D-Link DGS-3312SR [189/290] Layer ssl

D-Link DGS-3312SR [189/290] Layer ssl
DGS-3312SR Stackable Gigabit Layer 3 Switch
Secure Socket
Secure Sockets Layer or SSL is a security feature that will provide a secure communication path between a host and client
f authentic h the
use of a ciphersuite, which tion
algorithms and key sizes to be used for an authentication session and consists of three levels:
nge: The itch
utilizes the Rivest Sham fied
as the DHE DSS Diffie-Hellm
nt and host as they te
encryptions on the foll
: The seco nt
ent and host thms:
Stream Ciphers – There are two types of stream ciphers on the Switch, RC4 with 40-bit keys and RC4 with
8-bit keys.
optimal use.
BC Block Ci
crypted blo
3DES EDE encry the Data Encryption Standard (DES) to create the encrypted text.
orithm: This
a Message Authenticat ge Authentication Code will be encrypted with a sent message to provide
integrity and prevent against replay attacks. The Switch supports two hash algorithms, MD5 (Message Digest 5) and
SHA (Secure Hash Algorithm).
meters are n code for
ication bet
ciphersuites available, yet d
The information included in t included with the Switch and requires downloading from a third source
a certificate. Th mentation
te file and c v3 and
TLSv1. Other versions of S on and
transfer of messages from cl
Download Certificate
This window is used to dow
file is a data record used icating devices on the network. It contains information on the owner, keys for
authentication and digital signatures. Both the server and the client must have consistent certificate files for optimal use of
n. The Swit certificate
already set in the Switch.
To view the following window, cl (SSL) > Download Certificate:
Layer (SSL)
through the use o ation, digital signatures and encryption. These security functions are implemented throug
is a security string that determines the exact cryptographic parameters, specific encryp
Key Excha first part of the ciphersuite string specifies the public key algorithm to be used. This sw
ir Adleman (RSA) public key algorithm and the Digital Signature Algorithm (DSA), speci
here
clie
an (DHE) public key algorithm. This is the first authentication process between
“exchange keys” in looking for a match and therefore authentication to be accepted to negotia
owing level.
Encryption
between cli
nd part of the ciphersuite that includes the encryption used for encrypting the messages se
. The Switch supports two types of cryptology algori
12 These keys are used to encrypt messages and need to be consistent between client and host for
C
en
phers – CBC refers to Cipher Block Chaining, which means that a portion of the previously
ck of encrypted text is used in the encryption of the current block. The Switch supports the
ption code defined by
Hash Alg part of the ciphersuite allows the user to choose a message digest function that will determine
ion Code. This Messa
These three para
secure commun
uniquely assembled in four choices on the Switch to create a three-layered encryptio
ween the server and the host. The user may implement any one or combination of the
ifferent ciphersuites will affect the security level and the performance of the secured connection.
the ciphersuites is no
in a file form called
of the certifica
is function of the Switch cannot be executed without the presence and imple
an be downloaded to the Switch by utilizing a TFTP server. The Switch supports SSL
SL may not be compatible with this switch and may cause problems upon authenticati
ient to host.
nload a certificate file for the SSL function on the Switch from a TFTP server. The certificate
for authent
the SSL functio ch only supports certificate files with .der file extensions and comes with one RSA
ick Security > Secure Socket Layer
Figure 6- 2. Download Certificate window
176

Содержание

Скачать