Product specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

211

212

213

214

215

216

217

218

219

220

Efficient Networks

Router family

Technical Reference Guide

Chapter 5: System Security

Efficient Networks

Page 5-75

Blowfish

Blowfish is a block cipher that encrypts data in 8-byte blocks. The algorithm consists

of two parts: a key-expansion part and a data-encryption part. Key expansion

converts a variable-length key of at most 56 bytes (448 bits) into several subkey

arrays totaling 4168 bytes. The resulting key supported is 128-bits.

ACR4

ARCFOUR, a public domain algorithm, is a stream based cipher that can use a

variable length key. The key size supported is 128-bits.

Procedure

To change the prescribed encryption method, access the SSH Configuration form in

the Web Interface or use the following command:

-> ssh set encryption <type>

Authentication

Two methods of Message Authentication Code (MAC), MD-5 and SHA-1, are

supported for data integrity. The MD-5 algorithm takes an message of arbitrary length

and produces a 128-bit "fingerprint" or "message digest" of the input that is used as

the authentication data. SHA-1 methodology is similar, but yields a 160-bit key.

Procedure

To change the prescribed encryption method, access the xxx form in the Web

Management Interface or use the following command:

-> ssh set mac <md5 | sha1>

Bridge Filtering

You can control the flow of packets through the router using bridge filters. The filters

can “deny” or “allow” packets to cross the network based on the content of the

packets. This feature lets you restrict or forward messages with a specified address,

protocol, or data content. Common uses are to prevent access to remote networks,

control unauthorized access to the local network, and limit unnecessary traffic.

For example, to restrict remote access for specific users, you could define bridge

filters using the local MAC address of each user to be restricted. Each bridge filter is

specified as a “deny” filter based on the MAC address and position of the address

within the packet. Deny filtering mode is then enabled to initiate bridge filtering. While

in deny mode, all packets containing one of the filtered MAC addresses are denied

bridging across the router.

Similarly, protocol filtering can be used to prevent a specific protocol from being

bridged. In this case, the protocol ID field in a packet is used to deny or allow a

packet. You can also restrict the bridging of specific broadcast packets.