Manualshelf

User's Manual

ManualsBrandsAvaya ManualsGatewayAvaya B5800 Branch Gateway Manager
71727374757677787980
Avaya Branch Gateway Manager 10.0 Page 71
15-601011 Issue 29r (Friday, November 02, 2012)B5800 Branch Gateway
Security Mode: Security Administration
8. Windows Certificate Store Import
In order to use certificates – either for security settings or Branch Gateway Manager operation – they must be present in
the windows certificate store. Certificates may be placed in the store by the Certificate Import Wizard or the Certificate
MMC snap-in
The Certificate Import Wizard can be used whenever a certificate is viewed. In order for Branch Gateway Manager to
subsequently access this certificate the Place all certificate in the following store option must be selected:
· If the certificate is to subsequently identify the system, the Other People folder should be used.
· If the certificate is to subsequently identify the Branch Gateway Manager, the Personal folder should be used, and
the associated private key saved as well.
If the saved certificate is to be used by other windows users, the MMC certificate snap-in must be used to move it to the
Certificates (Local Computer) folder.
9. Certificate Store Export
Any certificate required outside of the Branch Gateway Manager PC required to be first saved in the Certificate store,
then exported using the MMC snap-in.
If the certificate is to be used for identity checking (i.e. to check the far entity of a link) the certificate alone is sufficient,
and should be saved in PEM or DER format.
If the certificate is to be used for identification (i.e. to identify the near end of a link) the certificate and private key is
required, and should be saved in PKCS#12 format, along with a password to access the resultant .pfx file.
10. Implementing Administration Security
This section suggests system security settings that could implement possible security requirements. This section does not
cover the general aspects of security policy analysis or definition, or how the system administration security interacts
with other security mechanism.
10.1. Negligible Security
If all Branch Gateway Manager and system security settings are left at default, no security mechanisms are active, other
than the use of default service user names and passwords. In addition, all legacy interfaces are active, and all
configuration and security data is sent unencrypted.
It is recommended that at the very least, the default service user passwords are changed.