Chapter 3: System planning
Security planning
Item
Description
Quantity required
TLS Private Key
and Public
Certificates
An RSA private key of size 2048 bytes, generated in
either PKCS#1 or PKCS#5 format, unencrypted, and
encoded in the ASN.1 DER format.
An X.509 certificate containing an RSA public key,
generated in either PKCS#1 or PKCS#5 format,
unencrypted, and encoded in the ASN.1 DER
format.
The public key certificate must have Common
Name equal to the IPv4 or IPv6 address of the
ODU.
The public key certificate must form a valid pair
with the private key.
Two pairs per link. These
items are unique to IP
address.
User Defined
Security Banner
The banner provides warnings and notices to be
read by the user before logging in to the ODU. Use
text that is appropriate to the network security
policy.
Normally one per link.
This depends upon
network policy.
Entropy Input
This must be of size 512 bits (128 hexadecimal
characters), output from a random number
generator.
Two per link. For greater
security, each link end
should be allocated a
unique Entropy Input.
Wireless Link
Encryption Key
for AES
An encryption key generated using a cryptographic
key generator. The key length is dictated by the
selected AES encryption algorithm (128 or 256
bits).
One per link. The same
encryption key is
required at each link end.
Port numbers
for HTTP,
HTTPS and
Telnet
Port numbers allocated by the network.
As allocated by network.
Page
3-34