Summary of the content on the page No. 1
ET0010A
ET0100A
ET1000A
EncrypTight User Guide
EncrypTight acts as a transparent overlay that
®
BL A CK BOX
integrates easily into any existing network
architecture, providing encryption rules and keys
to EncrypTight Enforcement Points.
EncrypTight consists of a suite of tools that performs various tasks of
appliance and policy management, including Policy Manager (PM),
Key Management System (KMS), and EncrypTight Enforcement Points
(ETEPs).
Order toll-free in the U.S.: Call 877-877-BBOX
Summary of the content on the page No. 2
Table of Contents Preface....................................................................................................................................... 13 About This Document.......................................................................................................................... 13 Contacting Black Box Technical Support............................................................................................ 14 Part I: EncrypTight Installation and Maintenance Chapter
Summary of the content on the page No. 3
Table of Contents Uninstalling EncrypTight Software.................................................................................................40 Starting EncrypTight ......................................................................................................................40 Exiting EncrypTight........................................................................................................................41 Management Station Configuration.................................
Summary of the content on the page No. 4
Table of Contents Step 2: Prepare ETPM Status and Renew Keys ...........................................................................74 Step 3: Upgrade the EncrypTight Software ...................................................................................74 Step 4: Verify ETKMS Status and Deploy Policies........................................................................74 Step 5: Upgrade PEP Software ...................................................................................
Summary of the content on the page No. 5
Table of Contents Provisioning Large Numbers of Appliances .......................................................................................111 Creating a Configuration Template..............................................................................................112 Importing Configurations from a CSV File ...................................................................................112 Importing Remote and Local Interface Addresses.............................................
Summary of the content on the page No. 6
Table of Contents Editing PEPs ......................................................................................................................................151 Editing PEPs From ETEMS.........................................................................................................151 Editing Multiple PEPs ..................................................................................................................152 Editing PEPs From ETPM ....................................
Summary of the content on the page No. 7
Table of Contents Adding a Multicast Policy.............................................................................................................199 Adding a Point-to-point Policy .....................................................................................................203 Adding Layer 4 Policies......................................................................................................................206 Policy Deployment .............................................
Summary of the content on the page No. 8
Table of Contents ETKMS Log Files ..................................................................................................................241 PEP Log Files .......................................................................................................................242 ETKMS Troubleshooting Tools ..........................................................................................................242 ETKMS Server Operation...................................................
Summary of the content on the page No. 9
Table of Contents Changing the EncrypTight Keystore Password ...........................................................................266 Changing the ETKMS Keystore Password..................................................................................266 Changing the Keystore Password on a ETKMS ...................................................................267 Changing the Keystore Password on a ETKMS with an HSM ..............................................268 Configuring the Certi
Summary of the content on the page No. 10
Table of Contents Interface Configuration.......................................................................................................................301 Management Port Addressing .....................................................................................................302 IPv4 Addressing....................................................................................................................303 IPv6 Addressing......................................................
Summary of the content on the page No. 11
Table of Contents Factory Defaults.................................................................................................................................339 Interfaces.....................................................................................................................................339 Trusted Hosts ..............................................................................................................................340 SNMP .....................................
Summary of the content on the page No. 12
Preface About This Document Purpose The EncrypTight User Guide provides detailed information on how to install, configure, and troubleshoot EncrypTight components: ETEMS, Policy Manager (ETPM), and Key Management System (ETKMS). It also contains information about configuring EncrypTight Enforcement Points (ETEPs) using ETEMS. Intended Audience This document is intended for network managers and security administrators who are familiar with setting up and maintaining network equipment. Some kno
Summary of the content on the page No. 13
Preface Contacting Black Box Technical Support Contact our FREE technical support, 24 hours a day, 7 days a week: Phone 724-746-5500 Fax 724-746-0746 e-mail info@blackbox.com Web site www.blackbox.com 14 EncrypTight User Guide
Summary of the content on the page No. 14
Part I EncrypTight Installation and Maintenance
Summary of the content on the page No. 15
16 EncrypTight User Guide
Summary of the content on the page No. 16
1 EncrypTight Overview EncrypTight™ Policy and Key Manager is an innovative approach to network-wide encryption. EncrypTight acts as a transparent overlay that integrates easily into any existing network architecture, providing encryption rules and keys to EncrypTight encryption appliances. EncrypTight consists of a suite of tools that perform various tasks of appliance and policy management: ● EncrypTight Element Management System (ETEMS) is the network management component of the EncrypTig
Summary of the content on the page No. 17
EncrypTight Overview multiple Policy Enforcement Points (PEPs) can use common keys, while a centralized platform assumes the function of renewing keys at pre-determined intervals. In this system, you use ETEMS to configure the PEPs, Policy Manager (ETPM) to create and manage policies, and Key Management System (ETKMS) to generate keys and distribute keys and policies to the appropriate PEPs. The PEPs encrypt traffic according to the policies and keys that they receive. Figure 1 EncrypTight c
Summary of the content on the page No. 18
Distributed Key Topologies Regardless of topology, PEPs are typically located at the point in the network where traffic is being sent to an untrusted network or coming from an untrusted network. As an example, Figure 2 shows a hub and spoke network secured with EncrypTight. Figure 2 PEPs in a Hub and Spoke network PEP A encrypts data traffic from Network A that goes to Networks B or C. PEP A also decrypts data that originates from Networks B and C. PEP B encrypts data from Network B that go
Summary of the content on the page No. 19
EncrypTight Overview EncrypTight Element Management System The EncrypTight Element Management System (ETEMS) is the device management component of the EncrypTight software, allowing you to provision and manage multiple encryption appliances from a central location. It provides capabilities for appliance configuration, software updates, and maintenance and troubleshooting for your EncrypTight encryption appliances. Policy Manager The Policy Manager (ETPM) is the policy component of the Encryp
Summary of the content on the page No. 20
Distributed Key Topologies Figure 3 Single ETKMS for multiple sites Figure 4 illustrates an EncrypTight deployment using multiple ETKMSs. With large, complex networks that have hundreds of PEPs, you might want to use multiple ETKMSs. Each ETKMS distributes keys for the PEPs it controls. For example: ETKMS 1 distributes the policies and keys to PEPs A, B, and C. ETKMS 2 distributes the policies and keys to PEPs D and E. ETKMS 3 distributes the policies and keys to PEPs F and G. Figure 4 Mult