Manualshelf

User's Manual

ManualsBrandsSiemens ManualsNetwork RouterSiemens Network Router Version: 1.2
12345678910
2. Security Services
Figure 3: VPN-function of the Security-module
For the communication over a VPN the security modules are collected in groups.
For each VPN there is a so called network certificate with corresponding private
key that identifies the VPN. Each security module that belongs to the VPN holds a
certificate which is signed with the private key of the network certificate. The
network certificate is issued by a certification authority (CA) or it is self issued. The
VPNs are based on IPsec and use the IKE protocol for the key management. The
implementation was adapted from OpenBSD.
2.2.3 Removable Media (C-Plug)
The configuration data is stored on a removable media which is also called C-Plug.
A security module can easily be configured by inserting a C-Plug storing an
appropriate configuration. The configuration is then loaded by the security module
and stored in the internal flash memory. The data on the C-Plug is AES encrypted.
The removable media makes replacing a module very simple by exchanging the
hardware device and putting in a removable media for easy configuration. The
removable media is placed on the back of the module behind a cover which can
only be opened with a tool. With that it is more difficult to exchange the card.
19-Aug-05 escrypt GmbH 8