Roles and Services

The module supports role-based and identity-based authentication1. There are two main roles in the module (as required by FIPS 140-2) that operators may assume: a Crypto Officer role and User role.

Crypto Officer Role

The Crypto Officer role has the ability to configure, manage, and monitor the module. Three management interfaces can be used for this purpose:

CLI – The Crypto Officer can use the CLI to perform non-security- sensitive and security-sensitive monitoring and configuration. The CLI can be accessed locally by using the console port or remotely by using Telnet over IPSec or the SSHv2 secured management session.

SNMP – The Crypto Officer can use SNMPv3 to remotely perform non-security-sensitive monitoring and configuration.

Bootrom Monitor Mode – In Bootrom monitor mode, the Crypto Officer can reboot, update the Bootrom, issue file system-related commands, modify network parameters, and issue various show commands. The Crypto Officer can only enter this mode by pressing the key combination CTRL-C during the first five seconds of initialization. It can also be entered if Bootrom cannot find a valid software file.

Due to the different privilege levels (0-15) that can be assigned to each user, the Crypto Officer role can be split into different types of management users:

Super Crypto Officer – Management users with a privilege level of 15 assume the Super Crypto Officer role. Since 15 is the highest privilege level available, the Super Crypto Officer can issue all the configuration and monitoring commands available through the CLI and SNMP. Only the Super Crypto Officer can enter Bootrom monitor mode.

Junior Crypto Officer – Management users with a privilege level of 10 assume the Junior Crypto Officer role. The Junior Crypto Officer can issue all monitoring commands with higher security level and some configuration commands. Examples of commands are: show running-configand show interfaces, and all SNMP show commands.

1Please note that overall the modules meet the level 2 requirements for Roles and Services.

© Copyright 2003 Enterasys Networks Page 11 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Page 11
Image 11
Enterasys Networks XSR-3250, XSR-1805, XSR-1850 manual Roles and Services, Copyright 2003 Enterasys Networks Page 11