MNR S2500 Security Policy
Version 1.3, Revision Date: 1/13/2009
6. Access Control Policy
Authenticated Services
•Firmware Update: load firmware images digitally signed by RSA (1024 bit) algorithm.
•Key Entry: Enter
•User Management: Add/Delete and manage passwords operators
•Reboot: force the module to power cycle via a command
•Zeroization: actively destroy all plaintext CSPs and keys
•Crypto Configuration: Configure IPsec and FRF.17 services
•IKE: Key establishment utilizing the IKE protocol
•IPsec tunnel establishment: IPsec protocol
•FRF.17 tunnel establishment: Frame Relay Privacy Protocol
•SSHv2 for remote access to the router
•Network configuration: Configure networking capabilities
•Enable Ports: Apply a security policy to a port
•File System: Access file system
•Authenticated Show status: Provide status to an authenticated operator
•Access Control: Provide access control for all operators
Unauthenticated Services:
•Unauthenticated Show status: provide the status of the cryptographic module – the status is shown using the LEDs on the front panel.
•
•Monitor: Perform various hardware support services
Page 10