SmartWare Encrypted File Download HowTo



Similar documents
Configuring Secure Socket Layer (SSL)

How To Install An At-S100 (Geo) On A Network Card (Geoswitch)

VoIP Gateway Routers. SmartNode 4634 and 4638 Series. Quick Start Guide

File Transfers. Contents

Connecting to the Firewall Services Module and Managing the Configuration

50-Port 10/100/1000Mbps with 4 Shared SFP. Managed Gigabit Switch WGSW Quick Installation Guide

Table of Contents... iii. Summary of Changes... v. Introduction Getting Started... 3

LifeSize Video Communications Systems Administrator Guide

Configure Cisco Unified Customer Voice Portal

File Transfers. Contents

NetVanta 7100 Exercise Service Provider SIP Trunk

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Procedure to Upgrade VIP-350PT/550PT by Web Browser

Comware versus Cisco IOS Command Guide

Yealink Configuration Encryption Tool User Guide

How To Set Up A Netvanta For A Pc Or Ipad (Netvanta) With A Network Card (Netvina) With An Ipa (Net Vanta) And A Ppl (Netvi) (Netva)

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

Backing Up and Restoring Data

Document ID: Introduction

Integrating a Hitachi IP5000 Wireless IP Phone

Configuring Password Encryption

How Do I Upgrade Firmware and Save Configurations on PowerConnect Switches?

NetVanta 3000 Series (with T1/FT1 or T1/FT1 with DSX-1 Network Interface Module)

OLT LTP-8X_v Appendix to Operation Manual OLT LTP-8X Quick Configuration Guide Central Office Node Terminal

ProCurve Networking. Hardening ProCurve Switches. Technical White Paper

Enabling Remote Access to the ACE

LifeSize Passport TM User and Administrator Guide

WWPass External Authentication Solution for IBM Security Access Manager 8.0

Configuring Password Encryption

Quick Note 038. Upgrade Software options and/or VPN Licenses on a Digi Transport router.

Chapter 3 Using Access Control Lists (ACLs)

Configuring System Message Logging

Chapter 2 Quality of Service (QoS)

enetworks TM Using the Syslog Feature C.1 Configuring the Syslog Feature

3.1 Connecting to a Router and Basic Configuration

Transferring Files Using HTTP or HTTPS

Table of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others

LevelOne VOI H.323 VoIP Gatekeeper. User Manual

TMA Management Suite. For EAD and TDM products. ABOUT OneAccess. Value-Adding Software Licenses TMA

Dramatically simplifying voice and data networking HOW-TO GUIDE. Bundle Quick Start Guide

Chapter 6 Using Network Monitoring Tools

Skills Assessment Student Training Exam

Conference Bridge setup

Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive

V310 Support Note Version 1.0 November, 2011

- Basic Router Security -

Applicazioni Telematiche

The Trivial Cisco IP Phones Compromise

VOIP-500 Series Phone CUCM 8.0.3a Integration Guide

AlliedWare Plus Version AT-9000 Layer 2-4 Gigabit Ethernet EcoSwitches Software Release Notes

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

USER MANUAL GUIMGR Graphical User Interface Manager for FRM301/FRM401 Media Racks

Lab 8.4.3a Managing Cisco IOS Images with TFTP

Secure Messaging Server Console... 2

Step 1: Checking Computer Network Settings:

Administering the Network Analysis Module. Cisco IOS Software. Logging In to the NAM with Cisco IOS Software CHAPTER

1 DDW2600 (U10C037) Wireless Cable Modem: FAQ

Snom 720 and Elastix Server

ASA 8.X: Routing SSL VPN Traffic through Tunneled Default Gateway Configuration Example

Chapter 6 Using Network Monitoring Tools

Lab 8.3.3b Configuring a Remote Router Using SSH

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Configuring Auto-MDIX

Capture Pro Software FTP Server System Output

Installing Intercloud Fabric Firewall

Management, Logging and Troubleshooting

Installing and Using the vnios Trial

Table of Contents. Cisco Configuring IPSec Cisco Secure VPN Client to Central Router Controlling Access

SIP Trunking using Optimum Business SIP Trunk Adaptor and the Cisco Call Manager Express Version 8.5

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client

Lab 5.3.9b Managing Router Configuration Files Using TFTP

Managing Software and Configurations

- The PIX OS Command-Line Interface -

Configuring a Cisco 2509-RJ Terminal Router

P330-ML Version 4.5 Release Notes

Configuring and Monitoring Hitachi SAN Servers

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

PRILINK PRI Management System

ADSP Infrastructure Management Compliance Audit. How-To Guide

Installing Cable Modem Software Drivers

Grandstream Networks, Inc. GXP2130/2140/2160 Auto-configuration Plug and Play

How to configure Linksys SPA for VOIP Connections

Deployment Guide for Maximum Security Environments Polycom HDX Systems, Version 3.0.5

Table of Contents. Cisco How to Download a Software Image to a Cisco 2600 via TFTP Using the tftpdnld ROMmon Command

RuggedCom Solutions for

Objectives. Background. Required Resources. CCNA Security

LifeSize Passport Connect TM User and Administrator Guide

Digi Connect Wan 3G Application Guide Update the firmware, backup and restore the configuration of a Digi Connect Wan 3G using a USB flash drive.

IP Phone Configuration and Troubleshooting Guide

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

IP Link Best Practices for Network Integration and Security. Introduction...2. Passwords...4 ACL...5 VLAN...6. Protocols...6. Conclusion...

Installing NICE Windows under Parallels for Mac

Using the Command Line Interface (CLI)

Freshservice Discovery Probe User Guide

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

Alexander installation and configuration guide.

TECHNICAL NOTE Stormshield Network Firewall AUTOMATIC BACKUPS. Document version: 1.0 Reference: snentno_autobackup

TREND series H.264 DVR Central Management System Quick User Guide

Application & Quick-Start Guide

AT-S63 and AT-S63 NE Version Management Software for the AT-9400 Series Layer 2+ Gigabit Ethernet Switches Software Release Notes

Transcription:

SmartWare Encrypted File Download HowTo 1. Description Explains the encrypted configuration download feature of SmartWare. 2. Introduction TFTP as a configuration download mechanism has the advantage of being extremely simple (trivial) and applicable in any network without any requirements for specialized management servers or applications. It has the disadvantage of being completely unsecure. The security hole of downloading complete configurations - which may contain IP addresses, login names and passwords for PPP or VoIP registrations - using TFTP becomes particularly pressing in combination with the auto-provisioning feature which allows large scale distribution of configurations in entire networks. To alleviate this problem and maintain the simplicity of TFTP downloads support for encrypted configuration file downloads is introduced. Goal: Prevent maliciously intercepted configurations to be readable by unauthorized users. Pre-requisites: Only authorized users have configuration access to the SmartNode. The configurations can be stored in plain form on the SmartNode. SNMP Write Access shall be restricted by means of communities and ACLs to prevent unauthorized SNMP initiated configuration downloads. Telnet access shall be restricted by means of credentials and ACLs. Page: 1 of 5

3. Overview An external encryption tool on the PC is used to encrypt the configuration file: enctool encrypt <plain-config-file> <enc-config-file> <key> The encrypted configuration file can then be downloaded with TFTP triggered by o the CLI copy command: copy tftp://<host>/<path> <config-file> o auto provisioning o SNMP o HTTP On the SmartNode the encryption is detected and the configuration file is automatically decrypted before stored to flash. The encryption key can be o downloaded to the SmartWare o specified with the PC encryption tool The encryption key may include the MAC address and/or serial number of the SmartNode using the placeholders $(system.mac) and $(system.serial) respectively. An encrypted configuration file can be uploaded to a TFTP server on request, specifying the encrypted flag: copy <config-file> tftp://<host>/<path> encrypted On the PC the encryption tool can be used to decrypt the file: enctool decrypt <enc-config-file> <plain-config-file> <key> A log file lists the last up/downloads: show log file-transfer Page: 2 of 5

4. Use Cases Install the encryption key You must install an encryption key with the SmartNode. The encryption key is used to automatically decrypt an encrypted configuration file that is downloaded later. To install the encryption key, you have to create a file on your TFTP server that contains the key. Then you have to download this key file to the SmartNode using the copy command of the SmartNode: The key file shall contain a key string of at most 24 characters on a single line. Spaces, tabs and LF/CR characters are trimmed. The key must not contain LF/CR, spaces, tabs, quotes ( ),backslashes (\) or the null character. If the key contains more than 24 characters, only the first 24 characters are considered. The key may contain variables that are resolved when the key file is downloaded to a SmartNode. Using this mechanism you can specify device-specific encryption keys. We currently support the following variables: $(system.mac): The MAC address of the first ethernet port. Execute the show port ethernet command on a SmartNode to display the MAC address of a SmartNode. This value without the colon separators and with all lower-case hexadecimal letters is used instad of the variable on the SmartNode. $(system.serial): The serial number of the SmartNode. Execte the show verion command on the SmartNode to display the serial number. Unlike the MAC address, don t convert the serial number to lower-case letters. When your key file contains the following line 123$(system.serial)abc$(system.mac)XYZ show port ethernet shows the following Ethernet Configuration ------------------------------------- Port : ethernet 0 0 0 State : OPENED MAC Address : 00:0C:F1:87:D9:09 Speed : 10MBit/s Duplex : Half Page: 3 of 5

Encapsulation : ip Binding : interface eth0 router and show version the following. HowTo: Encrypted File Download Productname : SN1200 Software Version : R3.20 TB2005-06-24_MEYER SIP Supplier : Provider : Subscriber : Information for Slot 0: SN1200 Hardware Version : 0004, 0001 Serial number : 000CF187D909 Software Version : R3.20 TB2005-06-24_MEYER SIP the encryption key on this SmartNode will be interpreted as 123000CF187D909abc000cf187d909XYZ Then you have to download the created key file to the SmartNode. Open a telnet session and type in the following commands: >enable #copy tftp://<ip>/<path> key: where <ip> is the IP address of your TFTP server and <path> is the path to the key file relative to the TFTP root. Important Note: The downloaded key also defines how the passwords are encrypted in your configuration files. After you downloaded a key file you have to regenerate the startup-config from the running-config by executing the command copy running-config startup-config If you don t do this the device will fail executing the commands that have encrypted password arguments, e.g. administrator, h235-security password, etc. Encrypt a configuration file Use the encryption tool to encrypt a configuration file on your PC. Therefore you have to enter the following command. Page: 4 of 5

enctool encrypt <plain-file> <encrypted-file> <key> where <plain-file> is the path of the non-encrypted input configuration file and <encrypted-file> is the path of the encrypted output configuration file. <key> specifies the encryption key which shall be used to encrypt the configuration file. Download an encrypted configuration file Now you can download the configuration file as usual using the CLI copycommand, the auto-provisioning feature, HTTP or SNMP download. The SmartNode automatically detects that a downloaded file is encrypted and tries to decrypt the file using the installed key. Upload an encrypted configuration file The SmartNode immediately decrypts a configuration file after downloading it. This is the configuration file is stored non-encrypted in the flash memory. Thus when you upload a configuration it is uploaded non-encrypted. You may upload an encrypted configuration file specifying the encrypted flag at the end of the copy command: #copy startup-config tftp://<ip>/<path> encrpted This encrypts the configuration file before sending it to the TFTP server. Use the enctool decrypt command on the PC to regain the original configuration. File Transfer Logs We introduced an additional log file that stores the history of all file transfers (up to 50 entries). To show all recently executed file transfer operations enter the following command: #show log file-transfer Page: 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information