Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment1841 - 1841 Integrated Services Router
11121314151617181920
© Copyright 2007 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
12
Define Rules and Filters
Create packet Filters that are applied to User data streams on each
interface. Each Filter consists of a set of Rules, which define a set
of packets to permit or deny based on characteristics such as
protocol ID, addresses, ports, TCP connection establishment, or
packet direction.
View Status Functions
View the router configuration, routing tables, active sessions, use
gets to view SNMP MIB statistics, health, temperature, memory
status, voltage, packet statistics, review accounting logs, and view
physical interface status.
Manage the router
Log off users, shutdown or reload the router, erase the flash
memory, manually back up router configurations, view complete
configurations, manager user rights, and restore router
configurations.
Set Encryption/Bypass
Set up the configuration tables for IP tunneling. Set pre-shared keys
and algorithms to be used for each IP range or allow plaintext
packets to be set from specified IP address.
Bypass Mode
The routers implement an alternating bypass capability, in which some connections may be
cryptographically authenticated and encrypted while others may not. Two independent internal
actions are required in order to transition into each bypass state: First, the bypass state must be
configured by the Crypto Officer using “match address <ACL-name>" sub-command under
crypto map which defines what traffic is encrypted. Second, the module must receive a packet
that is destined for an IP that is not configured to receive encrypted data. The configuration table
uses an error detection code to detect integrity failures, and if an integrity error is detected, the
module will enter an error state in which no packets are routed. Therefore, a single error in the
configuration table cannot cause plaintext to be transmitted to an IP address for which it should
be encrypted.
2.3.3 Unauthenticated Services
The services available to unauthenticated users are:
Viewing the status output from the module’s LEDs
Powering the module on and off using the power switch
Sending packets in bypass
2.3.4 Strength of Authentication
The security policy stipulates that all user passwords must be 8 alphanumeric characters, so the
password space is 2.8 trillion possible passwords. The possibility of randomly guessing a
password is thus far less than one in one million. To exceed a one in 100,000 probability of a
successful random password guess in one minute, an attacker would have to be capable of 28
million password attempts per minute, which far exceeds the operational capabilities of the
module to support.