Secure Operation of the Cisco 7206 VXR NPE-400 Router

The crypto officer must create the “enable” password for the crypto officer role. The password must be at least 8 characters and is entered when the crypto officer first engages the enable command. The crypto officer enters the following syntax at the “#” prompt:

enable secret [PASSWORD]

The crypto officer must always assign passwords (of at least 8 characters) to users. Identification and authentication of the console port is required for users. From the configure terminal command line, the crypto officer enters the following syntax:

line con 0

password [PASSWORD] login local

The crypto officer shall only assign users to a privilege level 1 (the default).

The crypto officer shall not assign a command to any privilege level other than its default.

The PCMCIA Flash memory card slot is not configured in FIPS mode. Its use is restricted via tamper evidence labels. See the “Physical Security” section for more details.

Non FIPS-Approved Algorithms

The following algorithms are not FIPS approved and should be disabled:

RSA for encryption

MD-5 for signing

AH-SHA-HMAC

ESP-SHA-HMAC

HMAC SHA-1

Protocols

The following network services affect the security data items and must not be configured: NTP, TACACS+, RADIUS, Kerberos.

SNMP v3 over a secure IPSec tunnel can be employed for authenticated, secure SNMP Gets and Sets. Since SNMP v2C uses community strings for authentication, only gets are allowed under SNMP v2C.

Remote Access

Auxiliary terminal services must be disabled, except for the console. The following configuration disables login services on the auxiliary console line.

line aux 0 no exec

Cisco 7206 VXR Router with ISA Security Policy

12

Page 12
Image 12
Cisco Systems Cisco 7206 VXR manual Non FIPS-Approved Algorithms, Protocols, Remote Access

Cisco 7206 VXR specifications

Cisco Systems, a leading company in networking technology, has developed the Cisco 7206 VXR router, which is widely recognized for its robustness and versatility in both enterprise and service provider environments. This router is part of the Cisco 7200 Series and specifically designed to meet various networking needs while delivering high performance and reliability.

One of the main features of the Cisco 7206 VXR is its support for a multitude of interfaces and modules. It boasts the capability to handle multiple protocols, making it suitable for different network environments. The router can accommodate both Ethernet and T1/E1 interfaces, allowing for flexibility in connecting to various types of networks. Moreover, it supports a range of interface modules, including Gigabit Ethernet and DS3, which enables scalability as business demands grow.

In terms of processing power, the Cisco 7206 VXR is equipped with high-performance processors that ensure efficient data handling and routing. It can provide up to 2 Gbps of total throughput, which is essential for applications requiring high bandwidth. This makes it an excellent choice for organizations that rely on consistent network performance for their operations.

The Cisco 7206 VXR also incorporates advanced technologies to enhance network management and security. It supports Cisco Internetwork Operating System (IOS), providing a robust set of features for routing, switching, and security. This includes support for VPNs, firewall capabilities, and network monitoring tools, which are crucial for maintaining a secure and efficient network environment.

Another notable characteristic of the Cisco 7206 VXR is its redundancy features. The router can be equipped with dual power supplies and fans, ensuring uninterrupted service in the event of hardware failure. This redundancy makes it a dependable choice for mission-critical applications where network uptime is paramount.

In conclusion, the Cisco 7206 VXR router stands out as a powerful networking solution that combines flexibility, high performance, and advanced features. Its ability to support various interfaces, protocols, and redundant systems makes it an ideal choice for organizations looking to build robust and scalable network infrastructures. With its proven reliability and innovative technologies, the Cisco 7206 VXR continues to be a pivotal player in the networking landscape.