Cisco 3825 Series Политика безопасности, не связанная с собственностью - Страница 17
Просмотреть онлайн или скачать pdf Политика безопасности, не связанная с собственностью для Сетевой маршрутизатор Cisco 3825 Series. Cisco 3825 Series 30 страниц. Integrated services routers
Также для Cisco 3825 Series: Установка и модернизация (20 страниц), Краткое руководство по эксплуатации (38 страниц), Краткое руководство по эксплуатации (40 страниц)
•
•
•
The DRAM running configuration must be copied to the start-up configuration in NVRAM in order to
completely zeroize the keys.
The following commands will zeroize the pre-shared keys from the DRAM:
•
•
The DRAM running configuration must be copied to the start-up configuration in NVRAM in order to
completely zeroize the keys.
The module supports the following keys and critical security parameters (CSPs). Note that keys stored
in NVRAM are in plaintext unless the configuration file encryption key is configured via the "key
config-key" command is used.
Table 8
Cryptographic Keys and CSPs
Name
Algorithm
PRNG Seed
X9.31
Diffie Hellman
DH
private
exponent
Diffie Hellman
DH
public key
skeyid
Keyed
SHA-1
skeyid_d
Keyed
SHA-1
skeyid_a
SHA-1
HMAC or
DES MAC
skeyid_e
DES/TDES
/AES
IKE session
DES/TDES
encrypt key
/AES
IKE session
SHA-1
authentication
HMAC or
key
DES MAC
OL-8662-01
no set session-key outbound ah spi hex-key-data
no set session-key inbound esp spi cipher hex-key-data [authenticator hex-key-data]
no set session-key outbound esp spi cipher hex-key-data [authenticator hex-key-data]
no crypto isakmp key key-string address peer-address
no crypto isakmp key key-string hostname peer-hostname
Description
This is the seed for X9.31 PRNG. This CSP is
stored in DRAM and updated periodically after
the generation of 400 bytes – after this it is
reseeded with router-derived entropy; hence, it is
zeroized periodically. Also, the operator can turn
off the router to zeroize this CSP.
The private exponent used in Diffie-Hellman
(DH) exchange. Zeroized after DH shared secret
has been generated.
The public key used in Diffie-Hellman (DH)
exchange as part of IKE. Zeroized after the DH
shared secret has been generated.
Value derived from the shared secret within IKE
exchange. Zeroized when IKE session is
terminated.
The IKE key derivation key for non ISAKMP
security associations.
The ISAKMP security association authentication
key.
The ISAKMP security association encryption key. DRAM
The IKE session encrypt key.
The IKE session authentication key.
Cisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security Policy
Cisco 3825 and Cisco 3845 Routers
Zeroization
Storage
Method
DRAM
Automatically every
(plaintext)
400 bytes, or turn off
the router.
DRAM
Automatically after
(plaintext)
shared secret generated.
DRAM
Automatically after
(plaintext)
shared secret generated.
DRAM
Automatically after IKE
(plaintext)
session terminated.
DRAM
Automatically after IKE
(plaintext)
session terminated.
DRAM
Automatically after IKE
(plaintext)
session terminated.
Automatically after IKE
(plaintext)
session terminated.
DRAM
Automatically after IKE
(plaintext)
session terminated.
DRAM
Automatically after IKE
(plaintext)
session terminated.
17