Cisco 7606 사용자 설명서 - 페이지 25

{카테고리_이름} Cisco 7606에 대한 사용자 설명서을 온라인으로 검색하거나 PDF를 다운로드하세요. Cisco 7606 28 페이지. User guide
Cisco 7606에 대해서도 마찬가지입니다: 브로셔 (8 페이지)

페이지 인쇄

1. Catalyst 6509 Switch and Cisco 7606 and Cisco 7609 Routers

The MD-5, MD-5 HMAC, and MD-4 algorithms are disabled when operating in FIPS mode.

Note

The module supports three types of key management schemes:

•

All preshared keys are associated with the CO role that created the keys and the CO role is protected by

a password. Therefore, the CO password is associated with all the pre-shared keys. The crypto officer

needs to be authenticated to store keys. All Diffie-Hellman (DH) keys agreed upon for individual tunnels

are directly associated with that specific tunnel only through the IKE protocol.

Key Zeroization

All of the keys and CSPs of the module can be zeroized. Refer to the description column of

information on methods to zeroize each key and CSP.

Self-Tests

To prevent any secure data from being released, it is important to test the cryptographic components of

a security module to ensure that all components are functioning correctly. The router or switch includes

an array of self-tests that are run during startup and periodically during operations. If any of the self-tests

fail, the router transitions into an error state. Within the error state, all secure data transmission is halted

and the router outputs status information indicating the failure.

Cisco IOS Software Self-Tests

•

OL-6334-01

A symmetric manual key exchange method. DES and 3DES keys and HMAC-SHA-1 keys are

exchanged manually and entered electronically.

The IKE method with support for exchanging preshared keys manually and entering electronically.

The preshared keys are used with Diffie-Hellman key agreement technique to derive DES or

–

3DES keys.

The preshared key is also used to derive HMAC-SHA-1 key.

–

The IKE with RSA signature authentication.

Power-up tests

Firmware integrity test

–

RSA signature Known Answer Test (KAT) (both signature and verification)

–

DES KAT

–

TDES KAT

–

AES KAT

–

SHA-1 KAT

–

Catalyst 6509 Switch, Cisco 7606 Router, and Cisco 7609 Router with VPN Services Module Certification Note

Key Zeroization

Table 3

for