1. Home
    2. /
  2. Manuals
    3. /
  3. Option
    4. /
  4. GlobeSurfer-II
    5. /
  5. 16
Page 76 / 126 Scroll up to view Page 71 - 75
76
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
6.6.3
Universal Plug and Play
To access the UPnP settings perform the following:
1. Click ‘Universal Plug and Play’ on the ‘Advanced’ screen of the management console. The Universal Plug and Play
settings screen will be displayed (see Figure 6.22).
2. Check the Allow other network users to control GlobeSurfer
®
II’s setwork features checkbox, to enable the UPnP feature.
This will enable you to define UPnP services on any of the LAN hosts.
Check the Enable automatic cleanup of old unused UPnP services checkbox, to enable automatic cleanup of invalid rules.
When enabled, this feature checks validity of all the UPnP services and rules every 5 minutes. Any UPnP defined service
that is found to be old and not in use, is removed, unless any user defined rule (see Security screen) depends on it. This
feature is disabled by default.
Since there is a limitation on the maximum number of UPnP defined services to 256, you should want to enable the
cleanup feature if you might exceed this limit.
In which case might the limit be exceeded UPnP services are not deleted when disconnecting a computer without proper
shutdown of the UpnP application
(e.g. messenger). Thus, if you are running a boingo, services may often not be deleted, and will eventually lead to
exhaustion of rules and services, and no new services could be defined. In this scenario the cleanup feature will find the
services that are no longer valid and will remove them, preventing services exhaustion.
Figure 6.22 UPnP
6.6.4
Scheduler Rules
Scheduler rules are used for limiting the activation of settings, such as firewall rules, to specific time periods, specified in days
of the week, and hours.
Figure 6.23 Scheduler rules
To define a Rule:
1.
Click ‘Scheduler rules’ on the ‘Advanced’ screen of the management console. The Scheduler rules screen will appear
(see Figure 6.23).
2.
Click the ‘New scheduler entry’ link. The Scheduler rule edit screen will appear (see Figure 6.24).
Page 77 / 126
77
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
Figure 6.24 Edit scheduler rule
3.
Specify a name for the rule in the ‘Name’ field.
4.
Specify if the rule will be active/inactive during the designated time period, by selecting the appropriate ‘Rule activity
settings’ check box.
5.
Click the ‘New time segment’ entry link to define the time segment to which the rule will apply — the Time segment edit
screen will appear (see Figure 6.25).
Figure 6.25 Edit time segment
6.
Select active/inactive days of the week.
7.
Click the ‘New hours segment entry’ link to define an active/inactive hourly range.
8. Click OK.
Figure 6.26 Edit hour range
Page 78 / 126
78
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
6.6.5
Certificates
6.6.5.1
Overview
Public-key cryptography uses a pair of keys: a public key and a corresponding private key. These keys can play
opposite roles, either encrypting or decrypting data. Your public key is made known to the world, while your private
key is kept secret.
The public and private keys are mathematically associated; however it is computationally infeasible to deduce the
private key from the public key. Anyone who has the public key can encrypt information that can only be decrypted
with the matching private key. Similarly, the person with the private key can encrypt information that can only be
decrypted with the matching public key.
Technically, both public and private keys are large numbers that work with cryptographic algorithms to produce
encrypted material. The primary benefit of public-key cryptography is that it allows people who have no preexisting
security arrangement to authenticate each other and exchange messages securely.
GlobeSurfer
®
II makes use of public-key cryptography to encrypt and authenticate keys for the encryption of
Wireless and VPN data communication, the Web Based Management (WBM) utility, and secured telnet.
6.6.5.2
Digital Certificates
When working with public-key cryptography, you should be careful and make sure that you are using the correct
person’s public key. Man-in-the-middle attacks pose a potential threat, where an ill-intending 3rd party posts a
phony key with the name and user ID of an intended recipient. Data transfer that is intercepted by the owner of the
counterfeit key can fall in the wrong hands. Digital certificates provide a means for establishing whether a public
key truly belongs to the supposed owner. It is a digital form of credential. It has information on it that identifies you,
and an authorized statement to the effect that someone else has confirmed your identity.
Digital certificates are used to foil attempts by an ill-intending party to use an unauthorized public key. A digital
certificate consists of the following:
A PUBLIC KEY
Certificate information
The “identity” of the user, such as name, user ID and so on.
Digital signatures
A statement stating that the information enclosed in the certificate has been vouched for by a Certificate Authority (CA).
Binding this information together, a certificate is a public key with identification forms attached, coupled with a
stamp of approval by a trusted party.
6.6.5.3
X.509 Certificate Format
GlobeSurfer
®
II supports X.509 certificates that comply with the ITU-T X.509 international standard. An X.509
certificate is a collection of a standard set of fields containing information about a user or device and their
corresponding public key. The X.509 standard defines what information goes into the certificate, and describes
how to encode it (the data format). All X.509 certificates have the following data:
The certificate holder’s public key
The public key of the certificate holder, together with an algorithm identifier that specifies which cryptosystem the
key belongs to and any associated key parameters.
The serial number of the certificate
The entity (application or person) that created the certificate is responsible for assigning it a unique serial number
to distinguish it from other certificates it issues. This information is used in numerous ways; for example when a
certificate is revoked, its serial number is placed on a Certificate Revocation List (CRL).
The certificate holder’s unique identifier
This name is intended to be unique across the Internet. A DN consists of multiple subsections and may look
something like this: CN=Option Wireless Sweden AB, [email protected], OU=Development Department,
O=Option Wireless Sweden AB, C=SE (These refer to the subject’s Common Name, Organizational Unit,
Page 79 / 126
79
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
Organization, and Country.)
The certificate’s validity period
The certificate’s start date/time and expiration date/time; indicates when the certificate will expire.
The unique name of the certificate issuer
The unique name of the entity that signed the certificate. This is normally a CA. Using the certificate implies
trusting the entity that signed this certificate. (Note that in some cases, such as root or top-level CA certificates,
the issuer signs its own certificate.) The digital signature of the issuer the signature using the private key of the
entity that issued the certificate.
The signature algorithm identifier
Identifies the algorithm used by the CA to sign the certificate.
6.6.5.4
GlobeSurfer
®
II Certificate Stores
GlobeSurfer
®
II maintains two certificate stores:
1.
GlobeSurfer
®
II Local Store This store contains a list of approved certificates that are used to identify
GlobeSurfer
®
II to its clients. The list also includes certificate requests that are pending a CA’s endorsement.
You can obtain certificates for GlobeSurfer
®
II using the following methods:
Requesting an X509 Certificate
This method creates both a private and a matching public key. The public key is then sent to the CA to be
certified.
Creating a Self-Signed Certificate
This method is the same as requesting a certificate, only the authentication of the public key does not
require a CA. This is mainly intended for use within small organizations.
Loading a PKCS#12
Format Certificate This method loads a certificate using an already available and certified set of private
and public keys.
2. Certificate Authority (CA) Store This store contains a list of the trusted certificate authorities, which is used
to check certificates presented by GlobeSurfer
®
II clients.
6.6.5.4.1
Requesting an X509 Certificate
To obtain an X509 certificate, you must ask a CA to issue you one. You provide your public key, proof
that you possess the corresponding private key, and some specific information about yourself. You
then digitally sign the information and send the whole package – the certificate request – to the CA.
The CA then performs some due diligence in verifying that the information you provided is correct
and, if so, generates the certificate and returns it.
You might think of an X509 certificate as looking like a standard paper certificate with a public key
taped to it. It has your name and some information about you on it, plus the signature of the person
who issued it to you.
1.
Click the ’Certificates’ icon in the ’Advanced’ screen of the Web-base Management. The
’Certificates’ screen will appear (see figure Error! Hyperlink reference not valid.
Figure 6.27 Certificates
Page 80 / 126
80
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
2.
Click the ’GlobeSurfer
®
II’s local’ certificates tab.
3.
Click the ’Create Certificate Request’ button. The ’Create X509 Request’ screen will appear (see
Figure 6.28).
4.
Enter the following certification request parameters:
1. Certificate Name
2. Subject
3. Organizatin
4. State
5. Country
5.
Click the ’Generate’ button. A screen will appear stating that the certification request is being
generated (see Figure 6.29).
Figure 6.28 Create X509 request
Figure 6.29 New X509 request
6.
After a short while, press the ’Refresh’ button, until the ’Save Certificate Request’ screen appears
(see Figure 6.30).
Click the ’Save Certificate Request’ button and save the request to a file.
7.
Click the ’Close’ button. The main certificate management screen will reappear, listing your
certificate as “Unsigned” (see Figure 6.31). In this state, the request file may be opened at any time
by pressing the ’save’ icon under the ’Action’ column and then ’Open’ in the dialogue box (Windows
only).
9.
After receiving a reply from the CA in form of a ’.pem’ file, click the ’Load Certificate’ link. The
’Load GlobeSurfer
®
II’s Local Certificate’ screen will appear (see Figure 6.32).
Figure 6.30 Save certificate request

Rate

4 / 5 based on 2 votes.

Popular Option Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top