ページ1に含まれる内容の要旨
ET0010A
ET0100A
ET1000A
EncrypTight User Guide
EncrypTight acts as a transparent overlay that
®
BL A CK BOX
integrates easily into any existing network
architecture, providing encryption rules and keys
to EncrypTight Enforcement Points.
EncrypTight consists of a suite of tools that performs various tasks of
appliance and policy management, including Policy Manager (PM),
Key Management System (KMS), and EncrypTight Enforcement Points
(ETEPs).
Order toll-free in the U.S.: Call 877-877-BBOX
ページ2に含まれる内容の要旨
Table of Contents Preface....................................................................................................................................... 13 About This Document.......................................................................................................................... 13 Contacting Black Box Technical Support............................................................................................ 14 Part I: EncrypTight Installation and Maintenance Chapter
ページ3に含まれる内容の要旨
Table of Contents Uninstalling EncrypTight Software.................................................................................................40 Starting EncrypTight ......................................................................................................................40 Exiting EncrypTight........................................................................................................................41 Management Station Configuration.................................
ページ4に含まれる内容の要旨
Table of Contents Step 2: Prepare ETPM Status and Renew Keys ...........................................................................74 Step 3: Upgrade the EncrypTight Software ...................................................................................74 Step 4: Verify ETKMS Status and Deploy Policies........................................................................74 Step 5: Upgrade PEP Software ...................................................................................
ページ5に含まれる内容の要旨
Table of Contents Provisioning Large Numbers of Appliances .......................................................................................111 Creating a Configuration Template..............................................................................................112 Importing Configurations from a CSV File ...................................................................................112 Importing Remote and Local Interface Addresses.............................................
ページ6に含まれる内容の要旨
Table of Contents Editing PEPs ......................................................................................................................................151 Editing PEPs From ETEMS.........................................................................................................151 Editing Multiple PEPs ..................................................................................................................152 Editing PEPs From ETPM ....................................
ページ7に含まれる内容の要旨
Table of Contents Adding a Multicast Policy.............................................................................................................199 Adding a Point-to-point Policy .....................................................................................................203 Adding Layer 4 Policies......................................................................................................................206 Policy Deployment .............................................
ページ8に含まれる内容の要旨
Table of Contents ETKMS Log Files ..................................................................................................................241 PEP Log Files .......................................................................................................................242 ETKMS Troubleshooting Tools ..........................................................................................................242 ETKMS Server Operation...................................................
ページ9に含まれる内容の要旨
Table of Contents Changing the EncrypTight Keystore Password ...........................................................................266 Changing the ETKMS Keystore Password..................................................................................266 Changing the Keystore Password on a ETKMS ...................................................................267 Changing the Keystore Password on a ETKMS with an HSM ..............................................268 Configuring the Certi
ページ10に含まれる内容の要旨
Table of Contents Interface Configuration.......................................................................................................................301 Management Port Addressing .....................................................................................................302 IPv4 Addressing....................................................................................................................303 IPv6 Addressing......................................................
ページ11に含まれる内容の要旨
Table of Contents Factory Defaults.................................................................................................................................339 Interfaces.....................................................................................................................................339 Trusted Hosts ..............................................................................................................................340 SNMP .....................................
ページ12に含まれる内容の要旨
Preface About This Document Purpose The EncrypTight User Guide provides detailed information on how to install, configure, and troubleshoot EncrypTight components: ETEMS, Policy Manager (ETPM), and Key Management System (ETKMS). It also contains information about configuring EncrypTight Enforcement Points (ETEPs) using ETEMS. Intended Audience This document is intended for network managers and security administrators who are familiar with setting up and maintaining network equipment. Some kno
ページ13に含まれる内容の要旨
Preface Contacting Black Box Technical Support Contact our FREE technical support, 24 hours a day, 7 days a week: Phone 724-746-5500 Fax 724-746-0746 e-mail info@blackbox.com Web site www.blackbox.com 14 EncrypTight User Guide
ページ14に含まれる内容の要旨
Part I EncrypTight Installation and Maintenance
ページ15に含まれる内容の要旨
16 EncrypTight User Guide
ページ16に含まれる内容の要旨
1 EncrypTight Overview EncrypTight™ Policy and Key Manager is an innovative approach to network-wide encryption. EncrypTight acts as a transparent overlay that integrates easily into any existing network architecture, providing encryption rules and keys to EncrypTight encryption appliances. EncrypTight consists of a suite of tools that perform various tasks of appliance and policy management: ● EncrypTight Element Management System (ETEMS) is the network management component of the EncrypTig
ページ17に含まれる内容の要旨
EncrypTight Overview multiple Policy Enforcement Points (PEPs) can use common keys, while a centralized platform assumes the function of renewing keys at pre-determined intervals. In this system, you use ETEMS to configure the PEPs, Policy Manager (ETPM) to create and manage policies, and Key Management System (ETKMS) to generate keys and distribute keys and policies to the appropriate PEPs. The PEPs encrypt traffic according to the policies and keys that they receive. Figure 1 EncrypTight c
ページ18に含まれる内容の要旨
Distributed Key Topologies Regardless of topology, PEPs are typically located at the point in the network where traffic is being sent to an untrusted network or coming from an untrusted network. As an example, Figure 2 shows a hub and spoke network secured with EncrypTight. Figure 2 PEPs in a Hub and Spoke network PEP A encrypts data traffic from Network A that goes to Networks B or C. PEP A also decrypts data that originates from Networks B and C. PEP B encrypts data from Network B that go
ページ19に含まれる内容の要旨
EncrypTight Overview EncrypTight Element Management System The EncrypTight Element Management System (ETEMS) is the device management component of the EncrypTight software, allowing you to provision and manage multiple encryption appliances from a central location. It provides capabilities for appliance configuration, software updates, and maintenance and troubleshooting for your EncrypTight encryption appliances. Policy Manager The Policy Manager (ETPM) is the policy component of the Encryp
ページ20に含まれる内容の要旨
Distributed Key Topologies Figure 3 Single ETKMS for multiple sites Figure 4 illustrates an EncrypTight deployment using multiple ETKMSs. With large, complex networks that have hundreds of PEPs, you might want to use multiple ETKMSs. Each ETKMS distributes keys for the PEPs it controls. For example: ETKMS 1 distributes the policies and keys to PEPs A, B, and C. ETKMS 2 distributes the policies and keys to PEPs D and E. ETKMS 3 distributes the policies and keys to PEPs F and G. Figure 4 Mult