Appendix E - Routefinder Maintenance - Multitech RouteFinder RF850 User Manual

Appendix E – RouteFinder
This section covers issues related to routinely maintaining the RouteFinder:
•
Housekeeping
•
Monitoring
•
Updating
Housekeeping
Housekeeping includes the on-going list of tasks that you need to perform to keep your environment safe
and clean. The three main housekeeping tasks that you'll need to revisit periodically are:
•
System backups – This includes regular backups of RouteFinder configurations and reporting logs.
Much of the system backup effort can be done automatically on the RouteFinder.
•
Accounts management – Includes adding new accounts correctly, deleting old ones promptly, and
changing passwords regularly. You should arrange to get termination notification when someone
leaves your organization (e.g., for your company's full-time and contract employees, or your
university's graduating students). This should involve managing Certification and Key expiration
dates, maintaining current email address or addresses for alerts and notifications (e.g., from the
Administration menu), as well as maintaining the overall WebAdmin password from he
Administration menu.
•
Shared Secret Maintenance – Most secure protocols provide for mutual authentication (server-to-
client and client-to-server). Most ways of doing this are based on the same process: each side
"proves" that it can decrypt a value that only the "authentic" participant can know.
This secret could be the private half of a public key / private key pair, or it could be a key used along
with a symmetric algorithm. In both authentication methods each side sends the other an
'unpredictable' value, and then gets it back in a form that proves that the other side was able to
decrypt it.
Public key cryptography provides excellent data protection, but it's fairly slow. A convenient method
is to use a temporary key (AKA, a session key) for most transactions, and then destroy the session
key when the transaction is completed. Here, a secure protocol negotiates a session key that is
used for a single transaction. The session key is still unpredictable and secure, but takes a lot less
time to generate. However, when using the temporary (session) key method, it becomes important
for the administrator to destroy quickly and systematically the shared secrets once they are used.
Using partial perfect forwarding secrecy the shared secret is destroyed after a set period of time.
When using perfect secret forwarding, the administrator is responsible for destroying used shared
secrets.
•
Disk space management – Includes timely 'cleanup' of random program and data files to avoid
wondering if a program is a leftover from a previous user, or a required program needed for a new
install, or a program that an intruder left behind as a 'present' for someone to open. Eliminating
unneeded files will allow more room on the hard drive for important logs and reports.
•
Authentication Keys Maintenance – Authentication keys need to be unpredictable, and random
numbers can often be necessarily involved. You'll want to change authentication keys often, since
the longer a key is used, the more likely it is to be discovered or accidentally disclosed.
Monitoring
Here you need to keep track of your system in terms of 'normal' usage so you can tell:
•
If your RouteFinder is working.
•
If your RouteFinder has been compromised.
•
What kinds of attacks are being perpetrated.
•
If your RouteFinder is providing the services your users need, or if upgrades or add-ons are
needed.
To be proactive in solving these issues, keep track of usage reports and logs (refer to the sections on User
Authentication, Tracking, and Statistics & Logs in Chapter 3). For information on RouteFinder upgrades
and add-ons refer to the preceding section, Software Upgrades and Add-ons.
Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)
Maintenance
Appendix E – RouteFinder Maintenance
164