Cisco 2651 Benutzerhandbuch - Seite 36

Blättern Sie online oder laden Sie pdf Benutzerhandbuch für Netzwerk-Router Cisco 2651 herunter. Cisco 2651 48 Seiten. Non-proprietary security policy

Cisco 2651 Benutzerhandbuch
The Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers

Cryptographic Key Management

The router securely administers both cryptographic keys and other critical security parameters such as
passwords. The tamper evidence seals provide physical protection for all keys. All keys are also
protected by the password-protection on the Crypto Officer role login, and can be zeroized by the Crypto
Officer. Keys are exchanged manually and entered electronically via manual key exchange or Internet
Key Exchange (IKE).
The module supports the following critical security parameters (CSPs):
Table 18
#
1
2
3
4
5
6
7
8
9
10
11
Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary
36
Critical Security Parameters
CSP
Description
Name
CSP 1
This is the seed key for X9.31 PRNG. This key is stored in DRAM
and updated periodically after the generation of 400 bites; hence,
it is zeroized periodically. Also, the operator can turn off the
router to zeroize this key.
CSP 2
The private exponent used in Diffie-Hellman (DH) exchange.
Zeroized after DH shared secret has been generated.
CSP 3
The shared secret within IKE exchange. Zeroized when IKE
session is terminated.
CSP 4
Same as above
CSP 5
Same as above
CSP 6
Same as above
CSP 7
The IKE session encrypt key. The zeroization is the same as
above.
CSP 8
The IKE session authentication key. The zeroization is the same
as above.
CSP 9
The RSA private key. "crypto key zeroize" command zeroizes this
key.
CSP 10
The key used to generate IKE skeyid during preshared-key
authentication. "no crypto isakmp key" command zeroizes it. This
key can have two forms based on whether the key is related to the
hostname or the IP address.
CSP 11
This key generates keys 3, 4, 5 and 6. This key is zeroized after
generating those keys.
Storage
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext)
DRAM
(plaintext)
OL-6083-01