Cisco 2621 Manual del usuario - Página 23
Navegue en línea o descargue pdf Manual del usuario para Pasarela Cisco 2621. Cisco 2621 35 páginas. Gateway-pbx interoperability: lucent/avaya definity g3si with e1 pri net5 signaling
También para Cisco 2621: Operaciones (25 páginas), Manual del usuario (20 páginas)
Figure 6
The tamper evidence seals are produced from a special thin gauge vinyl with self-adhesive backing. Any
attempt to open the router, remove network modules or WIC cards, or the front faceplate will damage
the tamper evidence seals or the painted surface and metal of the module cover. Since the tamper
evidence labels have non-repeated serial numbers, the labels may be inspected for damage and compared
against the applied serial numbers to verify that the module has not been tampered. Tamper evidence
labels can also be inspected for signs of tampering, which include the following: curled corners,
bubbling, crinkling, rips, tears, and slices. The word "Opened" may appear if the label was peeled back.
Cryptographic Key Management
The router securely administers both cryptographic keys and other critical security parameters such as
passwords. The tamper evidence seals provide physical protection for all keys. Keys are also password
protected and can be zeroized by the Crypto Officer. Keys are exchanged manually and entered
electronically via manual key exchange or Internet Key Exchange (IKE).
The Cisco 2651router contains a cryptographic accelerator card, which provides DES (56-bit) and 3DES
(168-bit) IPSec encryption at up to 32Mbps (3DES, 96Mbps DES), MD5 and SHA-1 hashing, and has
hardware support for DH, RSA, and DSA key generation.
Self-Tests
In order to prevent any secure data being released, it is important to test the cryptographic components
of a security module to insure all components are functioning correctly. The router includes an array of
self-tests that are run during startup and periodically during operations. The self-test run at power-up
includes a cryptographic known answer tests (KAT) on the FIPS-approved cryptographic algorithms
(DES, 3DES), on the message digest (SHA-1) and on Diffie-Hellman algorithm. Also performed at
startup are software integrity test using an EDC, and a set of Statistical Random Number Generator
(RNG) tests. The following tests are also run periodically or conditionally: a Bypass Mode test
performed conditionally prior to executing IPSec, a software load test for upgrades and the continuous
random number generator test. If any of these self-tests fail, the router will transition into an error state.
Within the error state, all secure data transmission is halted and the router outputs status information
indicating the failure.
78-13697-01
Tamper-Evident Labels
SERIAL 1
SERIAL 0
CONN
WIC
CONN
2A/S
SEE MANUAL BEFORE INSTALLATION
W1
LINK
ETHERNET 1
ACT
RPS ACTIVITY
Cisco 2611
SERIAL 1
100-240V– 1A
50/60 Hz 47 W
SERIAL 0
CONN
WIC
CONN
2T
SEE MANUAL BEFORE INSTALLATION
W0
LINK
ETHERNET 0 ACT
CONSOLE
AUX
Cisco 2600
SERIES
Cisco 2651 Modular Access Router Security Policy
Cisco 2651 Modular Access Routers
9