Cisco WS-C6509 Panduan Pengguna - Halaman 25

Jelajahi secara online atau unduh pdf Panduan Pengguna untuk Perangkat Keras Jaringan Cisco WS-C6509. Cisco WS-C6509 28 halaman. Catalyst 6500 series
Juga untuk Cisco WS-C6509: Panduan Peningkatan (24 halaman), Lembar data (30 halaman)

Halaman Cetak

1. Catalyst 6509 Switch and Cisco 7606 and Cisco 7609 Routers

The MD-5, MD-5 HMAC, and MD-4 algorithms are disabled when operating in FIPS mode.

Note

The module supports three types of key management schemes:

•

All preshared keys are associated with the CO role that created the keys and the CO role is protected by

a password. Therefore, the CO password is associated with all the pre-shared keys. The crypto officer

needs to be authenticated to store keys. All Diffie-Hellman (DH) keys agreed upon for individual tunnels

are directly associated with that specific tunnel only through the IKE protocol.

Key Zeroization

All of the keys and CSPs of the module can be zeroized. Refer to the description column of

information on methods to zeroize each key and CSP.

Self-Tests

To prevent any secure data from being released, it is important to test the cryptographic components of

a security module to ensure that all components are functioning correctly. The router or switch includes

an array of self-tests that are run during startup and periodically during operations. If any of the self-tests

fail, the router transitions into an error state. Within the error state, all secure data transmission is halted

and the router outputs status information indicating the failure.

Cisco IOS Software Self-Tests

•

OL-6334-01

A symmetric manual key exchange method. DES and 3DES keys and HMAC-SHA-1 keys are

exchanged manually and entered electronically.

The IKE method with support for exchanging preshared keys manually and entering electronically.

The preshared keys are used with Diffie-Hellman key agreement technique to derive DES or

–

3DES keys.

The preshared key is also used to derive HMAC-SHA-1 key.

–

The IKE with RSA signature authentication.

Power-up tests

Firmware integrity test

–

RSA signature Known Answer Test (KAT) (both signature and verification)

–

DES KAT

–

TDES KAT

–

AES KAT

–

SHA-1 KAT

–

Catalyst 6509 Switch, Cisco 7606 Router, and Cisco 7609 Router with VPN Services Module Certification Note

Key Zeroization

Table 3

for