Cisco 2811 and 2821 Integrated Services Router with AIM-VPN/SSL-2

Transcription

1 Cisco 2811 an 2821 Integate Sevices Route ith AIM-VPN/SSL-2 FIPS Non Popietay Secuity Policy Level 2 Valiation Vesion 1.5 Septembe 8, 2008 Copyight 2005 Cisco Systems, Inc. This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

2 Table of Contents 1 INTRODUCTION PURPOSE REFERENCES TERMINOLOGY DOCUMENT ORGANIZATION CISCO 2811 AND 2821 ROUTERS THE 2811 CRYPTOGRAPHIC MODULE PHYSICAL CHARACTERISTICS THE CISCO 2821 CRYPTOGRAPHIC MODULE PHYSICAL CHARACTERISTICS ROLES AND SERVICES Use Sevices Cypto ice Sevices Unauthenticate Sevices Stength of Authentication PHYSICAL SECURITY CRYPTOGRAPHIC KEY MANAGEMENT SELF-TESTS Self-tests pefome by the IOS image Self-tests pefome by NetGX Chip Self-tests pefome by AIM SECURE OPERATION OF THE CISCO 2811 OR 2821 ROUTER INITIAL SETUP SYSTEM INITIALIZATION AND CONFIGURATION IPSEC REQUIREMENTS AND CRYPTOGRAPHIC ALGORITHMS SSLV3.1/TLS REQUIREMENTS AND CRYPTOGRAPHIC ALGORITHMS PROTOCOLS REMOTE ACCESS Copyight 2007 Cisco Systems, Inc. Page 2 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

3 1 Intouction 1.1 Pupose This ocument is the non-popietay Cyptogaphic Moule Secuity Policy fo the Cisco 2811 an 2821 Integate Sevices Routes ith AIM-VPN/SSL-2 Routes (Route Haae Vesion: 2811 an 2821; Route Fimae Vesion: IOS 12.4 (15) T3; AIM-VPN/SSL-2 Haae Vesion 1.0, Boa Revision 01). This secuity policy escibes ho the Cisco 2811 an 2821 Integate Sevices meet the secuity equiements of FIPS 140-2, an ho to opeate the oute enable in a secue FIPS moe. This policy as pepae as pat of the Level 2 FIPS valiation of the Cisco 2811 o 2821 Integate Sevices oute. FIPS (Feeal Infomation Pocessing Stanas Publication Secuity Requiements fo Cyptogaphic Moules) etails the U.S. Govenment equiements fo cyptogaphic moules. Moe infomation about the FIPS stana an valiation pogam is available on the NIST ebsite at Refeences This ocument eals only ith opeations an capabilities of the 2811 an 2821 outes ith AIM moules in the technical tems of a FIPS cyptogaphic moule secuity policy. Moe infomation is available on the outes fom the folloing souces: The Cisco Systems ebsite contains infomation on the full line of Cisco Systems outes. Please efe to the folloing ebsite: Fo anses to technical o sales elate questions please efe to the contacts liste on the Cisco Systems ebsite at.cisco.com. The NIST Valiate Moules ebsite ( contains contact infomation fo anses to technical o sales-elate questions fo the moule. 1.3 Teminology In this ocument, the Cisco 2811 o 2821 outes ae efee to as the oute, the moule, o the system. 1.4 Document Oganization The Secuity Policy ocument is pat of the FIPS Submission Package. In aition to this ocument, the Submission Package contains: Veno Evience ocument Finite State Machine Othe suppoting ocumentation as aitional efeences Copyight 2007 Cisco Systems, Inc. Page 3 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

4 This ocument povies an ovevie of the outes an explains thei secue configuation an opeation. This intouction section is folloe by Section 2, hich etails the geneal featues an functionality of the oute. Section 3 specifically aesses the equie configuation fo the FIPS-moe of opeation. With the exception of this Non-Popietay Secuity Policy, the FIPS Valiation Submission Documentation is Cisco-popietay an is eleasable only une appopiate nonisclosue ageements. Fo access to these ocuments, please contact Cisco Systems. Copyight 2007 Cisco Systems, Inc. Page 4 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

5 2 Cisco 2811 an 2821 Routes Banch office netoking equiements ae amatically evolving, iven by eb an e- commece applications to enhance pouctivity an meging the voice an ata infastuctue to euce costs. The Cisco 2811 an 2821 outes povie a scalable, secue, manageable emote access seve that meets FIPS Level 2 equiements. This section escibes the geneal featues an functionality povie by the outes. The folloing subsections escibe the physical chaacteistics of the outes. 2.1 The 2811 Cyptogaphic Moule Physical Chaacteistics Figue 1 The 2811 oute case The 2811 Route is a multiple-chip stanalone cyptogaphic moule. The oute has a pocessing spee of 350MHz. Depening on configuation, installe AIM-VPN/SSL-2 moule, o the intenal NetGX chip o the IOS softae is use fo cyptogaphic opeations. The cyptogaphic bounay of the moule is the evice s case. All of the functionality iscusse in this ocument is povie by components ithin this cyptogaphic bounay. The inteface fo the oute is locate on the font an ea panels as shon in Figue 2 an Figue 3, espectively. Figue 2 Font Panel Physical Intefaces Copyight 2007 Cisco Systems, Inc. Page 5 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

6 Figue 3 Rea Panel Physical Intefaces The Cisco 2811 oute featues a console pot, an auxiliay pot, to Univesal Seial Bus (USB) pots, fou high-spee WAN inteface ca (HWIC) slots, to10/100 Gigabit Ethenet RJ45 pots, an Enhance Netok Moule (ENM) slot, an a Compact Flash (CF) ive. The Cisco 2811 oute suppots one single-ith netok moule, fou single-ith o to ouble-ith HWICs, to slots fo AIM-VPN/SSL-2 cas 1, to intenal packet voice ata moules (PVDMs), to fast Ethenet connections, an 16 pots of IP phone poe output. Figue 2 shos the font panel an Figue 3 shos the ea panel. The font panel contains 4 LEDs that output status ata about the system poe, auxiliay poe, system activity, an compact flash busy status. The back panel consists of 12 LEDs: to Ethenet activity LEDs, to uplex LEDs, to spee LEDs, to link LEDs, to PVDM LEDs, an to AIM LEDs. The font panel contains the folloing: (1) Poe inlet (2) Poe sitch (3) Optional RPS input (4) Console an auxiliay pots (5) USB pots (6) CF ive (7) LEDs escibe in table 1. The back panel contains the folloing: (1) Goun connecto (2) an (3) Ethenet pots an LEDs (4)-(7) HWIC slots (8) ENM slot. The folloing tables povie moe etaile infomation conveye by the LEDs on the font an ea panel of the oute: Name State Desciption System Poe Blinking Geen Soli Geen Soli Oange Poe off ROMMON moe Opeating nomally System Eo Detecte 1 The secuity policy coves the configuation in hich one AIM ca is use. Copyight 2007 Cisco Systems, Inc. Page 6 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

7 Auxiliay Poe Activity Compact Flash Soli Geen Soli Oange Blinking Geen Soli Geen Soli Geen -48V PS an RPS not pesent -48V PS o RPS pesent an functional -48V PS o RPS pesent an failue etecte No inteupts o packet tansfe occuing System is sevicing inteupts System is actively tansfeing packets No ongoing accesses, eject pemitte Device is busy, o not eject Table 1 Cisco 2811 Font Panel Inicatos Name State Desciption PVDM1 Soli Geen Soli Oange PVDM0 AIM1 AIM0 Soli Geen Soli Oange Soli Geen Soli Oange Soli Geen Soli Oange PVDM1 not installe PVDM1 installe an initialize PVDM1 installe an initialize eo PVDM0 not installe PVDM0 installe an initialize PVDM0 installe an initialize eo AIM1 not installe AIM1 installe an initialize AIM1 installe an initialize eo AIM0 not installe AIM0 installe an initialize AIM0 installe an initialize eo Table 2 Cisco 2811 Rea Panel Inicatos The folloing table escibes the meaning of Ethenet LEDs on the ea panel: Name State Desciption Activity Not eceiving packets Soli/Blinking Geen Receiving packets Duplex Soli Geen Half-Duplex Full-Duplex Spee One Blink Geen To Blink Geen 10 Mbps 100 Mbps Link Soli Geen No link establishe Ethenet link is establishe Table 3 Cisco 2811 Ethenet Inicatos The physical intefaces ae sepaate into the logical intefaces fom FIPS as escibe in the folloing table: Route Physical Inteface 10/100 Ethenet LAN Pots HWIC Pots Console Pot Auxiliay Pot ENM Slot USB Pots FIPS Logical Inteface Data Input Inteface Copyight 2007 Cisco Systems, Inc. Page 7 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

8 Route Physical Inteface 10/100 Ethenet LAN Pots HWIC Pots Console Pot Auxiliay Pot ENM Slot USB Pots 10/100 Ethenet LAN Pots HWIC Pots Poe Sitch Console Pot Auxiliay Pot ENM Slot 10/100 Ethenet LAN Pot LEDs AIM LEDs PVDM LEDs Poe LED Activity LEDs Auxiliay LED Compact Flash LED Console Pot Auxiliay Pot USB Pots Main Poe Plug Reunant Poe Supply Plug FIPS Logical Inteface Data Output Inteface Contol Input Inteface Status Output Inteface Poe Inteface Table 4 Cisco 2811 FIPS Logical Intefaces The CF ca that stoe the IOS image is consiee an intenal memoy moule, because the IOS image stoe in the ca may not be moifie o upgae. The ca itself must neve be emove fom the ive. Tampe evient seal ill be place ove the ca in the ive. 2.2 The Cisco 2821 Cyptogaphic Moule Physical Chaacteistics Figue 4 The 2821 oute case The Cisco 2821 oute a multiple-chip stanalone cyptogaphic moule. The oute has a pocessing spee of 350MHz. Depening on configuation, eithe installe AIM-VPN/SSL-2 ca o the intenal NetGX chip o the IOS softae is use fo cyptogaphic opeations. Copyight 2007 Cisco Systems, Inc. Page 8 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

9 The cyptogaphic bounay of the moule is the evice s case. All of the functionality iscusse in this ocument is povie by components ithin this cyptogaphic bounay. The intefaces fo the oute ae locate on the font an ea panels as shon in Figue 5 an Figue 6, espectively. Figue 5 Cisco 2821 Font Panel Physical Intefaces Figue 6 Cisco 2821 Rea Panel Physical Intefaces The Cisco 2821 oute featues a console pot, an auxiliay pot, to Univesal Seial Bus (USB) pots, fou high-spee WAN inteface ca (HWIC) slots, to10/100 Gigabit Ethenet RJ45 pots, a Enhance Netok Moule (ENM) slot, a Voice Netok Moule (VeNoM) slot, an a Compact Flash (CF) ive. The Cisco 2821 oute suppots one single-ith netok moule, fou single-ith o to ouble-ith HWICs, has to slots fo AIM-VPN/BPII-Plus cas 2, thee intenal packet voice ata moules (PVDMs), to fast Ethenet connections, an 16 pots of IP phone poe output. Figue 5 shos the font panel an Figue 6 shos the ea panel. The font panel contains 4 LEDs that output status ata about the system poe, auxiliay poe, system activity, an compact flash busy status. The back panel consists of 13 LEDs: to Ethenet activity LEDs, to uplex LEDs, to spee LEDs, to link LEDs, thee PVDM LEDs, an to AIM LEDs. The font panel contains the folloing: (1) Poe inlet (2) Poe sitch (3) Console an auxiliay pots 2 The secuity policy coves the configuation in hich one AIM ca is use. Copyight 2007 Cisco Systems, Inc. Page 9 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

10 (4) USB pots (5) CF ive (6) LEDs escibe in table 1. (7) Optional RPS input The back panel contains the folloing: (1) GE 0 pot (2) GE 1 pot (3) HWIC 0 slot (4) HWIC 1 slot (5) HWIC 2 slot (6) HWIC 3 slot (7) VeNoM slot (8) ENM slot (9) Goun connecto The folloing tables povie moe etaile infomation conveye by the LEDs on the font an ea panel of the oute: Name State Desciption System Poe Blinking Geen Soli Geen Soli Oange Poe off ROMMON moe Opeating nomally System Eo Detecte Auxiliay Poe Activity Compact Flash Soli Geen Soli Oange Blinking Geen Soli Geen Soli Geen -48V PS an RPS not pesent -48V PS o RPS pesent an functional -48V PS o RPS pesent an failue etecte No inteupts o packet tansfe occuing System is sevicing inteupts System is actively tansfeing packets No ongoing accesses, eject pemitte Device is busy, o not eject Table 5 Cisco 2821 Font Panel Inicatos Name State Desciption PVDM2 Soli Geen Soli Oange PVDM1 PVDM0 AIM1 AIM0 Soli Geen Soli Oange Soli Geen Soli Oange Soli Geen Soli Oange Soli Geen PVDM2 not installe PVDM2 installe an initialize PVDM2 installe an initialize eo PVDM1 not installe PVDM1 installe an initialize PVDM1 installe an initialize eo PVDM0 not installe PVDM0 installe an initialize PVDM0 installe an initialize eo AIM1 not installe AIM1 installe an initialize AIM1 installe an initialize eo AIM0 not installe AIM0 installe an initialize Copyight 2007 Cisco Systems, Inc. Page 10 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

11 Soli Oange AIM0 installe an initialize eo Table 6 Cisco 2821 Rea Panel Inicatos The folloing table escibes the meaning of Ethenet LEDs on the font panel: Name State Desciption Activity Not eceiving packets Soli/Blinking Geen Receiving packets Duplex Soli Geen Half-Duplex Full-Duplex Spee One Blink Geen To Blink Geen 10 Mbps 100 Mbps Link Soli Geen No link establishe Ethenet link is establishe Table 7 Cisco 2821 Ethenet Inicatos The physical intefaces ae sepaate into the logical intefaces fom FIPS as escibe in the folloing table: Route Physical Inteface 10/100 Ethenet LAN Pots HWIC Pots Console Pot Auxiliay Pot ENM Slot VeNoM Slot USB Pots 10/100 Ethenet LAN Pots HWIC Pots Console Pot Auxiliay Pot ENM Slot VeNoM Slot USB Pots 10/100 Ethenet LAN Pots HWIC Pots Poe Sitch Console Pot Auxiliay Pot ENM Slot 10/100 Ethenet LAN Pot LEDs AIM LEDs PVDM LEDs Poe LED Activity LEDs Auxiliay LED Compact Flash LED Console Pot Auxiliay Pot USB Pots FIPS Logical Inteface Data Input Inteface Data Output Inteface Contol Input Inteface Status Output Inteface Copyight 2007 Cisco Systems, Inc. Page 11 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

12 Route Physical Inteface Main Poe Plug Reunant Poe Supply Plug FIPS Logical Inteface Poe Inteface Table 8 Cisco 2821 FIPS Logical Intefaces The CF ca that stoe the IOS image is consiee an intenal memoy moule. The eason is the IOS image stoe in the ca cannot be moifie o upgae. The ca itself must neve be emove fom the ive. Tampe evient seal ill be place ove the ca in the ive. 2.3 Roles an Sevices Authentication in Cisco 2811 an Cisco 2821 is ole-base. Thee ae to main oles in the oute that opeatos can assume: the Cypto ice ole an the Use ole. The aministato of the oute assumes the Cypto ice ole in oe to configue an maintain the oute using Cypto ice sevices, hile the Uses execise only the basic Use sevices. The moule suppots RADIUS an TACACS+ fo authentication. A complete esciption of all the management an configuation capabilities of the oute can be foun in the Pefoming Basic System Management manual an in the online help fo the oute Use Sevices Uses ente the system by accessing the console pot ith a teminal pogam o IPSec potecte telnet o SSH session to a LAN pot. The IOS pompts the Use fo usename an passo. If the passo is coect, the Use is alloe enty to the IOS executive pogam. The sevices available to the Use ole consist of the folloing: Status Functions Vie state of intefaces an potocols, vesion of IOS cuently unning. Netok Functions Teminal Functions Diectoy Sevices SSL-TLS/VPN EASY VPN Connect to othe netok evices though outgoing telnet, PPP, etc. an initiate iagnostic netok sevices (i.e., ping, mtace). Ajust the teminal session (e.g., lock the teminal, ajust flo contol). Display iectoy of files kept in flash memoy. Negotiation an encypte ata tanspot via SSL/TLS. Negotiation an encypte ata tanspot via EASY VPN Cypto ice Sevices Duing initial configuation of the oute, the Cypto ice passo (the enable passo) is efine. A Cypto ice can assign pemission to access the Cypto ice ole to aitional accounts, theeby ceating aitional Cypto ices. The Cypto ice ole is esponsible fo the configuation an maintenance of the oute. The Cypto ice sevices consist of the folloing: Configue the oute Define netok intefaces an settings, ceate comman aliases, set Copyight 2007 Cisco Systems, Inc. Page 12 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

13 the potocols the oute ill suppot, enable intefaces an netok sevices, set system ate an time, an loa authentication infomation. Define Rules an Filtes Ceate packet Filtes that ae applie to Use ata steams on each inteface. Each Filte consists of a set of Rules, hich efine a set of packets to pemit o eny base on chaacteistics such as potocol ID, aesses, pots, TCP connection establishment, o packet iection. Vie Status Functions Vie the oute configuation, outing tables, active sessions, use gets to vie SNMP MIB statistics, health, tempeatue, memoy status, voltage, packet statistics, evie accounting logs, an vie physical inteface status. Manage the oute Log off uses, shuton o eloa the oute, ease the flash memoy, manually back up oute configuations, vie complete configuations, manage use ights, an estoe oute configuations. Set Encyption/Bypass Set up the configuation tables fo IP tunneling. Set peshae keys an algoithms to be use fo each IP ange o allo plaintext packets to be set fom specifie IP aess. Bypass Moe The outes implement an altenating bypass capability, in hich some connections may be cyptogaphically authenticate an encypte hile othes may not. To inepenent intenal actions ae equie in oe to tansition into each bypass state: Fist, the bypass state must be configue by the Cypto ice using match aess <ACL-name>" sub-comman une cypto map hich efines hat taffic is encypte. Secon, the moule must eceive a packet that is estine fo an IP that is not configue to eceive encypte ata. The configuation table uses an eo etection coe to etect integity failues, an if an integity eo is etecte, the moule ill ente an eo state in hich no packets ae oute. Theefoe, a single eo in the configuation table cannot cause plaintext to be tansmitte to an IP aess fo hich it shoul be encypte Unauthenticate Sevices The sevices available to unauthenticate uses ae: Vieing the status output fom the moule s LEDs Poeing the moule on an off using the poe sitch Sening packets in bypass Stength of Authentication The secuity policy stipulates that all use passos must be 8 alphanumeic chaactes, so the passo space is 2.8 tillion possible passos. The possibility of anomly guessing a Copyight 2007 Cisco Systems, Inc. Page 13 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

14 passo is thus fa less than one in one million. To excee a one in 100,000 pobability of a successful anom passo guess in one minute, an attacke oul have to be capable of 28 million passo attempts pe minute, hich fa excees the opeational capabilities of the moule to suppot. When using RSA base authentication, RSA key pai has moulus size of 1024 bit to 2048 bit, thus poviing beteen 80 bits an 112 bits of stength. Assuming the lo en of that ange, an attacke oul have a 1 in 280 chance of anomly obtaining the key, hich is much stonge than the one in a million chance equie by FIPS To excee a one in 100,000 pobability of a successful anom key guess in one minute, an attacke oul have to be capable of appoximately 1.8x1021 attempts pe minute, hich fa excees the opeational capabilities of the moules to suppot. When using peshae key base authentication, the secuity policy stipulates that all peshae keys must be 8 alphanumeic chaactes, so the key space is 2.8 tillion possible combinations. The possibility of anomly guessing this is thus fa less than one in one million. To excee a one in 100,000 pobability of a successful anom guess in one minute, an attacke oul have to be capable of 28 million attempts pe minute, hich fa excees the opeational capabilities of the moule to suppot. 2.4 Physical Secuity The oute is entiely encase by a metal, opaque case. The ea of the unit contains HWIC/WIC/VIC connectos, LAN connectos, a CF ive, poe connecto, console connecto, auxiliay connecto, USB pot, an fast Ethenet connectos. The font of the unit contains the system status an activity LEDs. The top, sie, an font potion of the chassis can be emove to allo access to the motheboa, memoy, AIM slot, an expansion slots. The Cisco 2811 an 2821 outes equie that a special opacity shiel be installe ove the sie ai vents in oe to opeate in FIPS-appove moe. The shiel eceases the suface aea of the vent holes, eucing visibility ithin the cyptogaphic bounay to FIPS-appove specifications. Install the opacity plates as specifie in the pictues belo: Copyight 2007 Cisco Systems, Inc. Page 14 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

15 Figue Opacity Shiels Figue opacity shiel placement Once the oute has been configue in to meet FIPS Level 2 equiements, the oute cannot be accesse ithout signs of tampeing. To seal the system, apply seialize tampeevience labels as follos: Fo Cisco 2811: Copyight 2007 Cisco Systems, Inc. Page 15 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

16 1. Clean the cove of any gease, it, o oil befoe applying the tampe evience labels. Alcohol-base cleaning pas ae ecommene fo this pupose. The tempeatue of the oute shoul be above 10 C. 2. The tampe evience label shoul be place so that one half of the label coves the font panel an the othe half coves the enclosue. 3. The tampe evience label shoul be place ove the CF ca in the slot so that any attempt to emove the ca ill sho sign of tampeing. 4. The tampe evience label shoul be place so that the one half of the label coves the enclosue an the othe half coves the pot aapte slot. 5. The tampe evience label shoul be place so that the one half of the label coves the enclosue an the othe half coves the ea panel. 6. Place tampe evient labels on the opacity shiel as shon in Figue The labels completely cue ithin five minutes. Figues 9, 10 an 11 sho the aitional tampe evience label placements fo the Figue Tampe Evient Label Placement (Back Vie) Figue Tampe Evient Label Placement (Font Vie) Copyight 2007 Cisco Systems, Inc. Page 16 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

17 Figue Tampe Evient Label Placement on the Opacity Shiel Fo Cisco 2821: 1. Clean the cove of any gease, it, o oil befoe applying the tampe evience labels. Alcohol-base cleaning pas ae ecommene fo this pupose. The tempeatue of the oute shoul be above 10 C. 2. The tampe evience label shoul be place so that one half of the label coves the font panel an the othe half coves the enclosue. 3. The tampe evience label shoul be place ove the CF ca in the slot so that any attempt to emove the ca ill sho sign of tampeing. 4. The tampe evience label shoul be place so that the one half of the label coves the enclosue an the othe half coves the pot aapte slot. 5. The tampe evience label shoul be place so that the one half of the label coves the enclosue an the othe half coves the ea panel. 6. Place tampe evient labels on the opacity shiel as shon in Figue The labels completely cue ithin five minutes. Figues 12, 13 an 14 sho the aitional tampe evience label placements fo the Copyight 2007 Cisco Systems, Inc. Page 17 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

18 Figue 12 Cisco 2821 Tampe Evient Label Placement (Back Vie) Figue 13 Cisco 2821 Tampe Evient Label Placement (Font Vie) Figue 14 Cisco 2821 Tampe Evient Label Placement on the Opacity Shiel Copyight 2007 Cisco Systems, Inc. Page 18 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

19 The tampe evience seals ae pouce fom a special thin gauge vinyl ith self-ahesive backing. Any attempt to open the oute ill amage the tampe evience seals o the mateial of the moule cove. Since the tampe evience seals have non-epeate seial numbes, they can be inspecte fo amage an compae against the applie seial numbes to veify that the moule has not been tampee. Tampe evience seals can also be inspecte fo signs of tampeing, hich inclue the folloing: cule cones, bubbling, cinkling, ips, teas, an slices. The o OPEN may appea if the label as peele back. 2.5 Cyptogaphic Key Management The oute secuely aministes both cyptogaphic keys an othe citical secuity paametes such as passos. The tampe evience seals povie physical potection fo all keys. All keys ae also potecte by the passo-potection on the Cypto ice ole login, an can be zeoize by the Cypto ice. All zeoization consists of oveiting the memoy that stoe the key. Keys ae exchange an entee electonically o via Intenet Key Exchange (IKE) o SSL hanshake potocols. The outes suppot the folloing FIPS-2 appove algoithm implementations: Algoithm Algoithm Cetificate Numbe Softae (IOS) Implementations AES 795 Tiple-DES 683 SHA-1, SHA-256, SHA HMAC-SHA X9.31 PRNG 456 RSA 379 Onboa NetGX Implementations AES 265 Tiple-DES 347 SHA HMAC-SHA-1 77 AIM Moule Implementations AES 173 Tiple-DES 275 SHA HMAC-SHA-1 39 X9.31 PRNG 83 RSA 382 The oute is in the appove moe of opeation only hen FIPS appove algoithms ae use (except DH an RSA key apping hich ae alloe fo use in FIPS appove moe fo key establishment). The folloing ae not FIPS appove algoithms: RC4, MD5, HMAC- MD5, RSA key apping an DH. DH an RSA key apping ae alloe fo use in key establishment. Copyight 2007 Cisco Systems, Inc. Page 19 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

20 Note: The moule suppots DH key sizes of 1024 an 1536 bits an RSA key sizes of 1024, 1536 an 2048 bits. Theefoe, the Diffie Hellmann Key ageement, key establishment methoology povies beteen 80-bits an 96-bits of encyption stength pe NIST RSA Key apping, key establishment methoology povies beteen 80-bits an 112-bits of encyption stength pe NIST The moule contains a HiFn 7855 cyptogaphic acceleato chip, integate in the AIM ca. Unless the AIM ca is isable by the Cypto ice ith the no cypto engine aim comman, the HiFn 7855 povies AES (128-bit, 192-bit, an 256-bit), an Tiple-DES (168-bit) encyption/ecyption; MD5 an SHA-1 hashing; an haae suppot fo DH, X9.31 RNG, RSA encyption, an RSA signatue/veification. The moule suppots thee types of key management schemes: 1. Pe-shae key exchange via electonic key enty. Tiple-DES/AES key an HMAC- SHA-1 key ae exchange an entee electonically. 2. Intenet Key Exchange metho ith suppot fo pe-shae keys exchange an entee electonically. The pe-shae keys ae use ith Diffie-Hellman key ageement technique to eive Tiple-DES o AES keys. The pe-shae key is also use to eive HMAC-SHA-1 key. 3. RSA igital signatues base authentication is use fo IKE, ith Diffie-Hellman Key ageement technique to eive AES o Tiple-DES keys. 4. RSA encypte nonces base authentication is use fo IKE, ith Diffie-Hellman Key ageement technique to eive AES o Tiple-DES keys. 5. RSA key tanspot is use to eive the Tiple-DES o AES keys uing SSLv3.1/TLS hanshake. The moule suppots commecially available Diffie-Hellman an RSA key tanspot fo key establishment. All pe-shae keys ae associate ith the CO ole that ceate the keys, an the CO ole is potecte by a passo. Theefoe, the CO passo is associate ith all the pe-shae keys. The Cypto ice nees to be authenticate to stoe keys. All Diffie-Hellman (DH) keys agee upon fo iniviual tunnels ae iectly associate ith that specific tunnel only via the IKE potocol. RSA Public keys ae entee into the moules using igital cetificates hich contain elevant ata such as the name of the public key's one, hich associates the key ith the coect entity. All othe keys ae associate ith the use/ole that entee them. Key Zeoization: Each key can be zeoize by sening the no comman pio to the key function commans. This ill zeoize each key fom the, the unning configuation. Clea Cypto IPSec SA ill zeoize the Tiple-DES/AES session key (hich is eive using the Diffie-Hellman key ageement technique) fom the. This session key is only Copyight 2007 Cisco Systems, Inc. Page 20 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

21 available in the ; theefoe this comman ill completely zeoize this key. The folloing comman ill zeoize the pe-shae keys fom the : no set session-key inboun ah spi hex-key-ata no set session-key outboun ah spi hex-key-ata no set session-key inboun esp spi ciphe hex-key-ata [authenticato hex-key-ata] no set session-key outboun esp spi ciphe hex-key-ata [authenticato hex-key-ata] no cypto isakmp key The unning configuation must be copie to the stat-up configuation in NVRAM in oe to completely zeoize the keys. The RSA keys ae zeoize by issuing the CLI comman cypto key zeoize sa". All SSL/TLS session keys ae zeoize automatically at the en of the SSL/TLS session. The moule suppots the folloing keys an citical secuity paametes (CSPs). Key/CSP Algoithm Desciption Stoage Zeoization Metho Name Location PRNG See X9.31 This is the see fo X9.31 PRNG. This CSP is stoe in an upate peioically afte the Automatically evey 400 bytes, o tun off the oute. geneation of 400 bytes afte this it is eseee ith oute-eive entopy; hence, it is zeoize peioically. Also, the opeato can tun off the oute to zeoize this CSP. PRNG See Key X9.31 This is the sse key fo X9.31 PRNG. Tun off the oute. Diffie Hellman pivate exponent Diffie Hellman public key DH DH The pivate exponent use in Diffie-Hellman (DH) exchange as pat of IKE. Zeoize afte DH shae secet has been geneate. The public key use in Diffie- Hellman (DH) exchange as pat of IKE. Zeoize afte the DH shae secet has been geneate. skeyi Keye SHA-1 Value eive fom the shae secet ithin IKE exchange. Zeoize hen IKE session is teminate. skeyi_ Keye SHA-1 The IKE key eivation key fo non ISAKMP secuity associations. skeyi_a HMAC-SHA-1 The ISAKMP secuity association authentication key. Automatically afte shae secet geneate. Automatically afte shae secet geneate. Automatically afte IKE session teminate. Automatically afte IKE session teminate. Automatically afte IKE session teminate. Copyight 2007 Cisco Systems, Inc. Page 21 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

22 skeyi_e TRIPLE- DES/AES The ISAKMP secuity association encyption key. Automatically afte IKE session teminate. IKE session encypt key TRIPLE- DES/AES The IKE session encypt key. Automatically afte IKE session teminate. IKE session authentication key ISAKMP peshae HMAC-SHA-1 Shae secet The IKE session authentication key. The key use to geneate IKE skeyi uing peshae-key authentication. no cypto isakmp key comman zeoizes it. This key can have to foms base on hethe the key is elate to the hostname o the IP aess. IKE hash key HMAC-SHA-1 This key geneates the IKE shae secet keys. This key is zeoize afte geneating those keys. IKE RSA Authentication pivate Key IKE RSA Authentication Public Key IKE RSA Encypte Nonce Pivate Key IKE RSA Encypte Nonce Public Key IPSec encyption key IPSec authentication key Configuation encyption key Route authentication key 1 RSA RSA RSA RSA DES/TRIPLE- DES/AES HMAC-SHA-1 AES Shae secet RSA pivate key fo IKE authentication. Geneate o entee like any RSA key, set as IKE RSA Authentication Key ith the cypto keying o ca tustpoint comman. RSA public key fo IKE authentication. Geneate o entee like any RSA key, set as IKE RSA Authentication Key ith the cypto keying o ca tustpoint comman. RSA pivate key fo IKE encypte nonces. Geneate like any RSA, ith the usage-keys paamete inclue. RSA public key fo IKE encypte nonces. Geneate like any RSA, ith the usage-keys paamete inclue. The IPSec encyption key. Zeoize hen IPSec session is teminate. The IPSec authentication key. The zeoization is the same as above. The key use to encypt values of the configuation file. This key is zeoize hen the no key configkey is issue. Note that this comman oes not ecypt the configuation file, so zeoize ith cae. This key is use by the oute to authenticate itself to the pee. The oute itself gets the passo (that NVRAM NVRAM NVRAM NVRAM NVRAM NVRAM Automatically afte IKE session teminate. # no cypto isakmp key Automatically afte geneating IKE shae secet keys. # cypto key zeoize sa" # cypto key zeoize sa" # cypto key zeoize sa" # cypto key zeoize sa" # Clea Cypto IPSec SA # Clea Cypto IPSec SA # no key config-key Automatically upon completion of authentication attempt. Copyight 2007 Cisco Systems, Inc. Page 22 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

23 PPP authentication key Route authentication key 2 SSH session key RFC 1334 Shae Secet Vaious symmetic is use as this key) fom the AAA seve an sens it onto the pee. The passo etieve fom the AAA seve is zeoize upon completion of the authentication attempt. The authentication key use in PPP. This key is in the an not zeoize at untime. One can tun off the oute to zeoize this key because it is stoe in. This key is use by the oute to authenticate itself to the pee. The key is ientical to Route authentication key 1 except that it is etieve fom the local atabase (on the oute itself). Issuing the no usename passo zeoizes the passo (that is use as this key) fom the local atabase. This is the SSH session key. It is zeoize hen the SSH session is teminate. Use passo Shae Secet The passo of the Use ole. This passo is zeoize by oveiting it ith a ne passo. Enable passo Shae Secet The plaintext passo of the CO ole. This passo is zeoize by oveiting it ith a ne passo. Enable secet Shae Secet The ciphetext passo of the CO ole. Hoeve, the algoithm use to encypt this passo is not FIPS appove. Theefoe, this passo is consiee plaintext fo FIPS puposes. This passo is zeoize by oveiting it ith a ne passo. RADIUS secet secet_1_0_0 TACACS+ secet TLS seve pivate key TLS seve public key Shae Secet Shae Secet RSA RSA The RADIUS shae secet. This shae secet is zeoize by executing the no aius-seve key comman. The fixe key use in Cisco veno ID geneation. This key is embee in the moule binay image an can be elete by easing the Flash. The TACACS+ shae secet. This shae secet is zeoize by executing the no tacacs-seve key comman. 1024/1536/2048 bit RSA pivate key use fo SSLV3.1/TLS. 1024/1536/2048 bit RSA public key use fo SSLV3.1/TLS. NVRAM NVRAM NVRAM NVRAM NVRAM NVRAM NVRAM NVRAM NVRAM Tun off the oute. # no usename passo Automatically hen SSH session teminate Oveite ith ne passo Oveite ith ne passo Oveite ith ne passo # no aius-seve key Delete by easing the Flash. # no tacacs-seve key # cypto key zeoize sa" # cypto key zeoize sa" Copyight 2007 Cisco Systems, Inc. Page 23 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

24 TLS pemaste secet TLS Encyption Key TLS Integity Key Shae Secet AES/TRIPLE- DES HMAC-SHA-1 Shae Secet ceate using asymmetic cyptogaphy fom hich ne TLS session keys can be ceate Key use to encypt TLS session ata HMAC-SHA-1 use fo TLS ata integity potection Automatically hen TLS session is teminate Automatically hen TLS session is teminate Automatically hen TLS session is teminate Table 5 - Cyptogaphic Keys an CSPs SRDI/Role/Sevice Access Policy ( = ea, = ite, = elete) Roles/Sevice Secuity Relevant Data Item PRNG See PRNG See Key Diffie Hellman pivate exponent Diffie Hellman public key skeyi skeyi_ skeyi_a skeyi_e Use Role Status Functions Netok Functions Teminal Functions Diectoy Sevices SSL-TLS/VPN EASY VPN Cypto ice Role Configue the Route Define Rules an Filtes Status Functions Manage the Route Set Encyption/Bypass Change WAN Inteface Cas Copyight 2007 Cisco Systems, Inc. Page 24 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

25 IKE session encypt key IKE session authentication key ISAKMP peshae IKE hash key IKE RSA Authentication pivate Key IKE RSA Authentication Public Key IKE RSA Encypte Nonce Pivate Key IKE RSA Encypte Nonce Public Key IPSec encyption key IPSec authentication key Configuation encyption key Route authentication key 1 PPP authentication key Route authentication key 2 SSH session key Use passo Enable passo Enable secet Copyight 2007 Cisco Systems, Inc. Page 25 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

26 RADIUS secet secet_1_0_0 TACACS+ secet TLS seve pivate key TLS seve public key TLS pe-maste secet TLS Encyption Key TLS Integity Key Table 6 Role an Sevice Access to CSP 2.6 Self-Tests In oe to pevent any secue ata fom being elease, it is impotant to test the cyptogaphic components of a secuity moule to insue all components ae functioning coectly. The oute inclues an aay of self-tests that ae un uing statup an peioically uing opeations. All self-tests ae implemente by the softae. An example of self-tests un at poe-up is a cyptogaphic knon anse test (KAT) on each of the FIPS-appove cyptogaphic algoithms an on the Diffie-Hellman algoithm. Examples of tests un peioically o conitionally inclue: a bypass moe test pefome conitionally pio to executing IPSec, an a continuous anom numbe geneato test. If any of the self-tests fail, the oute tansitions into an eo state. In the eo state, all secue ata tansmission is halte an the oute outputs status infomation inicating the failue. Examples of the eos that cause the system to tansition to an eo state: IOS image integity checksum faile Micopocesso oveheats an buns out Knon anse test faile NVRAM moule malfunction. Tempeatue high aning Copyight 2007 Cisco Systems, Inc. Page 26 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

27 2.6.1 Self-tests pefome by the IOS image IOS Self Tests o POST tests AES Knon Anse Test RSA Signatue Knon Anse Test (both signatue/veification) Softae/fimae test Poe up bypass test RNG Knon Anse Test Diffie Hellman test HMAC-SHA-1 Knon Anse Test SHA-1/256/512 Knon Anse Test Tiple-DES Knon Anse Test o Conitional tests Paiise consistency test fo RSA signatue keys Conitional bypass test Continuous anom numbe geneation test fo appove an nonappove RNGs Self-tests pefome by NetGX Chip o POST tests AES Knon Anse Test Tiple-DES Knon Anse Test SHA-1 Knon Anse Test HMAC-SHA-1 Knon Anse Test Self-tests pefome by AIM AIM Self Tests o POST tests AES Knon Anse Test Tiple-DES Knon Anse Test SHA-1 Knon Anse Test HMAC-SHA-1 Knon Anse Test RNG Knon Anse Test Fimae integity test Diffie Hellman Test RSA signatue gen/ve knon anse test o Conitional Tests Paiise consistency test fo RSA signatue keys Continuous RNG test fo the haae RNG Copyight 2007 Cisco Systems, Inc. Page 27 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

28 3 Secue Opeation of the Cisco 2811 o 2821 oute The Cisco 2811 an 2821 outes meet all the Level 2 equiements fo FIPS Follo the instuctions povie belo to place the moule in its FIPS-appove moe. Opeating this oute ithout maintaining the folloing settings ill emove the moule fom its FIPS appove moe of opeation. 3.1 Initial Setup 1. The Cypto ice must apply tampe evience labels as escibe in Section 2.4 of this ocument. 2. The Cypto ice must isable IOS Passo Recovey by executing the folloing commans: configue teminal no sevice passo-ecovey en sho vesion NOTE: Once Passo Recovey is isable, aministative access to the moule ithout the passo ill not be possible. 3.2 System Initialization an Configuation 1. The Cypto ice must pefom the initial configuation. IOS vesion IOS 12.4 (15) T3, Avance Secuity buil (avsecuity) is the only alloable image; no othe image shoul be loae. 2. The value of the boot fiel must be 0x0102. This setting isables beak fom the console to the ROM monito an automatically boots the IOS image. Fom the configue teminal comman line, the Cypto ice entes the folloing syntax: config-egiste 0x The Cypto ice must ceate the enable passo fo the Cypto ice ole. The passo must be at least 8 chaactes (all igits; all loe an uppe case lettes; an all special chaactes except? ae accepte) an is entee hen the Cypto ice fist engages the enable comman. The Cypto ice entes the folloing syntax at the # pompt: enable secet [PASSWORD] 4. The Cypto ice must alays assign passos (of at least 8 chaactes) to uses. Ientification an authentication on the console pot is equie fo Uses. Fom the configue teminal comman line, the Cypto ice entes the folloing syntax: line con 0 passo [PASSWORD] login local 5. RADIUS an TACACS+ shae secet key sizes must be at least 8 chaactes long. Copyight 2007 Cisco Systems, Inc. Page 28 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

29 3.3 IPSec Requiements an Cyptogaphic Algoithms 1. The only type of key management that is alloe in FIPS moe is Intenet Key Exchange (IKE). 2. Although the IOS an AIM implementation of IKE allos a numbe of algoithms, only the folloing algoithms ae alloe in a FIPS configuation: ah-sha-hmac esp-sha-hmac esp-tiple-des esp-aes 3. The folloing algoithms ae not FIPS appove an shoul not be use uing FIPSappove moe: DES MD-5 fo signing MD-5 HMAC 3.4 SSLv3.1/TLS Requiements an Cyptogaphic Algoithms When negotiating SSLv3.1/TLS ciphe suites, only FIPS appove algoithms must be specifie. All othe vesions of SSL except vesion 3.1 must not be use in FIPS moe of opeation The folloing algoithms ae not FIPS appove an shoul not be use in the FIPSappove moe: MD5 RC4 RC2 DES 3.5 Potocols 1. SNMP v3 ove a secue IPSec tunnel may be employe fo authenticate, secue SNMP gets an sets. Since SNMP v2c uses community stings fo authentication, only gets ae alloe une SNMP v2c. 3.6 Remote Access 1. Telnet access to the moule is only alloe via a secue IPSec tunnel beteen the emote system an the moule. The Cypto office must configue the moule so that any emote connections via telnet ae secue though IPSec, using FIPS-appove algoithms. Note that all uses must still authenticate afte emote access is gante. 2. SSH access to the moule is only alloe if SSH is configue to use a FIPS-appove Copyight 2007 Cisco Systems, Inc. Page 29 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

30 algoithm. The Cypto office must configue the moule so that SSH uses only FIPSappove algoithms. Note that all uses must still authenticate afte emote access is gante. Copyight 2007 Cisco Systems, Inc. Page 30 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.

31 CISCO EDITOR S NOTE: You may no inclue all stana Cisco infomation inclue in all ocumentation pouce by Cisco. Be sue that the folloing line is in the legal statements at the en of the ocument: By pinting o making a copy of this ocument, the use agees to use this infomation fo pouct evaluation puposes only. Sale of this infomation in hole o in pat is not authoize by Cisco Systems. Copyight 2007 Cisco Systems, Inc. Page 31 of 31 This ocument may be feely epouce an istibute hole an intact incluing this Copyight Notice.