- ページ 13
スイッチ Cisco 3845 - Security Bundle RouterのPDF 非独占的セキュリティポリシーをオンラインで閲覧またはダウンロードできます。Cisco 3845 - Security Bundle Router 30 ページ。 Integrated services routers
Cisco 3845 - Security Bundle Router にも: クイック・スタート・マニュアル (38 ページ), トラブルシューティングマニュアル (15 ページ), クイック・スタート・マニュアル (40 ページ)
The services available to the User role consist of the following:
•
•
•
•
Crypto Officer Services
During initial configuration of the router, the Crypto Officer password (the "enable" password) is
defined. A Crypto Officer can assign permission to access the Crypto Officer role to additional accounts,
thereby creating additional Crypto Officers.
The Crypto Officer role is responsible for the configuration and maintenance of the router. The Crypto
Officer services consist of the following:
•
•
•
•
•
Physical Security
The router is entirely encased by a metal, opaque case. The rear of the unit contains auxiliary port,
console port, Gigabit Ethernet ports, HWIC ports, and ENM slots. The front of the unit contains USB
connectors, CF drive, power inlets, power switch, and LEDs. The top, side, and front portion of the
chassis can be removed to allow access to the motherboard, memory, AIM slots, and expansion slots.
Once the router has been configured in to meet FIPS 140-2 Level 2 requirements, the router cannot be
accessed without signs of tampering. To seal the system, apply serialized tamper-evidence labels as
follows:
To apply serialized tamper-evidence labels to the Cisco 3825:
Clean the cover of any grease, dirt, or oil before applying the tamper evidence labels. Alcohol-based
Step 1
cleaning pads are recommended for this purpose. The temperature of the router should be above 10 C.
Tamper evidence label A shall be placed so that one half of the label covers the top of the front panel
Step 2
and the other half covers the enclosure.
OL-8662-01
Status Functions—View state of interfaces and protocols, version of IOS currently running.
Network Functions—Connect to other network devices through outgoing telnet, PPP, etc. and
initiate diagnostic network services (i.e., ping, mtrace).
Terminal Functions—Adjust the terminal session (e.g., lock the terminal, adjust flow control).
Directory Services—Display directory of files kept in flash memory.
Configure the router—Define network interfaces and settings, create command aliases, set the
protocols the router will support, enable interfaces and network services, set system date and time,
and load authentication information.
Define Rules and Filters—Create packet Filters that are applied to User data streams on each
interface. Each Filter consists of a set of Rules, which define a set of packets to permit or deny based
characteristics such as protocol ID, addresses, ports, TCP connection establishment, or packet
direction.
View Status Functions—View the router configuration, routing tables, active sessions, use gets to
view SNMP MIB statistics, health, temperature, memory status, voltage, packet statistics, review
accounting logs, and view physical interface status.
Manage the router—Log off users, shutdown or reload the outer, manually back up router
configurations, view complete configurations, manager user rights, and restore router
configurations.
Set Encryption/Bypass—Set up the configuration tables for IP tunneling. Set keys and algorithms
to be used for each IP range or allow plaintext packets to be set from specified IP address.
Cisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security Policy
Cisco 3825 and Cisco 3845 Routers
13