Cisco Systems OL-11390-01 manual Secure Socket Layer SSL, SNMPv3, Working with Firewalls, 11-2

Chapter 11 Administering DFM (Advanced)

Security Considerations

Secure Socket Layer (SSL)

SSL is an application-level protocol that enables secure transactions of data through privacy, authentication, and data integrity. It relies upon certificates, public keys, and private keys. You can enable or disable SSL depending on the need to use secure access.

DFM supports SSL between clients and the server. By default, DFM is not SSL-enabled. For information on enabling SSL, refer to the Common Services online help.

SNMPv3

Like CiscoWorks Common Services, DFM supports SNMPv3 (authentication and access control but no data encryption) between server and devices to eliminate leakage of confidential info. This provides packet-level security, integrity protection, and replay protection, but does not encrypt the packets.

Working with Firewalls

DFM will work across firewalls, but you must perform the following two tasks:

•Configure the DFM server to use a specific port (outgoing connection)

•Configure the firewall to use an automatic established connection (incoming connection)

Step 1 Configure the DfmServer process so it binds to a privileged port, using the pdcmd --port option (see Table 11-4 on page 11-16for more pdreg options):

Note The ports and protocols used by CiscoWorks are listed in the Installation and Getting Started Guide for LAN Management Solution 3.0.

a.Check the flags that are currently set for the DfmServer process, and write them down (you will need to reset them later):

#NMSROOT/bin/pdreg -l DfmServer

b.Unregister the DfmServer process:

#NMSROOT/bin/pdcmd -u DfmServer