Nortel 1000 Integration Manual

Also see for 2000: Administration guide Pre-installation instructions Quick start guide Release note Using

Contents

Nortel 1000 Integration Manual Manual pdf 18 page image

Chapter 2 Security PlanningApplication Gateway Security Solutions12 Application Gateway Network Integration GuideThe Application Gateway also protects the passwords that must beentered for connections to devices needed for operations, such as LDAPservers, SMTP servers, and so on. Any password entry required for suchservers is not echoed to the screen during entry or during subsequentviewing of the configuration data, either on screen or in the system logs.All passwords stored on the Application Gateway are stored as aninaccessible, one-way hash.Secure Socket LayerThe Secure Socket Layer (SSL) protocol ensures privacy betweencommunicating applications and their users on the Internet. SSL uses aprogram layer located between the Hypertext Transfer Protocol (HTTP)and Transmission Control Protocol (TCP) layers. SSL is included in mostbrowsers and Web server products. Developed by Netscape, SSL has alsogained the support of Microsoft and other Internet client/serverdevelopers, becoming the standard.The Application Gateway provides SSL sessions, with support for HTTPS,IMAPS, POPS, and SSMTP. SSL support enables deployment of theApplication Gateway behind a firewall in order to provide a securegateway to protect IP telephone connections beyond the firewall.The “socket” part of the term Secure Socket Layer refers to the socketmethod of passing data back and forth between a client and a serverprogram in a network or between program layers in the same computer.SSL uses the public-and-private key encryption system from RSA Security,which also includes the use of a digital certificate.The Application Gateway supports digital certificates in PrivacyEnhanced Mail (PEM) format that include a private key. You should installon the Application Gateway a digital X.509 certificate that belongs to yourcompany. This will ensure that all SSL transactions will pass with no errorwarnings to device users. Certificates from Verisign and Thawte aresupported.While the Application Gateway supports 196-bit TLS SSL encryption, youhave the option to lower the encryption of the certificate if performance ismore important than security.