Cisco 2621 Руководство пользователя - Страница 9
Просмотреть онлайн или скачать pdf Руководство пользователя для Сетевой маршрутизатор Cisco 2621. Cisco 2621 35 страниц. Gateway-pbx interoperability: lucent/avaya definity g3si with e1 pri net5 signaling
Также для Cisco 2621: Операции (25 страниц), Руководство пользователя (20 страниц)
Figure 6
The tamper evidence seals are produced from a special thin gauge vinyl with self-adhesive backing. Any
attempt to open the router, remove network modules or WIC cards, or the front faceplate will damage
the tamper evidence seals or the painted surface and metal of the module cover. Since the tamper
evidence labels have non-repeated serial numbers, the labels may be inspected for damage and compared
against the applied serial numbers to verify that the module has not been tampered. Tamper evidence
labels can also be inspected for signs of tampering, which include the following: curled corners,
bubbling, crinkling, rips, tears, and slices. The word "Opened" may appear if the label was peeled back.
Cryptographic Key Management
The router securely administers both cryptographic keys and other critical security parameters such as
passwords. The tamper evidence seals provide physical protection for all keys. Keys are also password
protected and can be zeroized by the Crypto Officer. Keys are exchanged manually and entered
electronically via manual key exchange or Internet Key Exchange (IKE). The 2621 router supports the
following FIPS-approved algorithms: DES. 3DES, and SHA-1. These algorithms received certification
numbers 74, 17, and 26 respectively.
Self-Tests
In order to prevent any secure data being released, it is important to test the cryptographic components
of a security module to insure all components are functioning correctly. The router includes an array of
self-tests that are run during startup and periodically during operations. The self-test run at power-up
includes a cryptographic known answer tests (KAT) on the FIPS-approved cryptographic algorithms
(DES, 3DES), on the message digest (SHA-1) and on Diffie-Hellman algorithm. Also performed at
startup are software integrity test using an EDC, and a set of Statistical Random Number Generator
(RNG) tests. The following tests are also run periodically or conditionally: a Bypass Mode test
performed conditionally prior to executing IPSec, a software load test for upgrades and the continuous
random number generator test. If any of these self-tests fail, the router will transition into an error state.
Within the error state, all secure data transmission is halted and the router outputs status information
indicating the failure.
78-13824-01
Tamper-Evident Labels
SERIAL 1
SERIAL 0
CONN
WIC
CONN
2A/S
SEE MANUAL BEFORE INSTALLATION
W1
LINK
ETHERNET 1
ACT
RPS ACTIVITY
Cisco 2611
SERIAL 1
100-240V– 1A
50/60 Hz 47 W
SERIAL 0
CONN
WIC
CONN
2T
SEE MANUAL BEFORE INSTALLATION
W0
LINK
ETHERNET 0 ACT
CONSOLE
AUX
Cisco 2600
SERIES
Cisco 2621 Modular Access Router Security Policy
Cisco 2621 Modular Access Routers
9