Cisco 3825 Series 비독점 보안 정책 - 페이지 23

{카테고리_이름} Cisco 3825 Series에 대한 비독점 보안 정책을 온라인으로 검색하거나 PDF를 다운로드하세요. Cisco 3825 Series 30 페이지. Integrated services routers
Cisco 3825 Series에 대해서도 마찬가지입니다: 설치 및 업그레이드 (20 페이지), 빠른 시작 매뉴얼 (38 페이지), 빠른 시작 매뉴얼 (40 페이지)

페이지 인쇄
Cisco 3825 Series 비독점 보안 정책

Secure Operation of the Cisco 3825 or Cisco 3845 router

The Cisco 3825 and Cisco 3845 routers meet all the Level 2 requirements for FIPS 140-2. Follow the
setting instructions provided below to place the module in FIPS-approved mode. Operating this router
without maintaining the following settings will remove the module from the FIPS approved mode of
operation.

Initial Setup

Once Password Recovery is disabled, administrative access to the module without the password will not
Note
be possible.
System Initialization and Configuration
OL-8662-01
The Crypto Officer must apply tamper evidence labels as described in the
section on page 13
of this document.
The Crypto Officer must disable IOS Password Recovery by executing the following commands:
configure terminal
no service password-recovery
end
show version
The Crypto Officer must perform the initial configuration. IOS version 12.3(11)T03, Advanced
Security build (advsecurity) is the only allowable image; no other image should be loaded.
The value of the boot field must be 0x0102. This setting disables break from the console to the ROM
monitor and automatically boots the IOS image. From the "configure terminal" command line, the
Crypto Officer enters the following syntax:
config-register 0x0102
The Crypto Officer must create the "enable" password for the Crypto Officer role. The password
must be at least 8 characters to include at least one number and one letter and is entered when the
Crypto Officer first engages the "enable" command. The Crypto Officer enters the following syntax
at the "#" prompt:
enable secret [PASSWORD]
The Crypto Officer must always assign passwords (of at least 8 characters) to users. Identification
and authentication on the console port is required for Users. From the "configure terminal"
command line, the Crypto Officer enters the following syntax:
line con 0
password [PASSWORD]
login local
RADIUS and TACACS+ shared secret key sizes must be at least 8 characters long, and must include
at least one number and one letter.
Cisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security Policy
Secure Operation of the Cisco 3825 or Cisco 3845 router
"Physical Security"
23