System information
Operation 1-5
Software Release 2.0.1
C613-03018-00 REV A
security functions such as IP authentication, Secure Shell (see Chapter 32, Secure
Shell), encryption (Chapter 15, Compression and Encryption Services) or IPsec
(Chapter 34, IP Security (IPsec)). Security mode is enabled using the command:
ENABLE SYSTEM SECURITY_MODE
which also creates a security mode enabler file in the router’s file subsystem.
This file can not be manually modified, displayed, deleted, copied or renamed.
If the router is restarted, the startup process checks for the presence of the
enabler file. If the enabler file is present the router boots up in security mode,
otherwise the router boots up in normal mode. The router is restored to normal
operating mode using the command:
DISABLE SYSTEM SECURITY_MODE
which also deletes the security mode enabler file in the router’s file subsystem.
Sensitive data files, such as encryption keys, can only be stored in the router’s
file subsystem when the router is operating in security mode.
When security mode is disabled, all sensitive data files are automatically
deleted.
The current operating mode is displayed using the command:
SHOW SYSTEM
When the router is operating in security mode, only users with SECURITY
OFFICER privilege (see “User Privilege Levels” on page 1-7) can execute
commands which could impact the security of the router and it’s keys
(Table 1-1 on page 1-5).
Table 1-1: Commands requiring SECURITY OFFICER privilege when the router is
operating in security mode.
Command Specific Parameters
ACTIVATE IPSEC
ACTIVATE SCR
ADD FR DLC ENCRYPTION
ADD IP INT
ADD IP SA
ADD SA
ADD SCR
ADD SSH
ADD USER
CLEAR NVS
CREATE CONFIG
CREATE ENCO KEY
CREATE FR DEFENCRYPTION
CREATE IPSEC
CREATE ISAKMP
CREATE PPP
CREATE PPP TEMPLATE
CREATE SA