Cisco 7609-S User Guide - Page 9
Services &, Access, Description, Keys & CSPs
![]() |
View all Cisco 7609-S manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 9 highlights
2.3.1 Authentication The module provides password based and digital signature based authentication. Crypto Officers are always authenticated using passwords whereas a User can be authenticated either via a password or digital signature. a. Password based Authentication The security policy stipulates that all user passwords and shared secrets must be 8 alphanumeric characters, so the password space is 2.8 trillion possible passwords. The possibility of randomly guessing a password is thus far less than one in one million. To exceed a one in 100,000 probability of a successful random password guess in one minute, an attacker would have to be capable of 28 million password attempts per minute, which far exceeds the operational capabilities of the module to support. b. Digital signature based Authentication When using RSA based authentication, RSA key pair has modulus size of 1024 bit to 2048 bit, thus providing between 80 bits and 112 bits of strength. Assuming the low end of that range, an attacker would have a 1 in 280 chance of randomly obtaining the key, which is much stronger than the one in a million chance required by FIPS 140-2. To exceed a one in 100,000 probability of a successful random key guess in one minute, an attacker would have to be capable of approximately 1.8x1021 attempts per minute, which far exceeds the operational capabilities of the modules to support. 2.3.2 Services a. User Services Users can access the system via the console port with a terminal program or SSH session to an Ethernet port. The IOS prompts the User for username and password. If the password is correct, the User is allowed entry to the IOS executive program. In addition to username/password combination, RSA digital certificates can be used to authenticate the user over the SSH session. The services available to the User role consist of the following: Services & Access Status Functions (r, x) Description View state of interfaces and protocols, version of IOS currently running. Keys & CSPs User password Network Connect to other network devices DRBG seed, DRBG V, DH © Copyright 2011 Cisco Systems, Inc. 9 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
![](/manual_guide/products/cisco-7609s-user-guide-ecdefc0/9.png)