Cisco 2821 Series 운영 - 페이지 21

{카테고리_이름} Cisco 2821 Series에 대한 운영을 온라인으로 검색하거나 PDF를 다운로드하세요. Cisco 2821 Series 31 페이지. 2800 series integrated services routers
Cisco 2821 Series에 대해서도 마찬가지입니다: 설치 및 업그레이드 (21 페이지), 데이터시트 (20 페이지), 운영 (31 페이지), 빠른 시작 매뉴얼 (47 페이지)

페이지 인쇄

available in the DRAM; therefore this command will completely zeroize this key. The following

command will zeroize the pre-shared keys from the DRAM:

no set session-key inbound ah spi hex-key-data

no set session-key outbound ah spi hex-key-data

no set session-key inbound esp spi cipher hex-key-data [authenticator hex-key-data]

no set session-key outbound esp spi cipher hex-key-data [authenticator hex-key-data]

no crypto isakmp key

The DRAM running configuration must be copied to the start-up configuration in NVRAM in

order to completely zeroize the keys.

The RSA keys are zeroized by issuing the CLI command "crypto key zeroize rsa".

All SSL/TLS session keys are zeroized automatically at the end of the SSL/TLS session.

The module supports the following keys and critical security parameters (CSPs).

Key/CSP

Algorithm

Name

PRNG Seed

X9.31

PRNG Seed

X9.31

Key

Diffie

Hellman

private

exponent

Diffie

Hellman

public key

skeyid

Keyed SHA-1

skeyid_d

Keyed SHA-1

skeyid_a

HMAC-SHA-1

skeyid_e

TRIPLE-

DES/AES

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Description

This is the seed for X9.31 PRNG.

This CSP is stored in DRAM and

updated periodically after the

generation of 400 bytes – after this

it is reseeded with router-derived

entropy; hence, it is zeroized

periodically. Also, the operator can

turn off the router to zeroize this

CSP.

This is the seed key for the PRNG.

The private exponent used in

Diffie-Hellman (DH) exchange as

part of IKE. Zeroized after DH

shared secret has been generated.

The public key used in Diffie-

Hellman (DH) exchange as part of

IKE. Zeroized after the DH shared

secret has been generated.

Value derived from the shared

secret within IKE exchange.

Zeroized when IKE session is

terminated.

The IKE key derivation key for non

ISAKMP security associations.

The ISAKMP security association

authentication key.

The ISAKMP security association

encryption key.

Storage

Zeroization Method

Location

DRAM

Automatically every 400

bytes, or turn off the

router.

DRAM

Turn off the router

DRAM

Automatically after

shared secret generated.

DRAM

Automatically after

shared secret generated.

DRAM

Automatically after IKE

session terminated.

DRAM

Automatically after IKE

session terminated.

DRAM

Automatically after IKE

session terminated.

DRAM

Automatically after IKE

session terminated.