6 connecting to datacryptor ethernet units, Users, Ip parameter configuration via a serial connection – THALES DATACRYPTOR User Manual

Datacryptor Ethernet User Manual

Connecting to Datacryptor Ethernet Units

1270A450-005 - June 2008

Page 25

6 Connecting to Datacryptor Ethernet Units

There are three methods of connecting to the Datacryptor Ethernet units: Element Manager,
serial connection to CLI, and SNMP.

The Element Manager GUI application is used to manage and configure the Datacryptor Ethernet
device(s). It connects to the Datacryptor via the 10/100 Ethernet Management port.

A serial connection can be made to the Datacryptor Ethernet to interface to a text-based
Command Line Interface (CLI). This serial interface can also be used to access the element
manager software.

A third-party SNMP Version 1, Version 2c, or Version 3 compliant network management
application can collect and display performance monitoring data, but may not alter any system
level parameters. The only supported configuration tasks are those associated with SNMPv3
user and view based access control. SNMP traps are issued as Version 3 and authentication and
encryption are supported.

Users

The Datacryptor Ethernet will encrypt everything passed to it from the host network and place it
onto the public network. Because of this there is no need to create secure users for the
Datacryptor Ethernet, as anyone sending information will automatically use the Datacryptor
Ethernet unit.

The people who administrate and configure the Datacryptor Ethernet do need to be secure and
need to be authenticated using secure methods. Certificates are loaded into the Datacryptor
Ethernet units that have keys used to sign messages between the PC used for configuration and
the units themselves. The AES keys used to encrypt and decrypt the data being passed between
Datacryptor units are automatically generated using Diffie Hellman and the supplied Diffie
Hellman parameters.

When first installing the Datacryptor, use the default password. Thales strongly recommends
that the Administrator changes the password before the unit is put in service and changes from
the Universal CA to their own custom CA to ensure maximum security (see the

Change

Password dialog

section). Passwords are case-sensitive.

IP Parameter Configuration via a Serial Connection

When shipped, a Datacryptor Ethernet device has the following port settings:

Port

IP address

Net Mask

Control 2.2.2.2

255.0.0.0

Ethernet management

255.0.0.0

255.255.255.255

Network 1.n.n.n

255.0.0.0

To change the parameters follow the steps below:

1. Connect the Datacryptor’s RS-232 craft port directly to the terminal’s serial port using

the supplied DB-9 serial cable.