Cisco 2811 - Voice Security Bundle Router Operaciones - Página 27

Navegue en línea o descargue pdf Operaciones para Enrutador de red Cisco 2811 - Voice Security Bundle Router. Cisco 2811 - Voice Security Bundle Router 31 páginas. Integrated services routers
También para Cisco 2811 - Voice Security Bundle Router: Manual de inicio rápido (45 páginas)

Imprimir página
Cisco 2811 - Voice Security Bundle Router Operaciones
2.6

Self-Tests

In order to prevent any secure data from being released, it is important to test the cryptographic
components of a security module to insure all components are functioning correctly. The router
includes an array of self-tests that are run during startup and periodically during operations. All
self-tests are implemented by the software. An example of self-tests run at power-up is a
cryptographic known answer test (KAT) on each of the FIPS-approved cryptographic algorithms
and on the Diffie-Hellman algorithm. Examples of tests performed at startup are a software
integrity test using an EDC. Examples of tests run periodically or conditionally include: a bypass
mode test performed conditionally prior to executing IPSec, and a continuous random number
generator test. If any of the self-tests fail, the router transitions into an error state. In the error
state, all secure data transmission is halted and the router outputs status information indicating
the failure.
Examples of the errors that cause the system to transition to an error state:
IOS image integrity checksum failed
Microprocessor overheats and burns out
Known answer test failed
NVRAM module malfunction.
Temperature high warning

2.6.1 Self-tests performed by the IOS image

IOS Self Tests
o POST tests
o Conditional tests

2.6.2 Self-tests performed by NetGX Chip

o POST tests
© Copyright 2007 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
AES Known Answer Test
RSA Signature Known Answer Test (both signature/verification)
Software/firmware test
Power up bypass test
RNG Known Answer Test
Diffie Hellman test
HMAC-SHA-1 Known Answer Test
SHA-1/256/12 Known Answer Test
Triple-DES Known Answer Test
Pairwise consistency test for RSA signature keys
Conditional bypass test
Continuous random number generation test for approved and non-
approved RNGs.
27