Manuals / Siemens / Computer Equipment / Network Router

Siemens Version: 1.2 manual First Initiation, User Management, 2.3.3Learning

Models: Version: 1.2

1 18
Download 18 pages 38.05 Kb
Page 10
Image 10
2.3.1 First Initiation

2. Security Services

2.3.1 First Initiation

At first initialization an IP address is assigned to the Scalance S moduls. After the IP configuration the modules can also be configured over the network. The first user to take the module in operation enters a user name and password which puts him in the position of administrator.

After the security module is turned on or reset, if it does not contain any configuration data either in the internal flash or on a removable media it does not allow any communication. Hence, the device is in a state which cannot be used in any way for an attack from the external network. The communication between protected devices behind different security modules via the external network must also explicitly be approved by the configuration.

If the device needs to be reset in case of loss of passwords, there is a reset button on the back of the module. By pushing it the device is set to the delivery state. This button is protected by a cover on the back side such that it is not pushed by mistake. If the device is built in a rack, it first needs to be removed of it after the back cover can be opened.

2.3.2 User Management:

There are two user groups having different rights: The administrator and the user with restricted rights. The administrator is able to grant users access to the modules, the users are able to change configuration settings according to their rights. The authentication of the user to the security module is carried out by digest authentication with user-name and password. With this kind of authentication the password is never sent in plaintext.

2.3.3Learning

In order to keep the configuration of the modules simple, the automatic learning was integrated. A module can learn the existence (and with that the addresses) of further modules and add this information to its own list of reachable modules. In the same way it can learn which nodes are in the internal network of another module. A VPN tunnel can only be set up if the end-point is known inducing that also the module that protects the network with that endpoint needs to be known. The learning is done automatically or by manual configuration.

For this purpose, the security module provides the security configuration protocol (SCP). This protocol contains the functions

Find further security modules

19-Aug-05

escrypt GmbH

10

Page 9 Page 11
Page 10
Image 10
Siemens Version: 1.2 manual First Initiation, User Management, 2.3.3Learning
Page 9 Page 11