Cisco Systems Cisco 7206 VXR Physical Security, Cryptographic Officer Services, User Services

Page 8

The 7206 VXR NPE-400 Router

Cryptographic Officer Services

During initial configuration of the router, a cryptographic officer (crypto officer) password (the “enable” password) is defined and all management services are available from this role. The crypto officer connects to the router through the console port through the terminal program. A crypto officer can assign permission to access the crypto officer role to additional accounts, thereby creating additional crypto officers.

At the highest level, crypto officer services include the following:

Configure the router: define network interfaces and settings, create command aliases, set the protocols the router will support, enable interfaces and network services, set system date and time, and load authentication information.

Define rules and filters: create packet filters that are applied to user data streams on each interface. Each filter consists of a set of rules, which define a set of packets to permit or deny based on characteristics such as protocol ID, addresses, ports, TCP connection establishment, or packet direction.

Status functions: view the router configuration, routing tables, and active sessions; view SNMP MIB II statistics, health, temperature, memory status, voltage, and packet statistics; review accounting logs, and view physical interface status.

Manage the router: log off users, shut down or reload the router, manually back up router configurations, view complete configurations, manager user rights, and restore router configurations.

Set encryption/bypass: set up the configuration tables for IP tunneling. Set keys and algorithms to be used for each IP range or allow plaintext packets to be set from specified IP addresses.

Change port adapters: insert and remove adapters in port adapter slots as described in the “Initial Setup” section on page 11 in this document.

User Services

A user enters the system by accessing the console port with a terminal program. The IOS prompts the user for their password. If it matches the plaintext password stored in IOS memory, the user is allowed entry to the IOS executive program. At the highest level, user services include the following:

·Status Functions: view state of interfaces, state of layer 2 protocols, version of IOS currently running

Network Functions: connect to other network devices through outgoing telnet or PPP, and initiate diagnostic network services (for example, ping or mtrace)

Terminal Functions: adjust the terminal session (that is, lock the terminal and adjust flow control)

·Directory Services: display directory of files kept in flash memory

Physical Security

The router is entirely encased by a thick steel chassis. The front of the router provides 4 port adapter slots, on-board LAN connectors, PC Card slots, and Console/Auxiliary connectors. The power cable connection, a power switch, and the access to the Network Processing Engine are at the rear of the router.

Cisco 7206 VXR Router with ISA Security Policy

8

Page 7 Page 9
Image 8
Page 7 Page 9
Contents Introduction 7206 VXR NPE-400 Router ReferencesTerminology Document Organization7206 VXR NPE-400 Cryptographic Module Port adaptersModule Interfaces Input/Output Controller Integrated Service Adapter LEDEnabled Roles and Services Router Physical Interface Fips 140-1 Logical InterfacePhysical Security Cryptographic Officer ServicesUser Services 7206 VXR NPE-400 Router Shows the tamper evidence label placements Initial Setup System Initialization and ConfigurationSelf-Tests Cryptographic Key ManagementProtocols Remote AccessNon FIPS-Approved Algorithms Obtaining Documentation World Wide WebDocumentation CD-ROM Ordering DocumentationContacting TAC by Using the Cisco TAC Website Obtaining Technical AssistanceCisco.com Technical Assistance CenterContacting TAC by Telephone
Top Page Image Contents