manualshive.com logo in svg

Eicon Networks SHIVA 1100, Руководство администратора, Страница: 113 / 136

Поделиться
Скачать
Eicon Networks SHIVA 1100 Скачать руководство пользователя страница 113

System log

System Administrator’s Guide

 113

Currently used prefixes for traffic arriving:

A typical Default Deny: will thus look similar to the following:

Mar 27 09:31:19 2003 klogd: Default deny: IN=eth1 
OUT=MAC=00:60:68:00:ff:01:00:e0:29:65:af:e9:08:00 SRC=140.103.74.181 
DST=12.16.16.36 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=46341 DF 
PROTO=TCP SPT=46111 DPT=139 WINDOW=5840 RES=0x00 SYN URGP=0 

That is, a packet arriving from the WAN (IN=eth1) and bound for the Shiva VPN 
Gateway itself (OUT=<nothing>) from IP address 140.103.74.181 
(SRC=140.103.74.181), attempting to go to port 139 (DPT=139, Windows file sharing) 
was dropped.

If the packet is traversing the Shiva VPN Gateway to a server on the private network, 
the outgoing interface will be eth0, e.g.:

Mar 27 09:52:59 2003 klogd: IN=eth1 OUT=eth0 SRC=140.103.74.181 
DST=10.0.0.2 LEN=60 TOS=0x10 PREC=0x00 TTL=62 ID=51683 DF PROTO=TCP 
SPT=47044 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 

Packets going from the private network to the public come in eth0, and out eth1, e.g.:

Mar 27 10:02:51 2003 klogd: IN=eth0 OUT=eth1 SRC=10.0.0.2 
DST=140.103.74.181 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=62830 DF 
PROTO=TCP SPT=46486 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 

Creating custom log rules

Additional log rules can be configured to provide more detail if desired. For example, 
by analyzing the rules in the Rules menu, it is possible to provide additional log 
messages with configurable prefixes (i.e. other than Default Deny:) for some allowed 
or denied protocols.

Depending on how the LOG rules are constructed it may be possible to differentiate 
between inbound (from WAN to LAN) and outbound (from LAN to WAN) traffic. 
Similarly, traffic attempting to access services on the Shiva VPN Gateway itself can 
be differentiated from traffic trying to pass through it.

The examples below can be entered on the Command Line Interface (telnet), or into 
the Rules Web Management Console web administration pages. Rules entered on the 
CLI are not permanent however, so while it may be useful for some quick testing, it is 
something to be wary of.

Default Deny

Packet didn't match any rule - drop it

Invalid

Invalid packet format detected

Smurf

Smurf attack detected

Spoof

Invalid IP address detected

SynFlood

SynFlood attack detected

Custom

Custom rule dropped outbound packet

Содержание SHIVA 1100

Страница 1: ...Shiva VPN Gateway Model 500 and 1100 System Administrator s Guide Connecting People to Information...

Страница 2: ...on Networks Corporation or its subsidiaries More detailed information about such intellectual property is available from Eicon Networks Corporation s legal department at 9800 Cavendish Blvd Montreal Q...

Страница 3: ...ternet connection 18 COM port settings 21 Connecting a modem 21 Setting up a dial out Internet connection 21 Wireless port settings 24 Wireless network performance 24 Setting up the wireless network 2...

Страница 4: ...Firewall 45 Incoming access 46 Administration services 46 Shiva web server 47 Packet filtering 49 Service groups 50 Addresses 51 Rules 52 NAT 53 Connection tracking 57 Rules 58 Intrusion detection 59...

Страница 5: ...a GRE tunnel 96 Port Tunnels 98 Setting up a port tunnel 98 Chapter 6 Management 101 Setting the date and time 102 Locality 103 User list 104 Adding a user 104 Administrator password security 106 Man...

Страница 6: ...ernational Regulatory Information 133 Shiva 500 VPN Gateway 134 Regulatory information for the USA 134 Regulatory information for Canada 134 Regulatory information for Europe 135 Shiva 1100 VPN Gatewa...

Страница 7: ...n This manual describes how to take advantage of the features of your Shiva VPN Gateway including setting up network connections a secure firewall and a VPN This chapter provides an overview of your S...

Страница 8: ...chines on your local network To configure your Shiva VPN Gateway as a DHCP server you must set a static IP address and netmask on the LAN port Chapter 4 The Shiva VPN Gateway is equipped with a fully...

Страница 9: ...cting the remote PCs or offices This combined with support for industry standard VPN and authentication protocols makes the Shiva VPN Gateway a fully featured security device that will also help maxim...

Страница 10: ...m Administrator s Guide Package contents The following items are included with your Shiva VPN Gateway gateway Power adapter Installation CD Quick Install guide Install Map Two six foot straight throug...

Страница 11: ...creen Bold text is also used to present command line output or program listings Network Setup Routes When referring to the web based management console submenus and tabs are indicated using the sign T...

Страница 12: ...pecifies the number of bits in the IP address range For example a b c d 24 covers the entire C class network subnet a b c 0 and is equivalent to specifying the range as a b c 0 255 a b c d 32 is equiv...

Страница 13: ...er is supplied to the Shiva VPN Gateway TST Flashing The Shiva VPN Gateway is operating correctly On The unit is restarting or an operating error has occurred LAN1 LAN2 LAN3 LAN4 Flashing Traffic is b...

Страница 14: ...he power adapter here ERASE Details SERIAL Serial port with DB 9 connector supporting speeds up to 115200 WAN 10 100 auto sensing Ethernet port LAN1 LAN2 LAN3 LAN4 10 100 auto sensing Ethernet ports A...

Страница 15: ...ter describes the Network Setup section of the Web Management Console Here you can configure each of your Shiva VPN Gateway s network ports Ethernet serial Network ports may be configured for Internet...

Страница 16: ...onfiguration of a port select a new setting in the Configuration column This will automatically display additional configuration pages To edit an existing configuration select Edit current settings in...

Страница 17: ...hiva VPN Gateway in its default network address translation mode Network address translation NAT masquerading on page 36 this will typically be part of a private IP range such as 192 168 1 1 255 255 2...

Страница 18: ...N connection as your primary Internet connection see the section COM port settings on page 21 Connect your Shiva VPN Gateway s Internet port to the modem device using a straight through Ethernet cable...

Страница 19: ...neric enter your user name and password and click Finish You are now ready to connect Click the Reboot button to save your configuration and reboot your Shiva VPN Gateway ADSL Internet If you are conn...

Страница 20: ...er s however any DNS server addresses allocated by your ISP will take precedence over these To manually configure your Internet network settings enter the IP Address Netmask Internet Gateway and DNS S...

Страница 21: ...A connects into your ISDN line and has either a serial or Ethernet port that is connected to your Shiva VPN Gateway Do not plug an ISDN connection directly in to your Shiva VPN Gateway Setting up a di...

Страница 22: ...ve i e when there is no traffic to from the Internet for the time specified by Idle Timer Idle Time Specifies how long the connection can be idle before it is dropped when Dial on Demand is active Sel...

Страница 23: ...m Administrator s Guide 23 If a dial on demand connection has been set up Connect Now Disconnect Now buttons will be displayed These make the Shiva VPN Gateway dial or hang up the modem connection imm...

Страница 24: ...s governed by a number of factors including Intervening obstructions Each obstruction between the Shiva VPN Gateway and a wireless client station will reduce the signal strength Some materials wood an...

Страница 25: ...tions Channel Frequency Select the operating channel for the wireless network To avoid interference with other 2 4GHz devices select a channel number that differs from the one used by the other device...

Страница 26: ...erly all wireless stations have identical key lists If you define only one encryption key it must be entered in the first key field If you configure one key only in fields 2 3 or 4 you may not be able...

Страница 27: ...tion 5 Specify a MAC address and click the Add button Advanced wireless settings The Advanced tab gives you access to a number of settings that can be used to fine tune the operation of the wireless n...

Страница 28: ...power Specifies the transmit power as a percentage Can be used to reduce the wireleess cell size to avoid interference with neighboring wireless networks Peramble Type Long Short RTS Threshold Enable...

Страница 29: ...a bridge between them The Shiva VPN Gateway will learn which computers or devices are present on either side of the bridge and direct traffic appropriately Note When the Shiva VPN Gateway is bridging...

Страница 30: ...Shiva VPN Gateway you must Enable your primary Internet connection for failover Set up a secondary backup Internet connection Enable the primary connection for failover Set up your primary broadband...

Страница 31: ...ll not appear as an available Configuration until a primary Internet connection has been configured Refer to Enable the primary connection for failover on page 30 for details on enabling your primary...

Страница 32: ...can be configured to automatically exchange routing information with other routers Note that this feature is intended for network administrators adept at configuring route management services Check E...

Страница 33: ...Edit alias configuration for the LAN port 3 Specify an IP address and Netmask and click Add Internet port alias Note For Internet aliased ports you must also setup appropriate Packet Filtering and or...

Страница 34: ...lobally unique address and is specific to a single Shiva VPN Gateway It is set by the manufacturer and should not normally be changed However you may need to change it if your ISP has configured your...

Страница 35: ...e is a descriptive name for the Shiva VPN Gateway on the network DNS Proxy The Shiva VPN Gateway can also be configured to run as a Domain Name Server The Shiva VPN Gateway acts as a DNS Proxy and pas...

Страница 36: ...te IP address Note It is strongly recommended that you leave Enable NAT on Internet Interface checked Dynamic DNS A dynamic DNS service is useful when you don t have a static Internet IP address but n...

Страница 37: ...a http https imap irc nntp ntp pop3 smtp ssh and telnet This advanced feature is provided for expert users to fine tune their networks The Auto Traffic Shaper uses a set of inbuilt traffic shaping rul...

Страница 38: ...QoS traffic shaping 38 System Administrator s Guide...

Страница 39: ...s Chapter 3 DHCP services The Shiva VPN Gateway can act as a DHCP server for machines on your local network To configure your Shiva VPN Gateway as a DHCP server you must set a static IP address and ne...

Страница 40: ...Apply Enter the Subnet and netmask of the IP addresses to be distributed Enter the Gateway Address that the DHCP clients will be issued with If this field is left blank the Shiva VPN Gateway s IP add...

Страница 41: ...ort 4 Click Apply to save these settings A page similar to the following will be displayed Interface Once a subnet has been configured the port which the IP addresses will be issued from will be shown...

Страница 42: ...e an option to Remove the address and for reserved IP addresses the added option to Unreserve the address Unreserving the address will allow it to be handed out to any host The Status field will have...

Страница 43: ...resolution This allows both static and dynamic addresses to be given out on the LAN just as running a DHCP server would To enable this feature specify the server which is to receive the forwarded req...

Страница 44: ...DHCP relay 44 System Administrator s Guide...

Страница 45: ...Gateway s stateful firewall keeps track of outgoing connections e g a computer on your LAN requesting content from a server on the Internet and only allows corresponding incoming traffic e g the serve...

Страница 46: ...r example you generally want to restrict access to the Web Management Console web administration pages Web Admin to machines on your local network Disallowing all services is not recommended as this w...

Страница 47: ...Shiva VPN Gateway s Internet IP address into a web browser Ideally you should use Packet Filtering rules see the Packet Filtering section later in this chapter to restrict who has access for remote a...

Страница 48: ...agement console administrative web pages securely using SSL encryption the URL becomes https instead of http e g https 10 0 0 1 Add local and private certificates Valid SSL certificates have been uplo...

Страница 49: ...eraded servers to offer services to the outside world Destination NAT rules are used for port forwarding Source NAT rules are useful for masquerading one or more IP addresses behind a single other IP...

Страница 50: ...ting address and click Modify A service group can be used to group together similar services For example you can create a group of services that you wish to allow and then use a single rule to allow t...

Страница 51: ...a VPN Gateway will perform a DNS lookup and fill in the IP Address field If the DNS hostname is invalid you may need to wait while the DNS lookup times out Warning The DNS lookup is only performed onc...

Страница 52: ...he Packet Filtering page to change the order The rules are evaluated top to bottom as displayed on the Packet Filtering page Action Specifies what to do if the rule matches Accept means to allow the t...

Страница 53: ...ng matched when inspecting the system log NAT Once appropriate addresses and perhaps service groups have been defined you can add 1 to 1 and Destination NAT rules Source NAT rules may be added at any...

Страница 54: ...MZ address Outgoing Interface The interface that receives the request for masquerading this will typically be private interface i e LAN or DMZ Destination Address The destination address of the reques...

Страница 55: ...vice to be only accessible from a specific remote location Destination Address The destination address of the request this is the address that will be altered Destination Services The destination serv...

Страница 56: ...ess The private address to change Into public address The public address typically a WAN interface alias Create a corresponding ACCEPT firewall rule Leave checked to create a virtual DMZ type scenario...

Страница 57: ...Connection tracking provides support for the listed services by creating a proxy for the service Supported services include File transfer protocol FTP H 323 teleconferencing Internet relay chat IRC Po...

Страница 58: ...u Warning Only experts on firewalls and iptables will be able to add effective custom firewall rules for more information see http www netfilter org documentation Configuring the Shiva VPN Gateway s f...

Страница 59: ...e applications These attacks can potentially be detected using an intrusion detection system IDS The IDS logs information and sends alerts so that administrators may be able to contain and recover fro...

Страница 60: ...ll reduce the number of false positives The ignore list contains a list of host IP addresses which the IDB will ignore for detection and blocking purposes This list may be freely edited so trusted ser...

Страница 61: ...VPN Gateway via this interface The UPnP Gateway will listen on this interface to requests from UPnP capable applications and devices to establish port forwarding rules In response to these requests t...

Страница 62: ...net ZoneAlarm To enable any of these access controls or content filtering select Access Control then under the Main tab check Enabled and click Apply User authentication Check Require user authenticat...

Страница 63: ...is for Microsoft Internet Explorer 6 Instructions for other browsers should be similar refer to their user documentation for details on using a web proxy 1 On the Internet Options menu select Tools 2...

Страница 64: ...ank 6 In the Exceptions box enter your Shiva VPN Gateway s LAN IP address 7 Click OK OK and OK again IP lists Internet access may be Blocked or Allowed by the Source LAN IP address or address range th...

Страница 65: ...urce Block list access to www kernel org and www kernel org only from 192 168 1 100 will be granted Web lists Access will be denied to any web address URL that contains text entered in the Block List...

Страница 66: ...Access control 66 System Administrator s Guide...

Страница 67: ...Virtual private networking Chapter 5 Virtual private networking This chapter details how to configure the PPTP client how to establish an IPSec tunnel and also provides an overview of GRE and L2TP VPN...

Страница 68: ...dquarters LAN to the branch office s IPSec is generally the most suitable choice in this scenario With the Shiva VPN Gateway you can establish a VPN tunnel over the Internet using either PPTP IPSec GR...

Страница 69: ...nd password to use when logging in to the remote VPN You may need to obtain this information from the system administrator of the remote PPTP server and Optionally the remote network s netmask This is...

Страница 70: ...edit the advanced routing information L2TP client The Layer Two Tunneling Protocol was developed by Microsoft and Cisco as a multi purpose network transport protocol Many DSL ISPs use L2TP over ATM to...

Страница 71: ...Enable and configure the PPTP VPN server Set up VPN user accounts on the Shiva VPN Gateway and enable the appropriate authentication security Configure the VPN clients at the remote sites The client d...

Страница 72: ...Addresses to Assign to VPN Server Select the port that the VPN tunnel will be created on Authentication Scheme PPTP provides an authenticated tunnel between a client and a gateway by using a user ID...

Страница 73: ...the PAP authentication scheme 3 Click Continue 4 Configure user account settings PPTP Accounts are distinct from those added through Users on the System menu and those added through L2TP Server and D...

Страница 74: ...he remote VPN client computer has Internet connectivity To create a VPN connection across the Internet you must set up two networking connections One connection is for ISP and the other connection is...

Страница 75: ...ing IPSec This provides a secure tunnel through which users on both networks can share data and resources To combine the Headquarters and Branch Office networks together an IPSec tunnel must be config...

Страница 76: ...00 and 1500 5 Click the Apply button to save the changes Warning It may be necessary to reduce the MTU of the IPSec interface if large packets of data are not being transmitted Create a tunnel to conn...

Страница 77: ...Gateway and the remote party RSA Digital Signatures uses a public private RSA key pair for authentication The Shiva VPN Gateway can generate these key pairs The public keys need to be exchanged betwe...

Страница 78: ...this end checkbox checked Note This option will not be available when the Shiva VPN Gateway has a static IP address and the remote party has a dynamic IP address 2 Enter the Required Endpoint ID of t...

Страница 79: ...d Authentication Key field is the ESP Authentication Key It must be of the form 0xhex where hex is one or more hexadecimal digits The hex part must be exactly 32 characters long when using MD5 or 40 c...

Страница 80: ...e remote party has a dynamic IP or DNS hostname address or if RSA Digital Key Signatures are used for authentication It is optional For this example because the remote party has a static IP address If...

Страница 81: ...lue and must be unique It is used to establish and uniquely identify the tunnel It must be of the form 0xhex where hex is one or more hexadecimal digits and be in the range of 0x100 0xfff This field a...

Страница 82: ...leave the Rekeyfuzz as the default value of 100 Enter a secret in the Preshared Secret field Keep a record of this secret as it will be used to configure the remote party s secret For this example en...

Страница 83: ...down menu contains a list of the local certificates that have been uploaded for X 509 authentication Select the required certificate to be used to negotiate the tunnel This field appears when X 509 C...

Страница 84: ...t a time by entering subnets into the Add Local Network and Add Remote Network fields and then clicking Apply Configured local and remote network combinations can be deleted by clicking the Delete che...

Страница 85: ...network so select the single network behind a gateway option 9 Select the type of routing the tunnel will be used as For this example select the be a route to the remote party option 10 Click the Con...

Страница 86: ...Office Phase 1 Proposal 6 Click the Continue button to configure the Phase 2 Settings Define phase 2 settings 1 Set the length of time before Phase 2 is renegotiated in the Key lifetime m field For th...

Страница 87: ...e Party to sort the tunnel list by the remote party ID name address Status Tunnels that use Automatic Keying IKE will have one of four states in the Status field The states include the following Down...

Страница 88: ...se Phase 2 Ciphers Loaded lists the encryption ciphers that tunnels can be configured with for Phase 2 negotiations This will include DES 3DES and AES Phase 2 Hashes Loaded lists the authentication ha...

Страница 89: ...there is no key yet The current Phase 2 key This is the number that corresponds to the newest IPSec SA field For this example phase 1 has not be successfully negotiated so there is no key yet The Pha...

Страница 90: ...the IPSec endpoint that has dynamic DNS supported and enable Dead Peer Detection If the IP address of the Shiva VPN Gateway s DNS hostname changes the tunnel will automatically renegotiate and establ...

Страница 91: ...he remote party has gone down The remote party has disabled IPSec The remote party has disabled the tunnel The tunnel on the Shiva VPN Gateway has been configured not to rekey the tunnel The remote pa...

Страница 92: ...not work across the tunnel Possible cause There may be a firewall device blocking IPSec packets The MTU of the IPSec interface may be too large The application uses broadcasts packets to work Solution...

Страница 93: ...e the MTU if large packets are not being sent through the tunnel If the application is still not working across the tunnel then the problem is with the application Check that the application uses IP a...

Страница 94: ...PKCS 12 format file and the CA local public key and private key certificates must be extracted or created before uploading them into the Shiva VPN Gateway Adding certificates To add certificates to t...

Страница 95: ...host computer Certificates have time durations in which they are valid Ensure that the certificates uploaded are valid and that the Date and Time settings have been set correctly on the Shiva VPN Gate...

Страница 96: ...t to networks then you should use IPSec or tunnel GRE over either IPSec or PPTP tunnels An example setup that describes using GRE to bridge a network over an IPSec tunnel is described in GRE over IPSe...

Страница 97: ...emote subnet netmask 192 168 1 0 255 255 255 0 8 Click Add The GRE tunnel between the two networks is now set up Tunnels may be Disabled Deleted or Edited from the main table of GRE tunnels A few furt...

Страница 98: ...nnel with a localhost destination 127 0 0 1 and to then have an httptunnel listening on that port which forwards to a remote httptunnel which in turn loops back to a remote stunnel which in turn forwa...

Страница 99: ...erver settings Enabled Enables the tunnel Local Port Remote Host Remote Port Content Length Strict Length Adherence Maximum Connection Age Keep Alive Interval Source Client settings Enabled Enables th...

Страница 100: ...Port Tunnels 100 System Administrator s Guide Strict Length Adherence Maximum Connection Age Keep Alive Interval Proxy Username Password Port Proxy Buffer Size User Agent Padding Timeout...

Страница 101: ...Chapter 6 Management Chapter 6 Management This chapter describes how to configure various management options such as date and time users administrator settings and diagnostics...

Страница 102: ...f your computer Alternately you can manually set the Year Month Date Hour and Minute using the selection boxes to set the date and time on the Shiva VPN Gateway NTP time server The Shiva VPN Gateway c...

Страница 103: ...ield Locality Select your region then select your location within said region The system clock will subsequently show local time Without setting this the system clock will show UTP Setting a time zone...

Страница 104: ...abilities beyond any other user Note The root user is the only user permitted to telnet to a Shiva VPN Gateway Web administration access controls are grouped into four broad categories Administration...

Страница 105: ...ol can dump and restore the entire Shiva VPN Gateway s configuration via the encrypted save and restore option on the Advanced page Such a user cannot edit the configuration nor even see the configura...

Страница 106: ...restrict access to the Web Management Console web administration pages Web Admin and the Shiva VPN Gateway itself The Shiva VPN Gateway administrative password is the key to the security of your netw...

Страница 107: ...authenticate devices This value must be the same as the value configured in CMS Back to base ping interval Specifies the time in seconds between ALIVE traps sent to CMS Local SNMP port The port on wh...

Страница 108: ...ocation in the CMS Syslog Remote Port Specifies the port on which to listen for syslog messages The default value 514 is the standard syslog port however there may be reasons to use a different port i...

Страница 109: ...tests are provided through the Web Management Console web administration pages Diagnostics To access this information click Diagnostics under System This page displays information including the curre...

Страница 110: ...Diagnostics 110 System Administrator s Guide Network tests Basic network diagnostic tests ping traceroute can be accessed by clicking the Network Tests tab at the top of the Diagnostics page...

Страница 111: ...option of re directing log output to a remote machine using the syslog protocol Enable this option by selecting Enable Remote Logging entering the IP address of the remote machine and clicking Apply L...

Страница 112: ...nd logging performed some of the fields may not appear Commonly used interfaces are The firewall rules deny all packets arriving from the WAN port by default There are a few ports open to deal with tr...

Страница 113: ...th0 OUT eth1 SRC 10 0 0 2 DST 140 103 74 181 LEN 60 TOS 0x00 PREC 0x00 TTL 63 ID 62830 DF PROTO TCP SPT 46486 DPT 22 WINDOW 5840 RES 0x00 SYN URGP 0 Creating custom log rules Additional log rules can...

Страница 114: ...teway rather than attempting to pass through it A very similar scenario occurs for logging access requests that are attempting to pass through the Shiva VPN Gateway It merely requires replacing the IN...

Страница 115: ...te limiting the log messages that are generated in order to avoid denial of service issues arising out of logging these access attempts To achieve this use the following option limit rate rate is the...

Страница 116: ...entication successful for root from 10 0 0 2 Once again showing the same information as a web login attempt Boot Log Messages The Shiva VPN Gateway s startup boot time messages are identified by log m...

Страница 117: ...with a password To backup to a plain text file click store restore and copy and paste the configuration into a text editor on the remote machine Restoring is simply a matter of copying and pasting th...

Страница 118: ...ill stop functioning and will be unusable until its flash is reprogrammed at the factory or a recovery boot is performed User care is advised After the upgrade has completed successfully and the Shiva...

Страница 119: ...wly than normal At the end of the upgrade all the lights will flash briefly then return to their normal state Warning If the flash upgrade is interrupted e g power down the Shiva VPN Gateway will stop...

Страница 120: ...est method to clear the Shiva VPN Gateway s stored configuration information is by pushing the reset button on the back panel of the Shiva VPN Gateway twice within two seconds A bent paper clip is a s...

Страница 121: ...ze problems with your Shiva VPN Gateway The report gives the support team important information about any problems you may be experiencing If you experience a fault with your Shiva VPN Gateway and hav...

Страница 122: ...Technical Support 122 System Administrator s Guide...

Страница 123: ...size prevents brute force attacks Aggressive Mode This Phase 1 keying mode automatically exchanges encryption and authentication keys and uses less messages in the exchange when compared to Main mode...

Страница 124: ...fication Authority CA after the CA has verified that the entity is who it says it is Certificate Authority A Certificate Authority is a trusted third party which certifies public key s to truly belong...

Страница 125: ...hem into IP addresses A domain name is a meaningful and easy to remember name for an IP address DUN Dial Up Networking Encapsulating Security Payload ESP Encapsulated Security Payload is the IPSec pro...

Страница 126: ...evice that allows more than one computer to be connected as a LAN usually using UTP cabling IDB Intruder Detection and Blocking A feature of your Shiva VPN Gateway that detects connection attempts fro...

Страница 127: ...olicies will applied is also agreed upon ISAKMP ISAKMP is a framework for doing Security Association Key Management It can in theory be used to produce session keys for many different systems not just...

Страница 128: ...e from the gateway itself and not the machines on the local network MD5 Message Digest Algorithm Five is a 128 bit hash It is one of two message digest algorithms available in IPSec NAT Network Addres...

Страница 129: ...Point to Point Protocol A networking protocol for establishing simple links between two peers PPPoE Point to Point Protocol over Ethernet A protocol for connecting users on an Ethernet to the Interne...

Страница 130: ...ffectively TCP IP Transmission Control Protocol Internet Protocol The basic protocol for Internet communication TCP IP address Fundamental Internet addressing method that uses the form nnn nnn nnn nnn...

Страница 131: ...name and public key of the entity requesting the certificate and the CA s signature X 509 certificates are used to authenticate the remote party against a Certificate Authority s CA certificate The CA...

Страница 132: ...132 System Administrator s Guide...

Страница 133: ...Chapter 8 International Regulatory Information Chapter 8 International Regulatory Information This chapter provides regulatory information for all regions...

Страница 134: ...protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruc...

Страница 135: ...limits for the general population consult safety code 6 obtainable from Health Canada s website www hc sc gc ca rpb Regulatory information for Canada This Class B digital apparatus complies with Cana...

Страница 136: ...not allowed to operate the device at any other channel as supported by the device Licence required for every indoor installation please contact ART for procedure to follow Use outdoors is not allowed...

Отзывы:

Нет отзывов