Cisco 2811 - Voice Security Bundle Router Betrieb - Seite 23
Blättern Sie online oder laden Sie pdf Betrieb für Netzwerk-Router Cisco 2811 - Voice Security Bundle Router herunter. Cisco 2811 - Voice Security Bundle Router 31 Seiten. Integrated services routers
Auch für Cisco 2811 - Voice Security Bundle Router: Schnellstart-Handbuch (45 seiten)
Seite drucken
PPP
RFC 1334
authentication
key
Router
Shared Secret
authentication
key 2
SSH session
Various
key
symmetric
User password
Shared Secret
Enable
Shared Secret
password
Enable secret
Shared Secret
RADIUS
Shared Secret
secret
secret_1_0_0
TACACS+
Shared Secret
secret
TLS server
RSA
private key
TLS server
RSA
public key
TLS pre-
Shared Secret
master secret
© Copyright 2007 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
AAA server is zeroized upon
completion of the authentication
attempt.
The authentication key used in
PPP. This key is in the DRAM and
not zeroized at runtime. One can
turn off the router to zeroize this
key because it is stored in DRAM.
This key is used by the router to
authenticate itself to the peer. The
key is identical to Router
authentication key 1 except that it
is retrieved from the local database
(on the router itself). Issuing the
"no username password" zeroizes
the password (that is used as this
key) from the local database.
This is the SSH session key. It is
zeroized when the SSH session is
terminated.
The password of the User role. This
password is zeroized by
overwriting it with a new password.
The plaintext password of the CO
role. This password is zeroized by
overwriting it with a new password.
The ciphertext password of the CO
role. However, the algorithm used
to encrypt this password is not
FIPS approved. Therefore, this
password is considered plaintext
for FIPS purposes. This password
is zeroized by overwriting it with a
new password.
The RADIUS shared secret. This
shared secret is zeroized by
executing the "no radius-server
key" command.
The fixed key used in Cisco vendor
ID generation. This key is
embedded in the module binary
image and can be deleted by
erasing the Flash.
The TACACS+ shared secret. This
shared secret is zeroized by
executing the "no tacacs-server
key" command.
1024/1536/2048 bit RSA private
key used for SSLV3.1/TLS.
1024/1536/2048 bit RSA public
key used for SSLV3.1/TLS.
Shared Secret created using
asymmetric cryptography from
which new TLS session keys can
be created
23
DRAM
Turn off the router.
NVRAM
"# no username
password"
DRAM
Automatically when
SSH session terminated
NVRAM
Overwrite with new
password
NVRAM
Overwrite with new
password
NVRAM
Overwrite with new
password
NVRAM
"# no radius-server key"
NVRAM
Deleted by erasing the
Flash.
NVRAM
"# no tacacs-server key"
NVRAM
"# crypto key zeroize
rsa"
NVRAM
"# crypto key zeroize
rsa"
DRAM
Automatically when
TLS session is
terminated