Cisco 2811 Series Operasi - Halaman 17

Jelajahi secara online atau unduh pdf Operasi untuk Router Jaringan Cisco 2811 Series. Cisco 2811 Series 31 halaman. 2800 series integrated services routers
Juga untuk Cisco 2811 Series: Lembar data (20 halaman), Menginstal dan Meningkatkan (14 halaman), Operasi (31 halaman), Panduan Memulai Cepat (47 halaman)

Halaman Cetak

1. Initial Setup

Table 9

Cryptographic Keys and CSPs (Continued)

ISAKMP

Secret

preshared

IKE hash key

SHA-1

HMAC

secret_1_0_0

IPSec

DES/TDES

encryption key

/AES

IPSec

SHA-1

authentication

HMAC or

key

DES MAC

Configuration

AES

encryption key

Router

Shared

authentication

secret

key 1

PPP

RFC 1334

authentication

key

Router

Shared

authentication

Secret

key 2

SSH session

Various

key

symmetric

User password

Shared

Secret

Enable

Shared

password

Secret

OL-8663-01

The key used to generate IKE skeyid during

preshared-key authentication. "no crypto isakmp

key" command zeroizes it. This key can have two

forms based on whether the key is related to the

hostname or the IP address.

This key generates the IKE shared secret keys.

This key is zeroized after generating those keys.

The fixed key used in Cisco vendor ID generation.

This key is embedded in the module binary image

and can be deleted by erasing the Flash.

The IPSec encryption key. Zeroized when IPSec

session is terminated.

The IPSec authentication key. The zeroization is

the same as above.

The key used to encrypt values of the

configuration file. This key is zeroized when the

"no key config-key" is issued. Note that this

command does not decrypt the configuration file,

so zeroize with care.

This key is used by the router to authenticate itself

to the peer. The router itself gets the password

(that is used as this key) from the AAA server and

sends it onto the peer. The password retrieved

from the AAA server is zeroized upon completion

of the authentication attempt.

The authentication key used in PPP. This key is in

the DRAM and not zeroized at runtime. One can

turn off the router to zeroize this key because it is

stored in DRAM.

This key is used by the router to authenticate itself

to the peer. The key is identical to Router

authentication key 1 except that it is retrieved

from the local database (on the router itself).

Issuing the "no username password" zeroizes the

password (that is used as this key) from the local

database.

This is the SSH session key. It is zeroized when

the SSH session is terminated.

The password of the User role. This password is

zeroized by overwriting it with a new password.

The plaintext password of the CO role. This

password is zeroized by overwriting it with a new

password.

Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy

Cisco 2811 and Cisco 2821 Routers

NVRAM

"# no crypto isakmp

(plaintext )

key"

DRAM

(plaintext)

NVRAM

(plaintext)

DRAM

Automatically when

(plaintext)

IPSec session

terminated.

DRAM

Automatically when

(plaintext)

IPSec session

terminated.

NVRAM

"# no key config-key"

(plaintext )

DRAM

Automatically upon

(plaintext)

completion of

authentication attempt.

DRAM

Turn off the router.

(plaintext)

NVRAM

"# no username

(plaintext)

password"

DRAM

Automatically when

(plaintext)

SSH session terminated

NVRAM

Overwrite with new

(plaintext)

password

NVRAM

Overwrite with new

(plaintext)

password