Cisco 3825 Series Политика безопасности, не связанная с собственностью - Страница 24

Просмотреть онлайн или скачать pdf Политика безопасности, не связанная с собственностью для Сетевой маршрутизатор Cisco 3825 Series. Cisco 3825 Series 30 страниц. Integrated services routers
Также для Cisco 3825 Series: Установка и модернизация (20 страниц), Краткое руководство по эксплуатации (38 страниц), Краткое руководство по эксплуатации (40 страниц)

Печатать страницу
Cisco 3825 Series Политика безопасности, не связанная с собственностью

Related Documentation

IPSec Requirements and Cryptographic Algorithms
Protocols

Remote Access

Related Documentation
For more information about the Cisco 3825 and Cisco 3845 Integrated Services Router, refer to the
following documents:
Cisco 3825 and Cisco 3845 Integrated Services Routers FIPS 140-2 Non Proprietary Security Policy
24
The only type of key management that is allowed in FIPS mode is Internet Key Exchange (IKE).
Although the IOS implementation of IKE allows a number of algorithms, only the following
algorithms are allowed in a FIPS 140-2 configuration:
ah-sha-hmac
esp-des
esp-sha-hmac
esp-3des
esp-aes
The following algorithms are not FIPS approved and should not be used during FIPS-approved
mode:
RSA
MD-5 for signing
MD-5 HMAC
SNMP v3 over a secure IPSec tunnel may be employed for authenticated, secure SNMP gets and
sets. Since SNMP v2C uses community strings for authentication, only gets are allowed under
SNMP v2C.
SSL is not an Approved protocol, and shall not be used in FIPS mode.
Telnet access to the module is only allowed via a secure IPSec tunnel between the remote system
and the module. The Crypto officer must configure the module so that any remote connections via
telnet are secured through IPSec, using FIPS-approved algorithms. Note that all users must still
authenticate after remote access is granted.
SSH access to the module is only allowed if SSH is configured to use a FIPS-approved algorithm.
The Crypto officer must configure the module so that SSH uses only FIPS-approved algorithms.
Note that all users must still authenticate after remote access is granted.
Cisco 3800 Series Integrated Services Routers Quick Start Guides
Cisco 3800 Series Hardware Installation documents
Cisco 3800 Series Software Configuration documents
Cisco 3800 Series Cards and Modules
OL-8662-01