Cisco 3745 사용자 설명서 - 페이지 36
{카테고리_이름} Cisco 3745에 대한 사용자 설명서을 온라인으로 검색하거나 PDF를 다운로드하세요. Cisco 3745 48 페이지. Non-proprietary security policy
Cisco 3745에 대해서도 마찬가지입니다: 솔루션 개요 (16 페이지), 업그레이드 지침 (30 페이지), 빠른 시작 매뉴얼 (33 페이지), 설치 매뉴얼 (12 페이지)
The Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers
Cryptographic Key Management
The router securely administers both cryptographic keys and other critical security parameters such as
passwords. The tamper evidence seals provide physical protection for all keys. All keys are also
protected by the password-protection on the Crypto Officer role login, and can be zeroized by the Crypto
Officer. Keys are exchanged manually and entered electronically via manual key exchange or Internet
Key Exchange (IKE).
The module supports the following critical security parameters (CSPs):
Table 18
#
1
2
3
4
5
6
7
8
9
10
11
Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary
36
Critical Security Parameters
CSP
Description
Name
CSP 1
This is the seed key for X9.31 PRNG. This key is stored in DRAM
and updated periodically after the generation of 400 bites; hence,
it is zeroized periodically. Also, the operator can turn off the
router to zeroize this key.
CSP 2
The private exponent used in Diffie-Hellman (DH) exchange.
Zeroized after DH shared secret has been generated.
CSP 3
The shared secret within IKE exchange. Zeroized when IKE
session is terminated.
CSP 4
Same as above
CSP 5
Same as above
CSP 6
Same as above
CSP 7
The IKE session encrypt key. The zeroization is the same as
above.
CSP 8
The IKE session authentication key. The zeroization is the same
as above.
CSP 9
The RSA private key. "crypto key zeroize" command zeroizes this
key.
CSP 10
The key used to generate IKE skeyid during preshared-key
authentication. "no crypto isakmp key" command zeroizes it. This
key can have two forms based on whether the key is related to the
hostname or the IP address.
CSP 11
This key generates keys 3, 4, 5 and 6. This key is zeroized after
generating those keys.
Storage
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext)
DRAM
(plaintext)
OL-6083-01