Cisco 7606 Manuale d'uso - Pagina 25

Sfoglia online o scarica il pdf Manuale d'uso per Hardware di rete Cisco 7606. Cisco 7606 28. User guide
Anche per Cisco 7606: Opuscolo (8 pagine)

Cisco 7606 Manuale d'uso
The MD-5, MD-5 HMAC, and MD-4 algorithms are disabled when operating in FIPS mode.
Note
The module supports three types of key management schemes:
All preshared keys are associated with the CO role that created the keys and the CO role is protected by
a password. Therefore, the CO password is associated with all the pre-shared keys. The crypto officer
needs to be authenticated to store keys. All Diffie-Hellman (DH) keys agreed upon for individual tunnels
are directly associated with that specific tunnel only through the IKE protocol.

Key Zeroization

All of the keys and CSPs of the module can be zeroized. Refer to the description column of
information on methods to zeroize each key and CSP.

Self-Tests

To prevent any secure data from being released, it is important to test the cryptographic components of
a security module to ensure that all components are functioning correctly. The router or switch includes
an array of self-tests that are run during startup and periodically during operations. If any of the self-tests
fail, the router transitions into an error state. Within the error state, all secure data transmission is halted
and the router outputs status information indicating the failure.
Cisco IOS Software Self-Tests
OL-6334-01
A symmetric manual key exchange method. DES and 3DES keys and HMAC-SHA-1 keys are
exchanged manually and entered electronically.
The IKE method with support for exchanging preshared keys manually and entering electronically.
The preshared keys are used with Diffie-Hellman key agreement technique to derive DES or
3DES keys.
The preshared key is also used to derive HMAC-SHA-1 key.
The IKE with RSA signature authentication.
Power-up tests
Firmware integrity test
RSA signature Known Answer Test (KAT) (both signature and verification)
DES KAT
TDES KAT
AES KAT
SHA-1 KAT
Catalyst 6509 Switch, Cisco 7606 Router, and Cisco 7609 Router with VPN Services Module Certification Note
Key Zeroization
Table 3
for
25