Cisco 2621XM Operations page 12
Modular access routers with aim-vpn/ep fips 140-2 non-proprietary security policy
Hide thumbs
Also See for 2621XM:
- User manual (20 pages) ,
- Configuration manual (196 pages) ,
- Hardware installation manual (104 pages)
Table of Contents
Advertisement
The 2621XM/2651XM Router
Table 4
18
CSP 18
19
CSP 19
20
CSP 20
21
CSP 21
22
CSP 22
23
CSP 23
24
CSP 24
25
CSP 25
26
CSP 26
27
CSP 27
28
CSP 28
29
CSP 29
30
CSP 30
31
CSP 31
Cisco 2621XM and Cisco 2651XM Modular Access Routers with AIM-VPN/EP FIPS 140-2 Non-Proprietary Security Policy
12
Critical Security Parameters (continued)
The SSL session key. Zeroized when the SSL connection is
terminated.
The ARAP key that is hardcoded in the module binary image.
This key can be deleted by erasing the Flash.
This is an ARAP user password used as an authentication key. A
function uses this key in a DES algorithm for authentication.
The key used to encrypt values of the configuration file. This key
is zeroized when the "no key config-key" is issued.
This key is used by the router to authenticate itself to the peer. The
router itself gets the password (that is used as this key) from the
AAA server and sends it onto the peer. The password retrieved
from the AAA server is zeroized upon completion of the
authentication attempt.
The RSA public key used in SSH. Zeroized after the termination
of the SSH session. This key does not need to be zeroized because
it is a public key; However, it is zeroized as mentioned here.
The authentication key used in PPP. This key is in the DRAM and
not zeroized at runtime. One can turn off the router to zeroize this
key because it is stored in DRAM.
This key is used by the router to authenticate itself to the peer. The
key is identical to #22 except that it is retrieved from the local
database (on the router itself). Issuing the "no username
password" zeroizes the password (that is used as this key) from
the local database.
This is the SSH session key. It is zeroized when the SSH session
is terminated.
The password of the User role. This password is zeroized by
overwriting it with a new password.
The plaintext password of the CO role. This password is zeroized
by overwriting it with a new password.
The ciphertext password of the CO role. However, the algorithm
used to encrypt this password is not FIPS approved. Therefore,
this password is considered plaintext for FIPS purposes. This
password is zeroized by overwriting it with a new password.
The RADIUS shared secret. This shared secret is zeroized by
executing the "no" form of the RADIUS shared secret set
command.
The TACACS+ shared secret. This shared secret is zeroized by
executing the "no" form of the TACACS+ shared secret set
command.
DRAM
(plaintext)
Flash
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext),
DRAM
(plaintext)
NVRAM
(plaintext),
DRAM
(plaintext)
OL-6262-01
Hide quick links:
Advertisement
Table of Contents
