Cryptographic Key Management - Cisco 1841 User Manual

Cisco 1841 and Cisco 2801 Routers
The tamper evidence label should be placed over the CF card in the slot so that any attempt to remove
Step 3
the card will show sign of tampering.
The tamper evidence label should be placed so that the one half of the label covers the enclosure and the
Step 4
other half covers the port adapter slot.
The labels completely cure within five minutes.
Step 5
Figure 8
Figure 8
Figure 9
The tamper evidence seals are produced from a special thin gauge vinyl with self-adhesive backing. Any
attempt to open the router will damage the tamper evidence seals or the material of the module cover.
Since the tamper evidence seals have non-repeated serial numbers, they can be inspected for damage and
compared against the applied serial numbers to verify that the module has not been tampered. Tamper
evidence seals can also be inspected for signs of tampering, which include the following: curled corners,
bubbling, crinkling, rips, tears, and slices. The word "OPEN" may appear if the label was peeled back.

Cryptographic Key Management

The router securely administers both cryptographic keys and other critical security parameters such as
passwords. The tamper evidence seals provide physical protection for all keys. All keys are also
protected by the password-protection on the Crypto Officer role login, and can be zeroized by the Crypto
Officer. All zeroization consists of overwriting the memory that stored the key. Keys are exchanged and
entered electronically or via Internet Key Exchange (IKE).
The routers support the following FIPS 140-2 approved algorithm implementations:
•
Cisco 1841 Integrated Services Router with AIM-VPN/BPII-Plus and Cisco 2801 Integrated Services Router with AIM-VPN/EPII-Plus
12
and Figure 9 show the tamper evidence label placements for the 2821.
Cisco 2801 Tamper Evident Label Placement (Back View)
Cisco 2801 Tamper Evident Label Placement (Front View)
Software (IOS) implementations
AES
–
OL-8719-01