Assumptions concerning user behavior
Password length:
●
- User password: at least eight characters
- Other passwords: at least six characters
- PSK (Pre-shared keys) for IKE: at least 13 characters
!
SECURITY ALERT:
The user should refer to
SECURITY ALERT:
Lock-out after authentication fail after fixed number of log-in attempts (default value is
●
three)
Device managed locally via direct link to Console port, and remotely via IPSec tunnel only.
●
Commands are documented in the Avaya G250 and Avaya G350 Media Gateways CLI
●
Reference, 03-300437.
Critical security parameters and private keys
Table 86
describes the CSPs (Critical Security Parameters) defined in the module.
Table 86: Critical security parameters
Key
IKE Pre-shared Keys
HASH_I, HASH_R
IKE Pre-Shared Session Key
(SKEYID)
IKE Ephemeral DH shared
secret (g^ab)
IKE Ephemeral DH private key
(a)
Password guidelines
Description/Usage
This key generates IKE SKEYID_d during pre-sharedkey
authentication. The first-time key must be entered manually
(via RS232 connected to the PC acting as terminal
emulation). Other keys can be defined remotely over
encrypted and authenticated IPSEC tunnel.
Used for generation of SKEYID, SKEYID_d, SKEYID_a,
SKEYID_e. Generated for VPN IKE phase-1 key
establishment.
Generated for VPN IKE phase-1 by hashing pre-shared keys
with responder/receiver nonce
Generated for VPN IKE phase-1 key establishment
The private exponent used in DH exchange. Generated for
VPN IKE phase-1 key establishment.
on page 604.
Issue 3 February 2007
1 of 3
595