Manualsbrain.com
  1. Manuals
  2. Brands
  3. Siemens
  4. Version: 1.2
  5. User Manual

Siemens Version: 1.2 User Manual

Download
Page of 18
2. Security Services 
 
 
2.3.1  First Initiation 
At first initialization an IP address is assigned to the Scalance S moduls. After the 
IP configuration the modules can also be configured over the network. The first 
user to take the module in operation enters a user name and password which puts 
him in the position of administrator. 
After the security module is turned on or reset, if it does not contain any 
configuration data either in the internal flash or on a removable media it does not 
allow any communication. Hence, the device is in a state which cannot be used in 
any way for an attack from the external network. The communication between 
protected devices behind different security modules via the external network must 
also explicitly be approved by the configuration. 
If the device needs to be reset in case of loss of passwords, there is a reset button 
on the back of the module. By pushing it the device is set to the delivery state. This 
button is protected by a cover on the back side such that it is not pushed by 
mistake. If the device is built in a rack, it first needs to be removed of it after the 
back cover can be opened. 
2.3.2  User Management: 
There are two user groups having different rights: The administrator and the user 
with restricted rights. The administrator is able to grant users access to the 
modules, the users are able to change configuration settings according to their 
rights. The authentication of the user to the security module is carried out by digest 
authentication with user-name and password. With this kind of authentication the 
password is never sent in plaintext. 
2.3.3    Learning 
In order to keep the configuration of the modules simple, the automatic learning 
was integrated. A module can learn the existence (and with that the addresses) of 
further modules and add this information to its own list of reachable modules. In the 
same way it can learn which nodes are in the internal network of another module. 
A VPN tunnel can only be set up if the end-point is known inducing that also the 
module that protects the network with that endpoint needs to be known. The 
learning is done automatically or by manual configuration. 
For this purpose, the security module provides the security configuration protocol 
(SCP). This protocol contains the functions 
•  Find further security modules 
19-Aug-05 escrypt 
GmbH 
10