Manualsbrain.com
  1. Manuales
  2. Marcas
  3. Cisco Systems
  4. Linksys PAP2
  5. Manual De Usuario

Cisco Systems Linksys PAP2 Manual De Usuario

Descargar
Página de 117
 
 
 
 
 
This utility generates 8-bytes of salt (which is prepended to the encrypted configuration file), and then 
calculates an Initialization Vector (IV) and an 256-bit encryption key using the key phrase provided on 
the command line. The TA recognizes the leading characters "Salted__" as a hint to find the salt and 
decrypt the configuration file. 
 
Linksys XML configuration files can be compressed using the gzip compression algorithm. Gzip is 
available from http://www.gzip.org .  
 
gzip cleartextconfig.xml 
 
If both compression and encryption are used, the clear text version must be compressed before it is 
encrypted.  The PHONE ADAPTER does not recognize files which are encrypted and then 
compressed since encrypted files are uncompressible. The Linksys PHONE ADAPTER automatically 
detects if a file is compressed or encrypted. 
 
 
3.2. 
Secure Initial Configuration 
 
Linksys recommends a secure configuration system to providers to protect them from theft of service, 
account forgery, and denial of service. To that end, Linksys Terminal Adapters are provisioned at the 
factory with a public key certificate signed by the Linksys certificate authority.   
 
The first step in this process is for the Linksys terminal adapters to use HTTPS to initially contact the 
configuration server specified in the Profile_Rule.  The initial URL can be configured into the TA at 
manufacturing time for order over a certain size, it can be added during a staging process, or it can 
be provided via the web interface as described in the next section.  The PHONE ADAPTER opens a 
TCP connection to the initial configuration server, and sends an SSLv2 ClientHello message. The 
configuration server then presents a server certificate signed by Linksys in a ServerHello message, 
and requests the certificate of the client. The Terminal Adapter validates the server certificate and 
provides its client certificate.  From the client certificate, the provider is assured of the authenticity of 
the MAC address, serial number, and model number of the Linksys device which has connected. The 
terminal adapter will then use an HTTP GET over this TLS secure channel to fetch its initial 
configuration. 
 
An Apache web server can be setup to perform all the certificate verification automatically as 
configuration directives.  An example configuration is listed below: 
 
<Directory /linksys/secure-setup/> 
  SSLVerifyClient require 
  SSLVerifyDepth 1 
  SSLRequireSSL 
  SSLCertificateFile provider-cert-signed-by-linksys.pem 
  SSLCertificateKeyFile provider-private-key.pem 
  SSLCertificateChainFile linksys-cert.pem 
  SSLCACertificateFile linksys-cert.pem 
  SSLRequire ( %{SSL_CLIENT_VERIFY} eq "SUCCESS"    \ 
 
 
and %{SSL_CLIENT_I_DN_O} eq "Linksys"    \ 
 
 
and %{SSL_CLIENT_S_DN_O} eq "Linksys"   \ 
  and 
%{SSL_CLIENT_S_DN_CN} eq %{REQUEST_FILENAME} 
</Directory> 
 
 
© 2004 Linksys Proprietary (See Copyright Notice on Page 2) 
 
 
 
25