Intel PRO/100 Computer Hardware User Manual


 
Intel® Packet Protect User’s Guide
36
About algorithm notation
Each security action can specify algorithms to use for encryption and authenti-
cation. There are three categories (Encryption, ESP [Encapsulation Security
Payload] Authentication, and AH [Authentication Header] Authentication.
At least one of these categories must be used in a security action, or you can use
two or even all three.
IPSec and Packet Protect use a kind of “shorthand” notation for describing the
algorithms used in a security action—Encryption value + ESP value + AH
value. For example, if you create a security action that uses DES for Encryption,
SHA1 for ESP, and do not use AH, this would be shown as DES+SHA1+None.
To create a new security action
1. On the Policy Editor dialog box, select the rule for which you want a new
security action.
2. Click Edit Rule. The Edit Rule dialog box appears.
3. Click Customize Security. The Customize Security Actions dialog box
appears.
4. Click New.
5. In the Security action list box, type a new name for the security action.
6. Specify a time and/or size limit for the security association. Refer to
Table 6, “Available Settings for Security Actions,” on page 34 for detailed
information about these items.
7. If applicable, select the Perfect Forward Secrecy check box.
Note
: DO NOT use Perfect Forward Secrecy if your computers will
need to communicate securely with Windows 2000 IPSec
computers or any other non-Packet Protect IPSec computers.
8. Select Anti-replay protection. (Always select this setting because it
increases network protection with very little impact on network traffic—
see Table 6 on page 34 for details.)
9. Add algorithms to the preference list for the security action:
In the Encryption, ESP Authentication, and AH Authentication list
boxes, select which algorithms you want to propose for the security
action. You must select at least one algorithm from any of the lists.
Click Add.
Repeat this step for each algorithm combination you want to add.
10. If you need to remove an algorithm combination from the preference list,
select the combination from the list on the right, then click Remove.
11. To indicate your order of preference, move the algorithm combinations to
the correct location on the list by selecting an algorithm combination and
clicking Move Up or Move Down. Move the most important selection to
the top of the list and continue in descending order of importance.