Strengths Of Authentication Mechanisms - Avaya G250 User Manual
Office media gateways w/fips non-proprietary security policy
Hide thumbs
Also See for G250:
- Administration manual (840 pages) ,
- Reference (812 pages) ,
- Administration (720 pages)
Table of Contents
Advertisement
Avaya G250 and G250-BRI Branch Office Media Gateways w/FIPS Non-Proprietary Security Policy
Version 1.2
User)
authentication
Read Only
Identity-based
User
operator
authentication
Radius Client
Role-based
operator
authentication
OSPF Router
Role-based
Peer
operator
authentication
PPPoE client
Role-based
operator
authentication
IKE Peer
Role-based
operator
authentication
Serial Number
Role based
Peer
authentication
Table 5 - Roles and Required Identification and Authentication
4.2. Strengths of Authentication Mechanisms
All passwords used for role or identity authentication are accepting 94 ASCII codes. The
authentication strength is shown in
Role
Minimum
password
length
OSPF, PPPoE,
6 characters
Radius
Crypto Officer,
8 characters
User, Read-Only
User
© 2005 Avaya Inc. May be reproduced only in its original entirety [without revision].
database.
Username and Password. The module
stores user identity information in an
internal or an external Radius Server
database.
Shared Radius secret.
Gateway authenticates Radius server
response by examining the MD5 hash
of the shared secret, the request
Authenticator, and other response
values in a response message.
Router peer Secret
Authentication of OSPF protocol
executed by examining the
authentication field in OSPF packet
carrying MD5 hash of the packet and
the secret.
Chap/Pap Secrets
Simple password authentication is
used for PAP-based authentication.
Gateway use MD5 function to hash
the challenge and the secret value in
the response message to PPPoE
Server.
IKE pre-shared keys.
TDES encrypted challenge.
Table 6
below.
Probability of successfully
authenticating
1/ 689,869,781,056
1 / 6,095,689,385,410,816
Wednesday, 14 December, 2005
configuration and status indications.
An assistant to the Admin User that
has read only access to a subset of
module configuration and status
indications.
An entity authenticates to the module
for the purpose of permitting/denying
access to services.
An entity authenticates to the module
for the purpose of permitting/denying
access to services.
An entity that facilitates connection
to the broadband access network
using PPP over Ethernet protocol.
PPPoE client can be attached only to
WAN Ethernet port.
An entity that facilitates IPSec VPNs.
Gateway exchanges its serial number
with a Server to enable feature
activation.
Probability of successfully
authenticating in one minute
1 / 209,052
1 / 1,847,178,602
Page 12 of 23
CID 106595
Advertisement
Table of Contents
