target I?"H=)
Note:!&is para+eter is >@! copied $&en
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
10/17Proprietary and Confidential
SF!P 8Secure F!P9
SF!P can be used for t&e follo$ing operations2
• Configuration uploadDdo$nload,
• "pload t&e unit info)
• "pload public .ey)
• ?o$nload certificate files)
• S do$nload
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
11/17Proprietary and Confidential
"SES,
G@"PS#
PASS@?
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
12/17Proprietary and Confidential
Adding "sers
!o add D edit users # groups clic. on t&e
ite+ as s&o$n in t&e captured i+aged 8left9
Clic. Add User to add ne$ users
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
13/17Proprietary and Confidential
Adding "sers
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
14/17
Proprietary and Confidential
Adding "sers
>e$ users $ill be reJuired to c&ange t&eir
pass$ord $&en t&ey log in for t&e first ti+e
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
15/17
Proprietary and Confidential
C&anging Pass$ord
A 'alid pass$ord s&ould be a +i of upper and lo$er case letters, digits, and ot&er
c&aracters)
Kou can use an 3 c&aracter long pass$ord $it& c&aracters fro+ at least 4 of t&ese
classes) An upper case letter t&at begins t&e pass$ord and a digit t&at ends it do not
count to$ards t&e nu+ber of c&aracter classes used)
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
16/17
Proprietary and Confidential
C&anging Pass$ord
Good ea+ple2
L00p!c" % using capital letters, s+all letters and digits 8Leros instead of
8/18/2019 350 - Ceragon - IP-10G EMS Security - Presentation v1.2
17/171
Thank You !