Manualshelf

User's Manual

ManualsBrandsUbiquiti Networks Manualscomputer componentsXR2
101102103104105106107108109110
© 2010 - 2015 Persistent Systems, LLC – All Rights Reserved 103
WEB MANAGEMENT INTERFACE REFERENCE
ZEROIZE
The Zeroize box enables users to erase the key configuration on an individual node
or on the entire network as specified by the Node List. When a node is zeroized, all
traces of the current key are erased so that the key can no longer be recovered from
the unit. Once a node has been zeroized, it cannot participate in any Wave Relay
®
network until it is re-keyed using the “Set Key” function.
1. From the “Update” menu, select whether to update only the currently managed
node (“Node”) or all nodes on the network. The “network (require all)” setting
will zeroize the security configuration for all nodes in the network and will
require all nodes in the network be available for any changes to be applied.
If not all nodes are available, no changes will be applied. The “network (any
available)” setting will zeroize the security configuration for all available nodes
on the network. Nodes that are not available will NOT be updated.
2. Clicking the “Zeroize Key” button will erase the packet encryption key only.
Clicking the “Zeroize All Configuration” button will erase not only the key but
also the management password and the public/private key-pair used to connect
to the Web Management Interface. If the “Zeroize All Configuration” button is
clicked, the node(s) will also reboot.
3. To access the Web Management Interface after the “Zeroize All Configuration”
button has been clicked and the node has rebooted, the user will need to
accept a newly generated certificate and use the factory password to log into
the Web Management Interface.
SECURITY FEATURES
Tamper Response: This menu enables or disables tamper detection. If tamper
detection is enabled, disassembly of the Wave Relay
®
enclosure will cause a
complete zeroize of the security configuration, including the encryption key, the
management password, and the public/private key-pair used to connect to the Web
Management Interface. This feature is only available on MPU versions of the Wave
Relay
®
.
select the “Backwards Compatible: 256-bit AES-CTR with HMAC-SHA-1” mode
on the units with newer hardware; this will allow all the nodes in the network
to communicate. If you have a network with only newer hardware you can
select any of the three modes. We recommend “256-bit AES-CTR with HMAC-
SHA-512” as the mode with the greatest security margin. “256-bit AES-GCM” is
an alternate full Suite-B mode that can also be used based on user preference.
3. Once the Crypto Mode is set, enter a key value into the field and click the “Set”
button, or click the “Generate” button to generate a random key. The new key
information is stored to the node or the network.