Cisco 2851 - Integrated Services Router Manual del usuario - Página 11
Navegue en línea o descargue pdf Manual del usuario para Enrutador de red Cisco 2851 - Integrated Services Router. Cisco 2851 - Integrated Services Router 25 páginas. Power up and initial configuration procedures
También para Cisco 2851 - Integrated Services Router: Instalación y actualizaciones (21 páginas), Ficha de datos (20 páginas), Manual de inicio rápido (47 páginas), Configuración (10 páginas)
•
•
The DRAM running configuration must be copied to the start-up configuration in NVRAM in order to
completely zeroize the keys.
The following commands will zeroize the pre-shared keys from the DRAM:
•
•
The DRAM running configuration must be copied to the start-up configuration in NVRAM in order to
completely zeroize the keys.
The module supports the following keys and critical security parameters (CSPs). Note that keys stored
in NVRAM are in plaintext unless the configuration file encryption key is configured via the "key
config-key" command is used.
Table 5
Cryptographic Keys and CSPs
Name
Algorithm
PRNG Seed
X9.31
Diffie Hellman
DH
private
exponent
Diffie Hellman
DH
public key
skeyid
Keyed
SHA-1
skeyid_d
Keyed
SHA-1
skeyid_a
HMAC-
SHA-1 or
DES MAC
skeyid_e
DES/TDES
/AES
IKE session
DES/TDES
encrypt key
/AES
IKE session
HMAC-
authentication
SHA-1 or
key
DES MAC
OL-8717-01
no set session-key inbound esp spi cipher hex-key-data [authenticator hex-key-data]
no set session-key outbound esp spi cipher hex-key-data [authenticator hex-key-data]
no crypto isakmp key key-string address peer-address
no crypto isakmp key key-string hostname peer-hostname
Description
This is the seed for X9.31 PRNG. This CSP is
stored in DRAM and updated periodically after
the generation of 400 bytes – after this it is
reseeded with router-derived entropy; hence, it is
zeroized periodically. Also, the operator can turn
off the router to zeroize this CSP.
The private exponent used in Diffie-Hellman
(DH) exchange. Zeroized after DH shared secret
has been generated.
The public key used in Diffie-Hellman (DH)
exchange as part of IKE. Zeroized after the DH
shared secret has been generated.
Value derived from the shared secret within IKE
exchange. Zeroized when IKE session is
terminated.
The IKE key derivation key for non ISAKMP
security associations.
The ISAKMP security association authentication
key.
The ISAKMP security association encryption key. DRAM
The IKE session encrypt key.
The IKE session authentication key.
Cisco 2851 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy
Cisco 2851 Routers
Zeroization
Storage
Method
DRAM
Automatically every
(plaintext)
400 bytes, or turn off
the router.
DRAM
Automatically after
(plaintext)
shared secret generated.
DRAM
Automatically after
(plaintext)
shared secret generated.
DRAM
Automatically after IKE
(plaintext)
session terminated.
DRAM
Automatically after IKE
(plaintext)
session terminated.
DRAM
Automatically after IKE
(plaintext)
session terminated.
Automatically after IKE
(plaintext)
session terminated.
DRAM
Automatically after IKE
(plaintext)
session terminated.
DRAM
Automatically after IKE
(plaintext)
session terminated.
11