Cisco 7609-S User Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. 7609-S
  6. User manual
Cisco 7609-S User Manual

Cisco 7609-S User Manual

With supervisor sup720-3b
Hide thumbs Also See for 7609-S:
Table of Contents

Advertisement

Quick Links

See also: Configuration Manual , Installation Manual
Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B
FIPS 140-2 Non Proprietary Security Policy
Level 2 Validation
Version 0.5
May, 2011
© Copyright 2007 Cisco Systems, Inc.
1
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Advertisement

Table of Contents
loading

Related Manuals for Cisco 7609-S

Summary of Contents for Cisco 7609-S

  • Page 1 Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B FIPS 140-2 Non Proprietary Security Policy Level 2 Validation Version 0.5 May, 2011 © Copyright 2007 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 2: Table Of Contents

    ........................3 EFERENCES     ........................4 ERMINOLOGY     ....................4 OCUMENT RGANIZATION     CISCO 7606-S AND 7609-S ROUTERS WITH SUPERVISOR SUP720-3B ....5     ..........5 RYPTOGRAPHIC ODULE HYSICAL HARACTERISTICS     ......................6 ODULE NTERFACES  ...

  • Page 3: Introduction

    Table 1 Module Validation Level References This document deals only with operations and capabilities of the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the routers from the following sources: The Cisco Systems website contains information on the full line of Cisco Systems routers.

  • Page 4: Terminology

    (http://csrc.nist.gov/groups/STM/cmvp/validation.html) contains contact information for answers to technical or sales-related questions for the module. Terminology In this document, the Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B is referred to as the router, the module, or the system. Document Organization The Security Policy document is part of the FIPS 140-2 Submission Package.

  • Page 5: Cisco 7606-S And 7609-S Routers With Supervisor Sup720-3B

    Th he Cisco 760 00-S also del livers WAN an nd metropolit tan-area netw work (MAN N) networking g solutions a at the enterpr rise edge.

  • Page 6: Module

    Figure 2 - C Cisco 7609-S R Router The cryp ptographic bo oundary is d defined as be ing the phys sical enclosu ure of the cha assis. The cryp ptographic bo oundary is il llustrated in Figures 1 an...
  • Page 7 Figure 3 - S UP 720-3B int terfaces The follo owing tables provide mo ore detailed i nformation c conveyed by y the LEDs o on the front a rear pane el of the rout ter: Name State Description Status Green All diagnostic cs pass.

  • Page 8: Roles And Services

    Crypto Officer services, while the Users exercise only the basic User services. A detailed list of services attributed to each role can be found in section 2.3.2 © Copyright 2011 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 9: Authentication

    User password (r, x) version of IOS currently running. Connect to other network devices DRBG seed, DRBG V, DH Network © Copyright 2011 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 10: Crypto Officer Services

    Router Authentication packet statistics, review accounting key, PPP authentication key, logs, and view physical interface SSH private key © Copyright 2011 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 11: Unauthenticated Services

    To install an opacity shield on the module, follow these steps: 1. The opacity shield is designed to be installed on a Catalyst 7606-S chassis that is already rack-mounted. If your Cisco 7606-S chassis is not rack-mounted, install the chassis in the © Copyright 2011 Cisco Systems, Inc.
  • Page 12 Cisco 7600 Series Router Installation Guide. If your Cisco 7606-S chassis is already rack-mounted, proceed to step 2. 2. Open the FIPS kit packaging (part number CVPN7600FIPS/KIT=). The kit contains the following items: • An opacity shield assembly for the Cisco 7606-S router (part number 800-26211).

  • Page 13: Tamper Evidence

    4 - Insta alling the Opac city Shield on the Cisco 760 06-S Router The 7609 9-S does not t require any y opacity shie elds. 2.4.2 T...
  • Page 14 11-13 © Copyright 2011 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
  • Page 15 16-17 18-20 Figure 5 - TEL placement for 7606-S © Copyright 2011 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
  • Page 16 10-11 © Copyright 2011 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 17: Cryptographic Algorithms

    12-15 Figure 6 - TEL placement for 7609-S Cryptographic Algorithms The module implements a variety of approved and non-approved algorithms. 2.5.1 Approved Cryptographic Algorithms The routers support the following FIPS-2 approved algorithm implementations: © Copyright 2011 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 18: Non-Fips Approved Algorithms Allowed In Fips Mode

    SSH is used for electronic distribution. The module supports the following types of key management schemes: © Copyright 2011 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
  • Page 19 Crypto Officer  (plaintext)  no tacacs‐ module  server key”  DRBG  SP 800‐90  128‐bits  This is the seed for SP  Generated by  DRAM  power cycle  Seed  800‐90 DRBG.   entropy source via  (plaintext)  the device  the CTR_DRBG  derivation function  © Copyright 2011 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 20: Self -Tests

    • IOS Self Tests o POST tests AES Known Answer Test RSA Signature Known Answer Test (both signature/verification) Software/firmware test © Copyright 2011 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 21: Secure Operation

    5. The Crypto Officer shall only assign users to a privilege level 1 (the default). 6. The Crypto Officer shall not assign a command to any privilege level other than its default. © Copyright 2011 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • Page 22: Protocols

    The Crypto officer must configure the module so that SSH uses only FIPS- approved algorithms. Note that all users must still authenticate after remote access is granted. © Copyright 2011 Cisco Systems, Inc. This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

This manual is also suitable for:

7606-s

Table of Contents