Datatek Enhanced User Manual

TM

E

NHANCED SECURITY GUIDE

I

SSUE 2

379 Campus Drive, Suite 100
Somerset, NJ 08873
fax: 732.667.1091
phone: 732.667.1080
email: sales@datatekcorp.com
http://www.datatekcorp.com

IP-CommKit Enhanced Security Guide

TABLE OF CONTENTS

1 INTRODUCTION.............................................................................................3

1.1 What is the IP-CommKit Enhanced Security Feature?................................3

2 REGISTRATION .............................................................................................5

3 CONFIGURATION..........................................................................................6

4 TROUBLESHOOTING....................................................................................7

4.1 Check the UTM ...............................................................................................7

4.2 Check /var/opt/dk/log/dkipdlog......................................................................7

5 END-USER LICENSE AGREEMENT FOR SOFTWARE ...............................9

5.1 SOFTWARE LICENSE ....................................................................................9

5.2 INTELLECTUAL PROPERTY RIGHTS............................................................ 9

5.3 SOFTWARE SUPPORT.................................................................................10

5.4 EXPORT RESTRICTIONS.............................................................................10

5.5 LIMITED WARRANTY...................................................................................10

5.6 NO OTHER WARRANTIES ...........................................................................10

5.7 SPECIAL PROVISIONS.................................................................................11

5.8 LIMITATION OF LIABILITY...........................................................................11

11/29/05

Datatek Applications Inc. 2

IP-CommKit Enhanced Security Guide

1 INTRODUCTION

This document describes the IP-CommKit Enhanced Security Feature, and is written as
a supplement to the IP-CommKit Installation and Administration Guide. If you are not
familiar with IP-CommKit, please read it first.

1.1 WHAT IS THE IP-COMMKIT ENHANCED SECURITY FEATURE?

The IP-CommKit Enhanced Security Feature protects the communications between your
host computer and BNS-2000/BNS-2000 VCS endpoints from eavesdroppers in the IP
network. IP-CommKit allows you to connect a host computer to a BNS network through
an IP network. While the closed architecture of BNS networks make eavesdropping
exceptionally difficult, the open architecture of IP networks can expose your data to a
large group of unauthorized listeners. Using inexpensive, commercially available test
equipment, an eavesdropper with access to the IP network can easily observe the data
that the host and BNS endpoints exchange. The IP-CommKit Enhanced Security
Feature automatically encrypts the data that passes through the IP network, making it
useless to eavesdroppers.

The IP-CommKit Enhanced Security Feature is transparent to both the host application
and the BNS network endpoints. No changes to your host application or BNS node
configuration are required. Data leaving the host computer is encrypted by the IP­CommKit software and decrypted when it enters the BNS network at the UTM module.
Similarly, data leaving the BNS network is encrypted by the UTM module and decrypted
when it reaches the host computer by the IP-CommKit software. The host application
and BNS endpoints are unaware of the process.



IP-CommKit is a trademark of Lucent Technologies, Inc., licensed to Datatek Applications, Inc., a

company independent of Lucent Technologies, Inc.

11/29/05

Datatek Applications Inc. 3

IP-CommKit Enhanced Security Guide

The IP-CommKit Enhanced Security Feature also makes it more difficult for an
unauthorized host computer to gain access to the BNS network through the UTM
module. In IP-CommKit Security Analysis, the effect of IP-CommKit on the vulnerability
of BNS networks to unauthorized access is examined. The conclusion is that several
layers of protection make a successful attack unlikely. The IP-CommKit Enhanced
Security Feature adds another layer of protection, further reducing the probability of a
successful attack.

The IP-CommKit Enhanced Security Feature uses a proprietary encryption algorithm.
While Datatek does not describe the algorithm in the documentation, it has the following
properties:

! The host computer and UTM module use different encryption keys.
! Every host computer and UTM module uses a different encryption key.
! The host computer generates the encryption key used by the UTM from IP-

CommKit configuration data, and vice versa, so there is no need for the host
computer and UTM module to exchange keys through the IP network.

! The encryption algorithm is efficient, and results in a negligible increase in CPU

utilization on the host computer.

! The encryption algorithm does not increase the size of the messages exchanged

by the host and UTM module. Thus, there is no increase in the IP network traffic
load.

The encryption algorithm used in the IP-CommKit Enhanced Security Feature is not
powerful enough to thwart sophisticated cryptographic attacks, such as those mounted
by government agencies or organized crime groups. As a result, the IP-CommKit
Enhanced Security Feature is not suitable for protecting financial or military information
in public networks. For these applications, contact Datatek for information about using
IPsec with IP-CommKit.

11/29/05

Datatek Applications Inc. 4