Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Table 1. Internet Eng<strong>in</strong>eer<strong>in</strong>g Task Force Protocol Security Features<br />
and Key Management Configuration (Cont<strong>in</strong>ued)<br />
Protocol<br />
DHCP—RFC<br />
2131<br />
Dynamic Host<br />
Configuration<br />
Protocol is a<br />
mechanism<br />
for computers<br />
to receive<br />
dynamic IP<br />
address<br />
assignments.<br />
SNMPv3—<br />
RFC 3414<br />
Simple<br />
Network<br />
Management<br />
Protocol—see<br />
discussion <strong>in</strong><br />
section 4.6<br />
below.<br />
COPS—RFC<br />
2748<br />
Common<br />
Open Policy<br />
Service<br />
Security Features<br />
Authentication,<br />
Integrity<br />
Authentication,<br />
Integrity, Privacy<br />
Authentication,<br />
Integrity,<br />
Replay Protection<br />
Security<br />
Algorithm Keys Key Store <strong>in</strong> L<strong>in</strong>ux<br />
HMAC-MD5<br />
(see RFC<br />
2085) as used<br />
by the TSIG<br />
mechanism<br />
(see RFC<br />
3645)<br />
HMAC-MD5<br />
(see RFC<br />
2085) or<br />
HMAC-SHA-1<br />
(see RFC<br />
4231)<br />
(IETF is<br />
currently<br />
enhanc<strong>in</strong>g<br />
SNMP<br />
security)<br />
HMAC<br />
Optional:<br />
IPsec or TLS<br />
Symmetric key<br />
obta<strong>in</strong>ed from a<br />
BIND utility<br />
Symmetric Key<br />
Symmetric Key<br />
However, DNS TSIG is<br />
configured via same<br />
mechanism as for DNS.<br />
Managers may also<br />
secure DNS by the<br />
allow-update or updatepolicy<br />
substatements<br />
(with<strong>in</strong> DNS RR) to<br />
provide access control to<br />
specific DHCP servers<br />
only.<br />
Pair-wise assignment of<br />
two symmetric keys<br />
between each SNMP<br />
agent and each network<br />
adm<strong>in</strong>istrator. This can<br />
be constructed from the<br />
user’s password via the<br />
mechanism described <strong>in</strong><br />
RFC 3414 or else<br />
distributed by an out-ofband<br />
method.<br />
38