Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
11121314151617181920
3
Portal authentication
Portal authentication, also called "Web authentication," controls user access at the access layer and
other data entrance that needs protection. It does not require client software to authenticate users. Users
only need to enter a username and a password on the webpage for authentication.
With portal authentication, an access device redirects all unauthenticated users to a specific webpage,
and users can freely access resources on the webpage. However, to access other resources on the
Internet, a user must pass portal authentication on the portal authentication page.
Data security
Managing public keys
Public key configuration enables you to manage the local asymmetric key pairs (such as creating and
destroying a local asymmetric key pair, displaying or exporting the local host public key), and configure
the peer host public keys on the local device.
IPsec and IKE
IPsec is a security framework for securing IP communications. It is a Layer 3 VPN technology mainly for
data encryption and data origin authentication.
IKE provides automatic negotiation security parameters for IPsec, simplifying the configuration and
maintenance of IPsec. Security parameters for IKE negotiation include authentication and encryption
algorithms, authentication and encryption keys, IP packet encapsulation modes (tunnel mode and
transport mode), and key lifetime.
SSL and SSL VPN
SSL is a security protocol that provides secure connection services for TCP-based application layer
protocols by using the public key mechanism and digital certificates. SSL is independent of the
application layer protocol, so an application layer protocol can use a secure connection provided by SSL
without knowing SSL information. A common application is HTTPS—HTTP over SSL or HTTP Secure.
SSL VPN is a VPN technology based on SSL. It works between the transport layer and the application
layer. SSL VPN has been widely used for secure, remote Web-based access. For example, it can allow
remote users to access the corporate network securely.
SSH
SSH is a network security protocol implementing secure remote login and file transfer over an insecure
network. Using encryption and authentication, SSH protects devices against attacks such as IP spoofing
and plaintext password interception.
Firewall and connection control
ACL based packet-filter
An ACL packet-filter implements IP packet specific filtering.
Before forwarding an IP packet, the device obtains the following header information:
Number of the upper layer protocol carried by the IP layer
Source address
Destination address