D-Link DGS-3100 user manual Configuring Secure Socket Layer Security

DGS-3100 Series Gigabit Stackable Managed Switch User Manual

4.Define the authentication port in the Authentic Port field.

5.Define the accounting port in the Accounting Port field.

6.Define the authentication and encryption key in the Key field.

7.Reenter the RADIUS Key in the Confirm Key field.

8.Click .

•To edit the Radius Server list, click adjacent to the required listed server. The upper fields display the current values, which then can be edited.

•To delete a radius server from the list, click adjacent to the relative list entry. The radius servers are defined, and the device is updated.

Configuring Secure Socket Layer Security

Secure Socket Layer (SSL) is a security feature that provides a secure communication path between a host and client through the use of authentication, digital signatures, and encryption. These security functions are implemented using a Ciphersuite, which is a security string that determines the exact cryptographic parameters, specific encryption algorithms and key sizes used for authentication sessions, and that consists of:

•Key Exchange —Cyphersuite strings specify the public key algorithm used. This switch utilizes the Rivest Shamir Adleman (RSA) public key algorithm. This is the first authentication process between client and host as they “exchange keys” in looking for a match and therefore authentication to be accepted to negotiate encryptions on the following level.

•Encryption: The second part of the ciphersuite that includes the encryption used for encrypting the messages sent between client and host. The Switch supports two types of cryptology algorithms:

–Stream Ciphers – There are two types of stream ciphers on the Switch, RC4 with 40-bit keys and RC4 with 128-bit keys. These keys are used to encrypt messages and need to be consistent between client and host for optimal use.

–CBC Block Ciphers – Cipher Block Chaining (CBC) links encrypted text blocks. The Switch supports the 3DES EDE encryption code defined by the Data Encryption Standard (DES) to create the encrypted text.

•Hash Algorithm — This part of the ciphersuite allows the user to choose a message digest function which will determine a Message Authentication Code. This Message Authentication Code will be encrypted with a sent message to provide integrity and prevent against replay attacks. The Switch supports two hash algorithms, Message Digest 5 (MD5) and Secure Hash Algorithm (SHA).

The SSL Configuration Settings Page permits network managers to enable SSL with all supported ciphersuites on the Switch. Ciphersuites are security strings that determines the exact cryptographic parameters, specific encryption algorithms and key sizes to be used for an authentication session. The Switch possesses three possible ciphersuites for the SSL function, which are enabled by default.

When the SSL function has been enabled, the Web is disabled.

To manage the device via an Embedded Web System while SSL is enabled, the web browser must support SSL encryption. URL headers must begin with https://, for example https://10.90.90.90.

The system supports up-to five SSH sessions. To enable SSL on the device:

1.Click Security > SSL. The SSL Configuration Settings Page opens:

108