Patton electronics SmartNode Series Software Configuration Manual page 371
Software for smartnode series
Hide thumbs
Also See for SmartNode Series:
- Software configuration manual (655 pages) ,
- Software configuration manual (627 pages) ,
- Software configuration manual (568 pages)
Table of Contents
Advertisement
SmartWare Software Configuration Guide
•
Replay attacks (replay of recorded messages)
•
Spoofing
•
Connection hijacking
Among other information such as time stamp, sender and general ID, the H.235 needs a password for crypto
token generation. Since this password is intelligible when being configured by means of a telnet session or dis-
played in a running configuration, it is possible to configure an encrypted password, which will be decrypted
on the SmartNode. For decryption a master password is needed. Configuration of the master password should
not be done over insecure links (links subject to wire-tapping). It is recommended to do so in a secure network
(local area network) only (before delivery to the customer).
Henceforth, the H.235 password can be reconfigured securely even over insecure links.
To generate an H.235 encrypted password by means of the master password as key, the password encryption
tool is used (getcryptopassword.exe). The usage of the Windows based command line tool is as follows:
getcryptopassword <h235-password> <master-password>
The H.235 password must be a random alphanumeric character string of 1 through 12 characters (e.g.
12ygR34230kG). The master password must be a 32 digit hex number (characters 0–9, a–f ). To achieve best
encryption security, choose a random value (no repeating character sequences). The tool generates the
encrypted H.235 password and the hash of the master password. The encrypted H.235 password is then to be
used for remote (over insecure link) configuration of the H.235 password. The hash value of the master pass-
word can be used to verify proper configuration of all parameters. The command 'show h235security' displays
all H.235 settings including a hash value of the master password. If this value is identical to the hash value out-
put by the tool 'gencryptopassword.exe', the configuration of the master password was successful. Note that
this last verification step can be done securely even over insecure links (subject to wire-tapping) since the algo-
rithm used for hash value calculation is a mathematical one-way function (virtually impossible to derive the
password from the hash value). To enable H.235 security on H.323 perform the steps described below.
Procedure: To enable H.235 Security on H.323 gateway
Mode: Gateway H.323
Step 1
node (gw-h323)[h323]#h235security master-
password master-password
Step 2
C:\getcryptopassword h235-password mas-
ter-password
Gateway configuration task list
Command
29 • Gateway configuration
Purpose
Sets the master password (32 hex digits, 0-9,
A-F) with which the H.235 password is
decrypted.
Note
Configure the master
password only over
secure links (e.g. in LAN
environments only or
with serial connection),
which cannot be wire-
tapped.
Generates H.235 password by means of the
master password with the encryption tool.
369
Advertisement
Table of Contents
Need help?
Do you have a question about the SmartNode Series and is the answer not in the manual?