Table of Contents
Advertisement
15: Security Settings
The PremierWave XC HSPA+ device supports Secure Shell (SSH) and Secure Sockets Layer
(SSL). SSH is a network protocol for securely accessing a remote device. SSH provides a secure,
encrypted communication channel between two hosts over a network. It provides authentication
and message integrity services.
Secure Sockets Layer (SSL) is a protocol that manages data transmission security over the
Internet. It uses digital certificates for authentication and cryptography against eavesdropping and
tampering. It provides encryption and message integrity services. SSL is widely used for secure
communication to a web server. SSL uses certificates and private keys.
Note:
The device supports SSLv3 and its successors, TLS1.0 and TLS1.1. An incoming
SSLv2 connection attempt is answered with an SSLv3 response. If the initiator also
supports SSLv3, SSLv3 handles the rest of the connection.
Public Key Infrastructure
Public key infrastructure (PKI) is based on an encryption technique that uses two keys: a public
key and private key. Public keys can be used to encrypt messages which can only be decrypted
using the private key. This technique is referred to as asymmetric encryption, as opposed to
symmetric encryption, in which a single secret key is used by both parties.
TLS (SSL)
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), use asymmetric
encryption for authentication. In some scenarios, only a server needs to be authenticated, in
others both client and server authenticate each other. Once authentication is established, clients
and servers use asymmetric encryption to exchange a secret key. Communication then proceeds
with symmetric encryption, using this key.
SSH and some authentication methods on the PremierWave XC HSPA+ intelligent gateway make
use of SSL. The PremierWave XC HSPA+ unit supports SSLv2, SSLv3, and TLS1.0.
TLS/SSL application hosts use separate digital certificates as a basis for authentication in both
directions: to prove their own identity to the other party, and to verify the identity of the other party.
In proving its own authenticity, the PremierWave XC HSPA+ intelligent gateway will use its own
"personal" certificate. In verifying the authenticity of the other party, the PremierWave XC HSPA+
device will use a "trusted authority" certificate.
In short:
When using EAP-TLS, the PremierWave XC HSPA+ intelligent gateway needs a personal
certificate with matching private key to identify itself and sign its messages.
When using EAP-TLS, EAP-TTLS or PEAP, the PremierWave XC HSPA+ unit needs the
authority certificate(s) that can authenticate those it wishes to communicate with.
PremierWave® XC HSPA+ Intelligent Gateway User Guide
99
Advertisement
Table of Contents
Need help?
Do you have a question about the PREMIERWAVE XC HSPA+ and is the answer not in the manual?