- ページ 17

ネットワーク・ルーター Cisco 2851 - Integrated Services RouterのPDF ユーザーマニュアルをオンラインで閲覧またはダウンロードできます。Cisco 2851 - Integrated Services Router 25 ページ。 Power up and initial configuration procedures
Cisco 2851 - Integrated Services Router にも：インストールとアップグレード (21 ページ), データシート (20 ページ), クイック・スタート・マニュアル (47 ページ), 構成 (10 ページ)

ページを印刷する

Cisco 2851 - Integrated Services Router ユーザーマニュアル

Secure Operation of the Cisco 2851 Router

The Cisco 2851 routers meet all the Level 2 requirements for FIPS 140-2. Follow the setting instructions

provided below to place the module in FIPS-approved mode. Operating this router without maintaining

the following settings will remove the module from the FIPS approved mode of operation.

Initial Setup

•

System Initialization and Configuration

•

OL-8717-01

3DES Known Answer Test

–

HMAC-SHA-1 Known Answer Test

–

SHA-1 Known Answer Test

–

The Crypto Officer must apply tamper evidence labels as described in the

section on page 8

of this document.

The Crypto Officer must disable IOS Password Recovery by executing the following commands:

configure terminal

no service password-recovery

end

show version

Once Password Recovery is disabled, administrative access to the module without the

Note

password will not be possible.

The Crypto Officer must perform the initial configuration. IOS version 12.3(11)T03, Advanced

Security build (advsecurity) is the only allowable image; no other image should be loaded.

The value of the boot field must be 0x0102. This setting disables break from the console to the ROM

monitor and automatically boots the IOS image. From the "configure terminal" command line, the

Crypto Officer enters the following syntax:

config-register 0x0102

The Crypto Officer must create the "enable" password for the Crypto Officer role. The password

must be at least 8 characters to include at least one number and one letter and is entered when the

Crypto Officer first engages the "enable" command. The Crypto Officer enters the following syntax

at the "#" prompt:

enable secret [PASSWORD]

The Crypto Officer must always assign passwords (of at least 8 characters) to users. Identification

and authentication on the console port is required for Users. From the "configure terminal"

command line, the Crypto Officer enters the following syntax:

line con 0

password [PASSWORD]

RADIUS and TACACS+ shared secret key sizes must be at least 8 characters long.

Cisco 2851 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy

Secure Operation of the Cisco 2851 Router

"Physical Security"