Cisco 3825 Series Nicht-proprietäre Sicherheitspolitik - Seite 18
Blättern Sie online oder laden Sie pdf Nicht-proprietäre Sicherheitspolitik für Netzwerk-Router Cisco 3825 Series herunter. Cisco 3825 Series 30 Seiten. Integrated services routers
Auch für Cisco 3825 Series: Installation und Upgrades (20 seiten), Schnellstart-Handbuch (38 seiten), Schnellstart-Handbuch (40 seiten)
Cisco 3825 and Cisco 3845 Routers
Table 8
Cryptographic Keys and CSPs (Continued)
ISAKMP
Secret
preshared
IKE hash key
SHA-1
HMAC
secret_1_0_0
IPSec
DES/TDES
encryption key
/AES
IPSec
SHA-1
authentication
HMAC or
key
DES MAC
Configuration
AES
encryption key
Router
Shared
authentication
secret
key 1
PPP
RFC 1334
authentication
key
Router
Shared
authentication
Secret
key 2
SSH session
Various
key
symmetric
User password
Shared
Secret
Enable
Shared
password
Secret
Cisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security Policy
18
The key used to generate IKE skeyid during
preshared-key authentication. "no crypto isakmp
key" command zeroizes it. This key can have two
forms based on whether the key is related to the
hostname or the IP address.
This key generates the IKE shared secret keys.
This key is zeroized after generating those keys.
The fixed key used in Cisco vendor ID generation.
This key is embedded in the module binary image
and can be deleted by erasing the Flash.
The IPSec encryption key. Zeroized when IPSec
session is terminated.
The IPSec authentication key. The zeroization is
the same as above.
The key used to encrypt values of the
configuration file. This key is zeroized when the
"no key config-key" is issued. Note that this
command does not decrypt the configuration file,
so zeroize with care.
This key is used by the router to authenticate itself
to the peer. The router itself gets the password
(that is used as this key) from the AAA server and
sends it onto the peer. The password retrieved
from the AAA server is zeroized upon completion
of the authentication attempt.
The authentication key used in PPP. This key is in
the DRAM and not zeroized at runtime. One can
turn off the router to zeroize this key because it is
stored in DRAM.
This key is used by the router to authenticate itself
to the peer. The key is identical to Router
authentication key 1 except that it is retrieved
from the local database (on the router itself).
Issuing the "no username password" zeroizes the
password (that is used as this key) from the local
database.
This is the SSH session key. It is zeroized when
the SSH session is terminated.
The password of the User role. This password is
zeroized by overwriting it with a new password.
The plaintext password of the CO role. This
password is zeroized by overwriting it with a new
password.
NVRAM
"# no crypto isakmp
(plaintext or
key"
encrypted)
DRAM
(plaintext)
NVRAM
(plaintext or
encrypted)
DRAM
Automatically when
(plaintext)
IPSec session
terminated.
DRAM
Automatically when
(plaintext)
IPSec session
terminated.
NVRAM
"# no key config-key"
(plaintext or
encrypted)
DRAM
Automatically upon
(plaintext)
completion of
authentication attempt.
DRAM
Turn off the router.
(plaintext)
NVRAM
"# no username
(plaintext or
password"
encrypted)
DRAM
Automatically when
(plaintext)
SSH session terminated
NVRAM
Overwrite with new
(plaintext or
password
encrypted)
NVRAM
Overwrite with new
(plaintext or
password
encrypted)
OL-8662-01