Manuals / Juniper Networks / Computer Equipment / Network Router

Juniper Networks J-Series manual Encrypting and Decrypting Configuration Files

Models: J-Series

1 332
Download 332 pages 610 b
Page 225
Image 225

Chapter 11: Managing Files

user@host> set file filename nonpersistent

For more information about the nonpersistent option, see the JUNOS Network

Management Configuration Guide.

CAUTION: If log files for accounting data are stored on DRAM, these files are lost when the router reboots. Therefore, we recommend that you back up these files periodically.

Encrypting and Decrypting Configuration Files

Configuration files contain sensitive information such as IP addresses. By default, the Services Router stores configuration files in unencrypted format on an external compact flash. This storage method is considered a security risk because the compact flash can easily be removed from the Services Router. To prevent unauthorized users from viewing sensitive information in configuration files, you can encrypt them.

If your router runs the Canada and U.S. version of the JUNOS software, the configuration files can be encrypted with the Advanced Encryption Standard (AES) or Data Encryption Standard (DES) encryption algorithms. If your router runs the international version of the JUNOS software, the files can be encrypted only with DES.

To prevent unauthorized access, the encryption key is stored in the Services Router's EEPROM. You can copy the encrypted configuration files to another router and decrypt them if that router has the same encryption key. To prevent encrypted configuration files from being copied to another router and decrypted, you can set a unique encryption key that contains the chassis serial number of your router. Configuration files that are encrypted with a unique encryption key cannot be decrypted on any other router.

The encryption process encrypts only the configuration files in the /config and /var/db/config directories. Files in subdirectories under these directories are not encrypted. The filenames of encrypted configuration files have the extension

.gz.jc—for example, juniper.conf.gz.jc.

NOTE: You must have superuser privileges to encrypt or decrypt configuration files.

This section contains the following topics:

Encrypting Configuration Files on page 204

Decrypting Configuration Files on page 205

Modifying the Encryption Key on page 205

Encrypting and Decrypting Configuration Files 203

Page 224 Page 226
Page 225
Image 225
Juniper Networks J-Series manual Encrypting and Decrypting Configuration Files, Gz.jc-for example, juniper.conf.gz.jc
Page 224 Page 226