Cisco 2620 User Guide - Page 12
Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy, OL-6262-01, The 2621XM/2651XM Router
UPC - 746320181783
View all Cisco 2620 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 12 highlights
The 2621XM/2651XM Router Table 4 Critical Security Parameters (continued) 18 CSP 18 19 CSP 19 20 CSP 20 21 CSP 21 22 CSP 22 23 CSP 23 24 CSP 24 25 CSP 25 26 CSP 26 27 CSP 27 28 CSP 28 29 CSP 29 30 CSP 30 31 CSP 31 The SSL session key. Zeroized when the SSL connection is terminated. DRAM (plaintext) The ARAP key that is hardcoded in the module binary image. This key can be deleted by erasing the Flash. Flash (plaintext) This is an ARAP user password used as an authentication key. A DRAM function uses this key in a DES algorithm for authentication. (plaintext) The key used to encrypt values of the configuration file. This key NVRAM is zeroized when the "no key config-key" is issued. (plaintext) This key is used by the router to authenticate itself to the peer. The router itself gets the password (that is used as this key) from the AAA server and sends it onto the peer. The password retrieved from the AAA server is zeroized upon completion of the authentication attempt. DRAM (plaintext) The RSA public key used in SSH. Zeroized after the termination DRAM of the SSH session. This key does not need to be zeroized because (plaintext) it is a public key; However, it is zeroized as mentioned here. The authentication key used in PPP. This key is in the DRAM and DRAM not zeroized at runtime. One can turn off the router to zeroize this (plaintext) key because it is stored in DRAM. This key is used by the router to authenticate itself to the peer. The key is identical to #22 except that it is retrieved from the local database (on the router itself). Issuing the "no username password" zeroizes the password (that is used as this key) from the local database. NVRAM (plaintext) This is the SSH session key. It is zeroized when the SSH session DRAM is terminated. (plaintext) The password of the User role. This password is zeroized by overwriting it with a new password. NVRAM (plaintext) The plaintext password of the CO role. This password is zeroized NVRAM by overwriting it with a new password. (plaintext) The ciphertext password of the CO role. However, the algorithm used to encrypt this password is not FIPS approved. Therefore, this password is considered plaintext for FIPS purposes. This password is zeroized by overwriting it with a new password. NVRAM (plaintext) The RADIUS shared secret. This shared secret is zeroized by executing the "no" form of the RADIUS shared secret set command. NVRAM (plaintext), DRAM (plaintext) The TACACS+ shared secret. This shared secret is zeroized by executing the "no" form of the TACACS+ shared secret set command. NVRAM (plaintext), DRAM (plaintext) Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy 12 OL-6262-01