Secure Operation of the Cisco 7206 VXR
Cryptographic Key Management
The router securely administers both cryptographic keys and other critical security parameters such as passwords. The tamper evidence seals provide physical protection for all keys. Keys are also password protected and can be zeroized by the crypto officer. Keys are exchanged manually and entered electronically via manual key exchange or Internet Key Exchange (IKE).
Self-Tests
In order to prevent any secure data from being released, it is important to test the cryptographic components of a security module to insure all components are functioning correctly. The router includes an array of
Secure Operation of the Cisco 7206 VXR NPE-400 Router
Cisco 7206 VXR
Initial Setup
•The crypto officer must apply tamper evidence labels as described in the “Physical Security” section of this document. The crypto officer must securely store tamper evidence labels before use, and any tamper evidence labels not used should also be stored securely.
•Only a crypto officer can add and remove port adapters. When removing the tamper evidence label, the crypto officer should remove the entire label from the router and clean the cover of any grease, dirt, or oil with an
System Initialization and Configuration
•The crypto officer must perform the initial configuration. The IOS version shipped with the router, version 12.1(9)E, is the only allowable image. No other image can be loaded.
•The value of the boot field must be 0x0101 (the factory default). This setting disables the break from the console to the ROM monitor and automatically boots the IOS image. From the configure terminal command line, the crypto officer enters the following syntax:
config-register 0x0101
Cisco 7206 VXR Router with ISA Security Policy
11