Cisco 2620 User Guide - Page 12

Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy, OL-6262-01, The 2621XM/2651XM Router

Get Cisco 2620 PDF manuals and user guides
UPC - 746320181783
View all Cisco 2620 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 12 highlights

The 2621XM/2651XM Router Table 4 Critical Security Parameters (continued) 18 CSP 18 19 CSP 19 20 CSP 20 21 CSP 21 22 CSP 22 23 CSP 23 24 CSP 24 25 CSP 25 26 CSP 26 27 CSP 27 28 CSP 28 29 CSP 29 30 CSP 30 31 CSP 31 The SSL session key. Zeroized when the SSL connection is terminated. DRAM (plaintext) The ARAP key that is hardcoded in the module binary image. This key can be deleted by erasing the Flash. Flash (plaintext) This is an ARAP user password used as an authentication key. A DRAM function uses this key in a DES algorithm for authentication. (plaintext) The key used to encrypt values of the configuration file. This key NVRAM is zeroized when the "no key config-key" is issued. (plaintext) This key is used by the router to authenticate itself to the peer. The router itself gets the password (that is used as this key) from the AAA server and sends it onto the peer. The password retrieved from the AAA server is zeroized upon completion of the authentication attempt. DRAM (plaintext) The RSA public key used in SSH. Zeroized after the termination DRAM of the SSH session. This key does not need to be zeroized because (plaintext) it is a public key; However, it is zeroized as mentioned here. The authentication key used in PPP. This key is in the DRAM and DRAM not zeroized at runtime. One can turn off the router to zeroize this (plaintext) key because it is stored in DRAM. This key is used by the router to authenticate itself to the peer. The key is identical to #22 except that it is retrieved from the local database (on the router itself). Issuing the "no username password" zeroizes the password (that is used as this key) from the local database. NVRAM (plaintext) This is the SSH session key. It is zeroized when the SSH session DRAM is terminated. (plaintext) The password of the User role. This password is zeroized by overwriting it with a new password. NVRAM (plaintext) The plaintext password of the CO role. This password is zeroized NVRAM by overwriting it with a new password. (plaintext) The ciphertext password of the CO role. However, the algorithm used to encrypt this password is not FIPS approved. Therefore, this password is considered plaintext for FIPS purposes. This password is zeroized by overwriting it with a new password. NVRAM (plaintext) The RADIUS shared secret. This shared secret is zeroized by executing the "no" form of the RADIUS shared secret set command. NVRAM (plaintext), DRAM (plaintext) The TACACS+ shared secret. This shared secret is zeroized by executing the "no" form of the TACACS+ shared secret set command. NVRAM (plaintext), DRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 12 OL-6262-01

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
12
Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy
OL-6262-01
The 2621XM/2651XM Router
18
CSP 18
The SSL session key. Zeroized when the SSL connection is
terminated.
DRAM
(plaintext)
19
CSP 19
The ARAP key that is hardcoded in the module binary image.
This key can be deleted by erasing the Flash.
Flash
(plaintext)
20
CSP 20
This is an ARAP user password used as an authentication key. A
function uses this key in a DES algorithm for authentication.
DRAM
(plaintext)
21
CSP 21
The key used to encrypt values of the configuration file. This key
is zeroized when the “no key config-key” is issued.
NVRAM
(plaintext)
22
CSP 22
This key is used by the router to authenticate itself to the peer. The
router itself gets the password (that is used as this key) from the
AAA server and sends it onto the peer.
The password retrieved
from the AAA server is zeroized upon completion of the
authentication attempt.
DRAM
(plaintext)
23
CSP 23
The RSA public key used in SSH.
Zeroized after the termination
of the SSH session.
This key does not need to be zeroized because
it is a public key; However, it is zeroized as mentioned here.
DRAM
(plaintext)
24
CSP 24
The authentication key used in PPP. This key is in the DRAM and
not zeroized at runtime. One can turn off the router to zeroize this
key because it is stored in DRAM.
DRAM
(plaintext)
25
CSP 25
This key is used by the router to authenticate itself to the peer. The
key is identical to #22 except that it is retrieved from the local
database (on the router itself).
Issuing the “no username
password” zeroizes the password (that is used as this key) from
the local database.
NVRAM
(plaintext)
26
CSP 26
This is the SSH session key. It is zeroized when the SSH session
is terminated.
DRAM
(plaintext)
27
CSP 27
The password of the User role. This password is zeroized by
overwriting it with a new password.
NVRAM
(plaintext)
28
CSP 28
The plaintext password of the CO role. This password is zeroized
by overwriting it with a new password.
NVRAM
(plaintext)
29
CSP 29
The ciphertext password of the CO role. However, the algorithm
used to encrypt this password is not FIPS approved. Therefore,
this password is considered plaintext for FIPS purposes. This
password is zeroized by overwriting it with a new password.
NVRAM
(plaintext)
30
CSP 30
The RADIUS shared secret.
This shared secret is zeroized by
executing the “no” form of the RADIUS shared secret set
command.
NVRAM
(plaintext),
DRAM
(plaintext)
31
CSP 31
The TACACS+ shared secret.
This shared secret is zeroized by
executing the “no” form of the TACACS+ shared secret set
command.
NVRAM
(plaintext),
DRAM
(plaintext)
Table 4
Critical Security Parameters (continued)