Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
HAGs are high-assurance devices that need to be physically protected from areas that are<br />
accessible by passengers.<br />
The noncockpit crew network devices should also not be accessible by passengers <strong>in</strong> general, but<br />
the design could accommodate situations <strong>in</strong> which passengers are not always physically<br />
excluded from the area where those devices are located. If physical separation is not possible,<br />
crew members must be very careful to not leave open applications runn<strong>in</strong>g <strong>in</strong> situations when the<br />
crew member is not present (i.e., situations where passengers may access applications that have<br />
been opened with crew member authentications).<br />
8.3.3 Encapsulation Gateways.<br />
Encapsulation gateways support IPsec <strong>in</strong> accordance with reference 99 (see section 8.3.1). The<br />
encapsulation gateways must be configured so that all packets sent to their nonenclave IP<br />
<strong>in</strong>terfaces must be dropped unless they use the IPsec’s ESP. Encapsulation gateways<br />
communicate together us<strong>in</strong>g the ESP <strong>in</strong> tunnel mode. Network managers or IDS devices<br />
communicate with encapsulation gateways via the ESP <strong>in</strong> transport mode. Because of the<br />
authentication provisions conta<strong>in</strong>ed with<strong>in</strong> the ESP, encapsulation gateways should be<br />
configured so that they only accept communications from outside of the VPN enclave they<br />
support from three types of devices only: other encapsulation gateways, network managers, or<br />
IDS devices. They should be configured so that they ignore (e.g., drop) all non-IPsec packets<br />
com<strong>in</strong>g from outside of the VPN. Packets sent to the VPN that they support must be IPsec <strong>in</strong><br />
tunnel mode. The encapsulat<strong>in</strong>g gateway does not put any restriction upon packets sent with<strong>in</strong><br />
the VPN that it forwards. However, all packets addressed to the encapsulat<strong>in</strong>g gateway itself<br />
(from either outside of the VPN or with<strong>in</strong> the VPN regardless) must be sent <strong>in</strong> IPsec or else they<br />
will be ignored (i.e., dropped).<br />
Because VPN gateways only l<strong>in</strong>k together distributed VPN elements that operate at the same<br />
software level, their IPsec’s security policy database (SPD) entries need to be configured to only<br />
permit IPsec security associations (SA) to be established with other encapsulat<strong>in</strong>g gateways<br />
operat<strong>in</strong>g at the same software level. Their SPD should be configured to prohibit any SAs to be<br />
created with any encapsulat<strong>in</strong>g gateway that services a different software level. The only<br />
exception is if a HAG exists on the pla<strong>in</strong> text network (i.e., if the HAG is <strong>in</strong> place, then the two<br />
encapsulat<strong>in</strong>g gateways can be configured to establish SAs with each other). Encapsulat<strong>in</strong>g<br />
gateways should not be configured to permit SAs to become established between MSLS and<br />
system-high networks, regardless of whether they are operat<strong>in</strong>g at the same software level or not.<br />
Encapsulat<strong>in</strong>g gateways may also need to support network management relay<strong>in</strong>g, depend<strong>in</strong>g on<br />
how a given implementation has configured its network management system. The relevant issue<br />
is that because each VPN system can only know about its own VPN, and the <strong>in</strong>ternals of that<br />
system are hidden from all entities not <strong>in</strong> that VPN, then there is no natural way for a s<strong>in</strong>gle<br />
network management system to manage an airplane’s entire network environment if that airplane<br />
supports multiple VPNs. The most obvious management approach is to have a s<strong>in</strong>gle<br />
management system per VPN; but that alternative means that multiple disjo<strong>in</strong>t network<br />
management systems will exist, none of which have coord<strong>in</strong>ated oversight over the aircrafts’<br />
115