MNR S2500 Security Policy
Version 1.3, Revision Date: 1/13/2009
CSP |
| Firmware Update |
| Key entry | User Management |
| IKE | Ipsec tunnel establishment | FRF.17 tunnel establishment | SSH | Reboot |
| Zeroization | Crypto Configuration | Network Configuration | Enable Ports |
| File System | Authenticated Show Status | Access Control |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| KEK |
|
|
| R |
|
|
|
|
| R |
| Z | R |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IKE |
|
| W |
|
| R |
|
|
|
|
| Z | W |
|
|
| RW | R |
| |
| Key |
|
|
|
|
|
|
|
|
|
|
|
|
| ||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| SKEYID |
|
|
|
|
| RW |
|
|
| Z |
| Z |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SKEYID_d |
|
|
|
|
| RW |
|
|
|
|
| Z |
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| SKEYID_a |
|
|
|
|
| RW |
|
|
|
|
| Z |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| SKEYID_e |
|
|
|
|
| RW |
|
|
|
|
| Z |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ephemeral DH |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
| RW |
|
|
|
|
| Z |
|
|
|
|
|
|
| ||
| key |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ephemeral Phase- |
|
|
|
|
| RW |
|
|
|
|
| Z |
|
|
|
|
|
|
| |
2 DH private key |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IPSEC Session |
|
|
|
|
| RW | R |
|
|
|
| Z |
|
|
|
|
|
|
| |
| Keys |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FRF.17 Session |
|
|
|
|
| RW |
| R |
|
|
| Z |
|
|
|
|
|
|
| |
| Keys |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
| RW |
|
| Z | RW |
|
|
|
|
|
| ||
| Key |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
| RW |
|
| Z | RW |
|
|
|
|
|
| ||
| Key |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSH Session Keys |
|
|
|
|
|
|
|
| RW |
|
| Z |
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSH DH Private |
|
|
|
|
|
|
|
| RW |
|
| Z |
|
|
|
|
|
|
| |
| Key |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Root Password |
|
|
| RW |
|
|
|
|
|
|
| Z |
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
User(Admin) |
|
|
| RW |
|
|
|
|
|
|
| Z |
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
User Accounts |
|
|
| RW |
|
|
|
|
|
|
| Z |
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| RNG Seed |
|
|
|
|
| RW |
|
|
|
|
| Z |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Table 10 – Services to CSP Access mapping
Page 14