Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment1841 - 1841 Integrated Services Router
21222324252627282930
© Copyright 2007 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
22
Enable secret Shared Secret The ciphertext password of the CO role.
However, the algorithm used to encrypt this
password is not FIPS approved. Therefore,
this password is considered plaintext for
FIPS purposes. This password is zeroized
by overwriting it with a new password.
NVRAM Overwrite with new password
RADIUS
secret
Shared Secret The RADIUS shared secret. This shared
secret is zeroized by executing the “no
radius-server key” command.
NVRAM “# no radius-server key”
secret_1_0_0 The fixed key used in Cisco vendor ID
generation. This key is embedded in the
module binary image and can be deleted by
erasing the Flash.
NVRAM Deleted by erasing the Flash.
TACACS+
secret
Shared Secret The TACACS+ shared secret. This shared
secret is zeroized by executing the “no
tacacs-server key” command.
NVRAM “# no tacacs-server key”
TLS server
private key
RSA 1024/1536/2048 bit RSA private key used
for SSLV3.1/TLS.
NVRAM “# crypto key zeroize rsa"
TLS server
public key
RSA 1024/1536/2048 bit RSA public key used for
SSLV3.1/TLS.
NVRAM “# crypto key zeroize rsa"
TLS pre-
master secret
Shared Secret Shared Secret created using asymmetric
cryptography from which new TLS session
keys can be created
DRAM Automatically when TLS
session is terminated
TLS
Encryption
Key
AES/TRIPLE-
DES
Key used to encrypt TLS session data DRAM Automatically when TLS
session is terminated
TLS Integrity
Key
HMAC-SHA-1 HMAC-SHA-1 used for TLS data integrity
protection
DRAM Automatically when TLS
session is terminated
Table 8 - Cryptographic Keys and CSPs
SRDI/Role/Service
Access Policy
(r = read,
w = write,
d = delete)
Roles/Service
User Role
Status Functions
Network Functions
Terminal Functions
Directory Services
SSL-TLS/VPN
EASY VPN
Crypto Officer Role
Configure the Router
Define Rules and Filters
Status Functions
Manage the Router
Set Encryption/Bypass
Change WAN Interface Cards
Security Relevant Data Item
PRNG Seed
r
d r
w
d
PRNG Seed Key
r
d r
w
d