Manual
Table Of Contents
- Table of Contents
- List of Figures
- Preface
- Chapter 1
- Overview
- Section I
- Basic Operations
- Chapter 2
- Starting a Local or Telnet Management Session
- Chapter 3
- Enhanced Stacking
- Chapter 4
- Basic Switch Parameters
- When Does a Switch Need an IP Address?
- Configuring an IP Address and Switch Name
- Activating the BOOTP and DHCP Client Software
- Rebooting a Switch
- Configuring the Manager and Operator Passwords
- Setting the System Time
- Configuring the Console Startup Mode
- Configuring the Console Timer
- Enabling or Disabling the Telnet Server
- Setting the Baud Rate of the RS-232 Terminal Port
- Pinging a Remote System
- Returning the AT-S62 Software to the Factory Default Values
- Viewing System Hardware and Software Information
- Setting the Switch’s Temperature Threshold
- Chapter 5
- SNMPv1 and SNMPv2c Configuration
- Chapter 6
- Port Parameters
- Chapter 7
- MAC Address Table
- Chapter 8
- Port Trunking
- Chapter 9
- Port Mirroring
- Chapter 10
- Ethernet Statistics
- Section II
- Advanced Operations
- Chapter 11
- File System
- Chapter 12
- File Downloads and Uploads
- Chapter 13
- Event Log
- Chapter 14
- Quality of Service
- Chapter 15
- IGMP Snooping
- Chapter 16
- Denial of Service Defense
- Section III
- SNMPv3 Operations
- Chapter 17
- SNMPv3 Configuration
- SNMPv3 Overview
- Configuring the SNMPv3 Protocol
- Configuring the SNMPv3 User Table
- Configuring the SNMPv3 View Table
- Configuring the SNMPv3 Access Table
- Configuring the SNMPv3 SecurityToGroup Table
- Configuring the SNMPv3 Notify Table
- Configuring the SNMPv3 Target Address Table
- Configuring the SNMPv3 Target Parameters Table
- Configuring the SNMPv3 Community Table
- Displaying SNMPv3 Table Menus
- Displaying the Display SNMPv3 User Table Menu
- Displaying the Display SNMPv3 View Table Menu
- Displaying the Display SNMPv3 Access Table Menu
- Displaying the Display SNMPv3 SecurityToGroup Table Menu
- Displaying the Display SNMPv3 Notify Table Menu
- Displaying the Display SNMPv3 Target Address Table Menu
- Displaying the Display SNMPv3 Target Parameters Table Menu
- Displaying the Display SNMPv3 Community Table Menu
- Section IV
- Spanning Tree Protocols
- Chapter 18
- Spanning Tree and Rapid Spanning Tree Protocols
- Chapter 19
- Multiple Spanning Tree Protocol
- Section V
- Virtual LANs
- Chapter 20
- Tagged and Port-based Virtual LANs
- VLAN Overview
- Port-based VLAN Overview
- Tagged VLAN Overview
- Creating a Port-based or Tagged VLAN
- Example of Creating a Port-based VLAN
- Example of Creating a Tagged VLAN
- Modifying a VLAN
- Displaying VLANs
- Deleting a VLAN
- Deleting All VLANs
- Displaying PVIDs and Port Priorities
- Enabling or Disabling Ingress Filtering
- Specifying a Management VLAN
- Chapter 21
- GARP VLAN Registration Protocol
- Chapter 22
- Multiple VLAN Modes
- Section VI
- Port Security
- Section VII
- Management Security
- Chapter 25
- Web Server
- Chapter 26
- Encryption Keys
- Chapter 27
- Public Key Infrastructure Certificates
- Chapter 28
- Secure Shell (SSH) Protocol
- Chapter 29
- RADIUS and TACACS+ Authentication Protocols
- Chapter 30
- Management Access Control List
- Section VIII
- Web Browser Management
- Chapter 31
- Starting a Web Browser Management Session
- Chapter 32
- Enhanced Stacking
- Chapter 33
- Basic Switch Parameters
- Chapter 34
- SNMPv1 and SNMPv2c Community Strings
- Chapter 35
- Port Parameters
- Chapter 36
- MAC Address Table
- Chapter 37
- Port Trunking
- Chapter 38
- Port Mirroring
- Chapter 39
- File Downloads and Uploads
- Chapter 40
- Event Log
- Chapter 41
- Quality of Service
- Chapter 42
- IGMP Snooping
- Chapter 43
- Denial of Service Defense
- Chapter 44
- SNMPv3 Protocol
- Configuring the SNMPv3 Protocol
- Enabling the SNMP Protocol
- Configuring the SNMPv3 User Table
- Configuring the SNMPv3 View Table
- Configuring the SNMPv3 Access Table
- Configuring the SNMPv3 SecurityToGroup Table
- Configuring the SNMPv3 Notify Table
- Configuring the SNMPv3 Target Address Table
- Configuring the SNMPv3 Target Parameters Table
- Configuring the SNMPv3 Community Table
- Displaying SNMPv3 Tables
- Chapter 45
- STP, RSTP, and MSTP
- Chapter 46
- Virtual LANs
- Chapter 47
- GARP VLAN Registration Protocol
- Chapter 48
- MAC Address Security
- Chapter 49
- 802.1x Port-based Access Control
- Chapter 50
- Secure Shell Protocol
- Chapter 51
- Encryption Keys, PKI, and SSL
- Chapter 52
- RADIUS and TACACS+ Authentication Protocols
- Chapter 53
- Management Access Control List
- Appendix A
- AT-S62 Default Settings
- Basic Switch Default Settings
- Enhanced Stacking Default Setting
- SNMP Default Settings
- Port Configuration Default Settings
- Event Log Default Settings
- Quality of Service
- IGMP Snooping Default Settings
- Denial of Service Prevention Default Settings
- STP, RSTP, and MSTP Default Settings
- VLAN Default Settings
- GVRP Default Settings
- MAC Address Security Default Settings
- 802.1x Port-Based Network Access Control Default Settings
- Web Server Default Settings
- SSL Default Settings
- PKI Default Settings
- SSH Default Settings
- Server-Based Authentication Default Settings
- Management Access Control List Default Setting
- AT-S62 Default Settings
- Appendix B
- Index
Chapter 26: Encryption Keys
Section VII: Management Security 496
❑ Electronic Code Book (ECB) is the fundamental DES function.
Plaintext is divided into 64-bit blocks which are encrypted with
the DES algorithm and key. For a given input block of plaintext
ECB always produces the same block of ciphertext.
❑ Cipher Block Chaining (CBC) is the most popular form of DES
encryption. CBC also operates on 64-bit blocks of data, but
includes a feedback step which chains consecutive blocks so that
repetitive plaintext data, such as ASCII blanks, does not yield
identical ciphertext. CBC also introduces a dependency between
data blocks which protects against fraudulent data insertion and
replay attacks. The feedback for the first block of data is provided
by a 64-bit Initialization Vector (IV). This is the DES mode used for
the switch’s data encryption process.
❑ Cipher FeedBack (CFB) is an additive-stream-cipher method
which uses DES to generate a pseudo-random binary stream that
is combined with the plaintext to produce the ciphertext. The
ciphertext is then fed back to form a portion of the next DES input
block.
❑ Output FeedBack (OFB) combines the first IV DES algorithms
with the plaintext to form ciphertext. The ciphertext is then used
as the next IV.
The DES algorithm has been optimized to produce very high speed
hardware implementations, making it ideal for networks where high
throughput and low latency are essential.
Triple DES Encryption Algorithms
The Triple DES (3DES) encryption algorithm is a simple variant on the
DES CBC algorithm. The DES function is replaced by three rounds of that
function, an encryption followed by a decryption followed by an
encryption. This can be done by using either two DES keys (112-bit key)
or three DES keys (168-bit key).
The two-key algorithm encrypts the data with the first key, decrypts it
with the second key and then encrypts the data again with the first key.
The three-key algorithm uses a different key for each step. The three-key
algorithm is the most secure algorithm due to the long key length.
There are several modes in which Triple DES encryption can be
performed. The two most common modes are:
❑ Inner CBC mode encrypts the entire packet in CBC mode three
times and requires three different initial is at ion vectors (IV’s).
❑ Outer CBC mode triple encrypts each 8-byte block of a packet in
CBC mode three times and requires one IV.