USB etoken and USB Flash Features Support



Similar documents
ipad in Business Security

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

Cisco Group Encrypted Transport VPN: Tunnel-less VPN Delivering Encryption and Authentication for the WAN

Ensuring the security of your mobile business intelligence

L2F Case Study Overview

Cisco ASR 1000 Series Aggregation Services Routers

Cisco Software Activation: Channel Partners Guidelines for Managing Software Activation

VPN Solutions FAQ North America International Germany Benelux France Spain Israel Asia Pacific Japan

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Cisco ubr7200-npe-g2 Network Processing Engine

Cisco ASA. Administrators

Cisco 2600 Series Modular Access Routers

Cisco VPN Concentrator Implementation Guide

USB Secure Management for ProCurve Switches

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

iphone in Business Security Overview

Digi Connect Wan 3G Application Guide Update the firmware, backup and restore the configuration of a Digi Connect Wan 3G using a USB flash drive.

Cisco Wide Area Application Engine

Deploying iphone and ipad Security Overview

Cisco Nexus 7000 Series Supervisor Module

How Do I Upgrade Firmware and Save Configurations on PowerConnect Switches?

Cisco SR 520-T1 Secure Router

Cisco Router and Security Device Manager (SDM)

iphone in Business How-To Setup Guide for Users

Cisco Virtual Office Express

Using Entrust certificates with VPN

Yale Software Library

TABLE OF CONTENTS NETWORK SECURITY 2...1

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Case Study for Layer 3 Authentication and Encryption

Ensuring the security of your mobile business intelligence

Implementing Cisco IOS Network Security v2.0 (IINS)

Digital Signature Certificate Online Enrollment Guide using etoken

Quick Note 038. Upgrade Software options and/or VPN Licenses on a Digi Transport router.

Connecting to the Firewall Services Module and Managing the Configuration

Cisco WAE Deployed with Cisco ACNS: Product Function Matrix. Two 10/100/1000BASE-T. Two 10/100/1000BASE- T

NATIONAL SECURITY AGENCY Ft. George G. Meade, MD

Implementing Core Cisco ASA Security (SASAC)

Cisco ASR 1000 Series Aggregation Services Routers Ordering Guide

The Trivial Cisco IP Phones Compromise

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

Cisco Virtual Office: Flexibility and Productivity for Your Workforce

Cisco IP Solution Center MPLS VPN Management 5.0

Configuring the CyberData VoIP 4-Port Zone Controller with Audio Out

Cisco Security Bundles

APC Enterprise KVM Switches

Business VoIP Solution Training 04/2009

Com.X IP PBX The complete communications solution in a box

FortiOS Handbook - Hardening your FortiGate VERSION 5.2.3

The Cisco ASA 5500 as a Superior Firewall Solution

enetworks TM Using the Syslog Feature C.1 Configuring the Syslog Feature

USB Disable for Cisco ISRs Feature Module

iphone in Business How-To Setup Guide for Users

crypto key generate rsa

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

CiscoWorks Resource Manager Essentials 4.1

Upgrading to the Cisco ubr7246vxr Universal Broadband Router

Cisco Cisco 3845 X X X X X X X X X X X X X X X X X X

QuickSpecs. Models HP MSR Open Application Platform (OAP) with VMware vsphere MIM Module

Out-of-Band Management: the Integrated Approach to Remote IT Infrastructure Management

SharePlus Enterprise: Security White Paper

Defender EAP Agent Installation and Configuration Guide

Read Me First for the HP ProCurve Routing Switch 9304M and Routing Switch 9308M

Cisco Router and Switch Security Bundles

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Configuring a BANDIT Product for Virtual Private Networks

Management of VMware ESXi. on HP ProLiant Servers

Cisco Security Bundles

Copyright Giritech A/S. Secure Mobile Access

Cisco 7940 How To. (c) Bicom Systems

Cisco Wide Area Virtualization Engine

Digital Signature Certificate Online Enrollment Guide using etoken Pro 72K (Java)

Cisco IOS SSL VPN: Router-Based Remote Access for Employees and Partners

Hills Professional Series NVRs and Cameras

Feature and Technical

CCNA Security v1.0 Scope and Sequence

Allworx Installation Course

Introducing etoken. What is etoken?

Teleworker User Guide

Pre-lab and In-class Laboratory Exercise 10 (L10)

Cisco 4000 Integrated Services Router Family

BorderGuard Client. Version 4.4. November 2013

FWSM introduction Intro 5/1

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

MIGRATION GUIDE. Authentication Server

Cisco WAAS Express. Product Overview. Cisco WAAS Express Benefits. The Cisco WAAS Express Advantage

Cisco 1600 Series Modular Desktop Access Routers

VMware Horizon View for SMS PASSCODE SMS PASSCODE 2014

ION Networks. White Paper

RSA SecurID Ready Implementation Guide

ACCREDITED SOLUTION. EXPLORER Cisco Systems VPN Client

Network Services Internet VPN

Converting SSG 300M-series and SSG 500M-series Security Devices to J-series Services Routers with a USB Storage Device

Cisco Router and Security Device Manager USB Storage

Two factor strong authentication. Complex solution for two factor strong authentication

- Introduction to PIX/ASA Firewalls -

Administering the Network Analysis Module. Cisco IOS Software. Logging In to the NAM with Cisco IOS Software CHAPTER

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

Transcription:

USB etoken and USB Flash Features Support USB etoken and USB Flash Features Support Cisco Integrated Services Routers provide secure, wire-speed delivery of concurrent data, voice, and video services (Figure 1). The routers Universal Serial Bus (USB) ports enable important security, and provisioning capabilities, including secure device authentication, storage of removable credentials for establishing secure VPN connections, secure distribution of configuration files, bulk Flash storage for files and configuration, and booting from USB. Figure 1. Cisco 800, 1800, 2800 and 3800 Series Integrated Services Routers, and Cisco 7200 VXR Series Services Aggregation Routers One of the many architectural enhancements specific to the next-generation integrated services routers as well as the Cisco 7200 VXR Series Services Aggregation Routers is the integration of USB ports. Two new features are available to take advantage of these USB ports-usb etoken support and USB Flash support. A USB is a low-cost, bidirectional, dynamically attachable serial interface. The USB versions supported are: USB 1.1 on the Cisco 1841, 2800 Series, and 3800 Series routers, and Cisco 7200 VXR Series routers (with NPE-G2) USB 2.0 on the Cisco 871, 1811, 1812, and Cisco 7200 VXR Series routers (with the Network Processing Engine NPE-G2) The new etoken and USB Flash features are supported on all routers that have built-in USB ports. This includes Cisco 871, 1811, 1812, and 1841 routers, as well as the Cisco 2800 Series and Cisco 3800 Series integrated services routers and Cisco 7200 VXR Series routers (with NPE-G2). The USB etoken and Flash features provide Cisco routers with built-in USB ports to support etokens and USB Flash memory. The USB etoken feature provides secure configuration distribution and allows users to store VPN credentials for deployment. The etokens are supplied by Aladdin Knowledge Systems and can be ordered by going to http://www.aladdin.com/etoken/cisco. The USB Flash feature allows users to store images and All contents are Copyright 1992 2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 5

configurations, and boot images directly via USB Flash memory. USB Flash memory can be ordered from Cisco Systems (Table 1). USB etoken Feature The USB etoken feature enables device authentication and simplifies the deployment and secure configuration of Cisco routers. It uses smart card technology in a USB form factor to facilitate the authentication and configuration process. The token provides secure access to the router-the token and a PIN are necessary to access the configuration, keys, and credentials. The token can also be used to securely provide the configuration to the router, because the configuration can be encrypted on the token. Figure 2. Cisco 2851 Integrated Services Router with Two USB Ports; Aladdin Knowledge System etoken The USB etoken can be used to store files. Any kind of files that need to be securely stored and that can fit on the etoken can be stored. The etoken can store X.509 digital certificates as well as configuration files. These files can be transferred from the router to the etoken with a Cisco IOS Software CLI command or by using a GUI-based software application called Token Management System (TMS) available from Aladdin Knowledge Systems. For more information on TMS or for ordering etokens, visit http://www.aladdin.com/etoken/cisco. USB Flash Feature The USB Flash feature provides an optional secondary storage capability and an additional boot device. Images, configurations, or other files can be copied to or from the Cisco USB Flash memory with the same reliability as storing and retrieving files using the Compact Flash card. In addition, modular Integrated Services Routers can boot any Cisco IOS image saved on USB flash. Cisco USB Flash memory is available in 64, 128, and 256 MB sizes. Deployment Applications There are three main application drivers for these features-removable credentials, Flash storage, and touchless or low-touch provisioning applications. Removable Credentials Application This application, meaningful in VPN deployment scenarios, uses the smart card token to store the RSA key pair, one or several root certificates, and configuration for VPN deployment. When inserted into the router, the router will boot from the configuration stored on the token (or from another configuration as per the command-line interface [CLI]). The smart card in the token will use the RSA key pair and root certificates to authenticate one or more IP Security (IPSec) tunnels. The token may contain several root certificates, as a single router may initiate several tunnels to different VPNs. The number of certificates stored may vary by platform (based on role of the All contents are Copyright 1992 2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 5

router). The token keys can also be used to securely provide the configuration to the router, because the configuration can be encrypted on the token key. Since remote devices like routers tend to be deployed in less physically secure areas, there is a greater need to provide additional security. With the removable credentials feature, two-factor authentication can be enforced to provide added security at remote locations. The router at the remote location cannot be deployed unless the following two conditions are met: The smart card must be inserted in the router The user must have entered the PIN for the smart card (if not using the default token PIN). By storing the VPN credentials on the secure etoken, the credentials can easily be removed if the router needs to be redeployed, returned when a lease expires, or returned for repair. Flash Storage Application Customers may deploy configurations and Cisco IOS Software images on USB token Flash devices. These USB Flash drives can be used to store Cisco IOS images, configurations, or any other type of file. While this can be accomplished with Compact Flash devices, the Flash storage feature provides customers with an alternative. Many customers will find the USB form factor to be a preferable deployment media to Compact Flash. USB Flash storage can facilitate Cisco IOS Software distribution. A Cisco IOS image may be downloaded via a PC directly to USB Flash in the PC, then moved to the router. Touchless or Low-Touch Provisioning Application Enterprise customers or service providers can use these USB features to deploy many routers in the network without the need to physically load different configurations to each device prior to shipment and deployment. The routers can also be shipped directly to end users from the factory without any configuration. Both USB features support loading a bootstrap configuration into the etoken or USB Flash. Once connectivity is established at the remote site with the help of boot configuration, either a Cisco Configuration Engine or a Trivial File Transfer Protocol (TFTP) server can be contacted to download a complete configuration. Another value derived from this application is that the task at the remote site can be performed without a high degree of technical knowledge. Cisco IOS Upgrade Customers can now easily upgrade their Cisco IOS images in remote locations, even if they can not download large file over their network. Cisco s USB Flashes are orderable with preloaded Cisco IOS images. Once the USB Flash has been sent to the branch and plugged into the Cisco router, the router is able to reboot from USB Flash and run the newest Cisco IOS image. Feature Benefits etoken USB Feature Removable credentials allow remote provisioning of routers. Security credentials are physically separated from the chassis of the router. The etoken can be used for security purposes that require the user to enter a PIN to access the stored information. This adds to the security of the application because it requires both the smart card itself (something you have) and a password (something you know), providing a two-factor authentication for added security enforcement. This greatly All contents are Copyright 1992 2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 5

reduces the possibility of a third party being able to access the information on the card if it is lost or stolen. All contents are Copyright 1992 2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 5

From a provisioning perspective, customers will see value in being able to order routers directly from Cisco (or a reseller) with a desired Cisco IOS image installed, to have the routers shipped directly to the customer premises, and to provide configuration files in a touchless or low-touch manner by distributing an etoken device. This allows the customer or service provider to use deployment technicians of a lower skill set for router installations. USB Flash Feature Customers can store configurations and images on USB token Flash devices. The USB Flash drive provides an alternative mechanism to Compact Flash for storing files and images. As for Compact Flash, it is possible to boot any Cisco IOS image from USB Flash. Since the USB form factor is ubiquitous, customers can see value in using such a device over a Compact Flash. Customer can order the Cisco USB Flash with pre-loaded Cisco IOS images. The USB etoken and USB Flash features are supported in the following Cisco IOS Software Releases: For the Integrated Services Routers Cisco 871, 1811/1812, 1841, 2800, 3800: As of 12.3(14)T For the Cisco 7200 VXR Services Aggregation Routers: With NPE-G2 as of 12.4(4)XD (in the future: also in 12.4T and 12.2SB) For more details on USB etoken and USB Flash features, please go to the link below: http://www.cisco.com/go/usb Ordering Information The USB etoken is supplied by Aladdin Knowledge Systems. To order etokens or for more information, please contact Aladdin Knowledge Systems at http://www.aladdin.com/etoken/cisco. The USB Flash tokens are available in 64 MB, 128 MB, and 256 MB sizes. Table 1 lists the part numbers for ordering. Table 1. USB Flash Memory Part Numbers Part Number MEMUSB-64FT MEMUSB-64FT= MEMUSB-128FT MEMUSB-128FT= MEMUSB-256FT MEMUSB-256FT= Description 64 MB USB Flash 64 MB USB Flash (spare) 128 MB USB Flash 128 MB USB Flash (spare) 256 MB USB Flash 256 MB USB Flash (spare) All contents are Copyright 1992 2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 5

Service and Support Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco Services, see Cisco Technical Support Services or Cisco Advanced Services. For More Information For more information about the Cisco ISRs and USB Options, visit http://www.cisco.com/go/isr or contact your local account representative. Printed in USA C78-386269-00 12/06 All contents are Copyright 1992 2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information