Cisco 2821 Series Операции - Страница 17

Просмотреть онлайн или скачать pdf Операции для Сетевой маршрутизатор Cisco 2821 Series. Cisco 2821 Series 31 страница. 2800 series integrated services routers
Также для Cisco 2821 Series: Установка и модернизация (21 страниц), Информационный лист (20 страниц), Операции (31 страниц), Краткое руководство по эксплуатации (47 страниц)

Cisco 2821 Series Операции
Table 9
Cryptographic Keys and CSPs (Continued)
ISAKMP
Secret
preshared
IKE hash key
SHA-1
HMAC
secret_1_0_0
IPSec
DES/TDES
encryption key
/AES
IPSec
SHA-1
authentication
HMAC or
key
DES MAC
Configuration
AES
encryption key
Router
Shared
authentication
secret
key 1
PPP
RFC 1334
authentication
key
Router
Shared
authentication
Secret
key 2
SSH session
Various
key
symmetric
User password
Shared
Secret
Enable
Shared
password
Secret
OL-8663-01
The key used to generate IKE skeyid during
preshared-key authentication. "no crypto isakmp
key" command zeroizes it. This key can have two
forms based on whether the key is related to the
hostname or the IP address.
This key generates the IKE shared secret keys.
This key is zeroized after generating those keys.
The fixed key used in Cisco vendor ID generation.
This key is embedded in the module binary image
and can be deleted by erasing the Flash.
The IPSec encryption key. Zeroized when IPSec
session is terminated.
The IPSec authentication key. The zeroization is
the same as above.
The key used to encrypt values of the
configuration file. This key is zeroized when the
"no key config-key" is issued. Note that this
command does not decrypt the configuration file,
so zeroize with care.
This key is used by the router to authenticate itself
to the peer. The router itself gets the password
(that is used as this key) from the AAA server and
sends it onto the peer. The password retrieved
from the AAA server is zeroized upon completion
of the authentication attempt.
The authentication key used in PPP. This key is in
the DRAM and not zeroized at runtime. One can
turn off the router to zeroize this key because it is
stored in DRAM.
This key is used by the router to authenticate itself
to the peer. The key is identical to Router
authentication key 1 except that it is retrieved
from the local database (on the router itself).
Issuing the "no username password" zeroizes the
password (that is used as this key) from the local
database.
This is the SSH session key. It is zeroized when
the SSH session is terminated.
The password of the User role. This password is
zeroized by overwriting it with a new password.
The plaintext password of the CO role. This
password is zeroized by overwriting it with a new
password.
Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy
Cisco 2811 and Cisco 2821 Routers
NVRAM
"# no crypto isakmp
(plaintext )
key"
DRAM
(plaintext)
NVRAM
(plaintext)
DRAM
Automatically when
(plaintext)
IPSec session
terminated.
DRAM
Automatically when
(plaintext)
IPSec session
terminated.
NVRAM
"# no key config-key"
(plaintext )
DRAM
Automatically upon
(plaintext)
completion of
authentication attempt.
DRAM
Turn off the router.
(plaintext)
NVRAM
"# no username
(plaintext)
password"
DRAM
Automatically when
(plaintext)
SSH session terminated
NVRAM
Overwrite with new
(plaintext)
password
NVRAM
Overwrite with new
(plaintext)
password
17