Feature Overview

Note The backup POTS connection enables only one of the VoIP ports on the Cisco uBR924 to function during a power outage. Calls in progress prior to the power outage will be disconnected. If power is reestablished while a cutover call is in progress, the connection will remain in place until the call is terminated. Once the cutover call is terminated, the router automatically reboots.

Security Features

Cisco uBR900 series cable access routers support the security features described in the paragraphs below.

DOCSIS Baseline Privacy

Support for DOCSIS Baseline Privacy in the Cisco uBR900 series is based on the DOCSIS Baseline Privacy Interface Specification (SP-BPI-I01-970922). It provides data privacy across the HFC network by encrypting traffic flows between the cable access router and the CMTS.

Baseline Privacy security services are defined as a set of extended services within the DOCSIS MAC sublayer. Two new MAC management message types, BPKM-REQ and BPKM-RSP, are employed to support the Baseline Privacy Key Management (BPKM) protocol.

The BPKM protocol does not use authentication mechanisms such as passwords or digital signatures; it provides basic protection of service by ensuring that a cable modem, uniquely identified by its 48-bit IEEE MAC address, can only obtain keying material for services it is authorized to access. The Cisco uBR900 series cable access router is able to obtain two types of keys from the CMTS: the Traffic Exchange Key (TEK), which is used to encrypt and decrypt data packets, and the Key Exchange Key (KEK), which is used to decrypt the TEK.

IPSec Network Security

IPSec Network Security (IPSec) is an IP security feature that provides robust authentication and encryption of IP packets. IPSec is a framework of open standards developed by the Internet Engineering Task Force (IETF) providing security for transmission of sensitive information over unprotected networks such as the Internet. IPSec acts at the network layer (Layer 3), protecting and authenticating IP packets between participating IPSec devices (“peers”) such as the Cisco uBR900 series cable access router.

IPSec provides the following network security services:

Privacy—IPSec can encrypt packets before transmitting them across a network.

Integrity—IPSec authenticates packets at the destination peer to ensure that the data has not been altered during transmission.

Authentication—Peers authenticate the source of all IPSec-protected packets.

Anti-replay protection—Prevents capture and replay of packets; helps protect against denial-of-service attacks.

Triple Data Encryption Standard

The Data Encryption Standard (DES) is a standard cryptographic algorithm developed by the United States National Bureau of Standards. The Triple DES (3DES) Cisco IOS Software Release images increase the security from the standard 56-bit IPSec encryption to 168-bit encryption, which is used for highly sensitive and confidential information such as financial transactions and medical records.

16Cisco IOS Release 12.0(7)T

Page 15 Page 17
Page 16
Image 16
Cisco Systems UBR900 Security Features, Docsis Baseline Privacy, IPSec Network Security, Triple Data Encryption Standard
Page 15 Page 17
Top Page Image Contents