Cisco 2811 and Cisco 2821 Integrated Services Router FIPS 140-2 Non Proprietary Security Policy

Cisco 2811 an Cisco 2821 Integrate Services Router FIPS 140-2 Non Proprietary Security Policy Level 2 Valiation Version 1.3 November 23, 2005 Introuction This ocument is the non-proprietary Cryptographic Moule Security Policy for the Cisco 2811 an Cisco 2821 Integrate Services Router ithout an AIM car installe. This security policy escribes ho the Cisco 2811 an Cisco 2821 Integrate Services Router (Harare Version: 2811 or 2821; Firmare Version: 12.3(11)T03) meet the security requirements of FIPS 140-2, an ho to operate the router enable in a secure FIPS 140-2 moe. This policy as prepare aspart of the Level 2 FIPS 140-2 valiation of the Cisco 2811 or Cisco 2821 Integrate Services Router. FIPS 140-2 (Feeral Information Processing Stanars Publication 140-2 Security Requirements for Cryptographic Moules) etails the U.S. Government requirements for cryptographic moules. More information about the FIPS 140-2 stanar an valiation program is available on the NIST ebsite at http://csrc.nist.gov/cryptval/. This ocument contains the folloing sections: Introuction, page 1 Cisco 2811 an Cisco 2821 Routers, page 2 Secure Operation of the Cisco 2811 or Cisco 2821 router, page 22 Relate Documentation, page 23 Obtaining Documentation, page 24 Documentation Feeback, page 25 Cisco Prouct Security Overvie, page 25 Obtaining Technical Assistance, page 26 Corporate Heaquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA 2005 Cisco Systems, Inc. All rights reserve.

Cisco 2811 an Cisco 2821 Routers Obtaining Aitional Publications an Information, page 27 References This ocument eals only ith operations an capabilities of the Cisco 2811 an Cisco 2821 routers in the technical terms of a FIPS 140-2 cryptographic moule security policy. More information is available on the routers from the folloing sources: The Cisco Systems ebsite contains information on the full line of Cisco Systems routers. Please refer to the folloing ebsite: http://.cisco.com/en/us/proucts/h/routers/inex.html For ansers to technical or sales relate questions please refer to the contacts liste on the Cisco Systems ebsite at.cisco.com. The NIST Valiate Moules ebsite (http://csrc.nist.gov/cryptval) contains contact information for ansers to technical or sales-relate questions for the moule. Terminology In this ocument, the Cisco 2811 or Cisco 2821 routers are referre to as the router, the moule, or the system. Document Organization The Security Policy ocument is part of the FIPS 140-2 Submission Package. In aition to this ocument, the Submission Package contains: Venor Evience ocument Finite State Machine Other supporting ocumentation as aitional references This ocument provies an overvie of the routers an explains their secure configuration an operation. This introuction section is folloe by the Cisco 2811 an Cisco 2821 Routers section on page 2, hich etails the general features an functionality of the router. The Secure Operation of the Cisco 2811 or Cisco 2821 router section on page 22 specifically aresses the require configuration for the FIPS-moe of operation. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Valiation Submission Documentation is Cisco-proprietary an is releasable only uner appropriate non-isclosure agreements. For access to these ocuments, please contact Cisco Systems. Cisco 2811 an Cisco 2821 Routers Branch office netorking requirements are ramatically evolving, riven by eb an e-commerce applications to enhance prouctivity an merging the voice an ata infrastructure to reuce costs. The Cisco 2811 an Cisco 2821 routers provie a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements. This section escribes the general features an functionality provie by the routers. The folloing subsections escribe the physical characteristics of the routers. 2

Do Not Remove During Netork Operation OPTIONAL RPS INPUT 12V 11A -48V 4A 100-240 V~ 4A 50/60 Hz Cisco 2811 an Cisco 2821 Routers The Cisco 2811 Cryptographic Moule Physical Characteristics Figure 1 The Cisco 2811 router case SYS PWR AUX/ SYS PWR ACT CF COMPACT FLASH 1 CONSOLE 0 AUX 95902 The Cisco 2811 router is a multiple-chip stanalone cryptographic moule. The router has a processing spee of 350MHz. Depening on configuration, either the internal NetGX chip or the IOS softare is use for cryptographic operations. The cryptographic bounary of the moule is the evice's case. All of the functionality iscusse in this ocument is provie by components ithin this cryptographic bounary. The interface for the router is locate on the rear an front panels as shon in Figure 2 an Figure 3, respectively. Figure 2 Cisco 2811 Front Panel Physical Interfaces 7 6 5 4 3 2 1 CONSOLE OPTIONAL RPS INPUT SYS PWR AUX/ PWR SYS 1 ACT CF 100-240 V~ 2A COMPACT FLASH AUX 50/60 Hz 0 12V 11A Do Not Remove During Netork Operation 95551 Figure 3 Cisco 2811 Rear Panel Physical Interfaces 8 7 6 1 1 H W I C 3 H W I C 1 H W I C 2 H W I C 0 A F S L A= ACT S= SPEED FE 0/1 A= FDX A= LINK FE 0/0 PVDM1 PVDM0 AIM1 AIM0 A F S L 5 4 3 2 95556 The Cisco 2811 router features a console port, an auxiliary port, to Universal Serial Bus (USB) ports, four high-spee WAN interface car (HWIC) slots, to10/100 Gigabit Ethernet RJ45 ports, an Enhance Netork Moule (ENM) slot, an a Compact Flash (CF) rive. The Cisco 2811 router supports one single-ith netork moule, four single-ith or to ouble-ith HWICs, to internal avance integration moules (AIMs) 1, to internal packet voice ata moules (PVDMs), to fast Ethernet connections, an 16 ports of IP phone poer output. The Figure 2 shos the front panel an Figure 3 3

Cisco 2811 an Cisco 2821 Routers shos the rear panel. The front panel contains 4 LEDs that output status ata about the system poer, auxiliary poer, system activity, an compact flash busy status. The back panel consists of 12 LEDs: to Ethernet activity LEDs, to uplex LEDs, to spee LEDs, to link LEDs, to PVDM LEDs, an to AIM LEDs. The front panel contains the folloing: (1) Poer inlet (2) Poer sitch (3) Optional RPS input (4) Console an auxiliary ports (5) USB ports (6) CF rive (7) LEDs escribe in table 1. The back panel contains the folloing: (1) Groun connector (2) an (3) Ethernet ports an LEDs (4)-(7) HWIC slots (8) ENM slot. Table 1 an Table 2 provie more etaile information conveye by the LEDs on the front an rear panel of the router: Table 1 Cisco 2811 Front Panel Inicators Name State Description System Poer Off Blinking Green Soli Green Soli Orange Poer off ROMMON moe Operating normally System Error Detecte Auxiliary Poer Off Soli Green Soli Orange -48V PS an RPS not present -48V PS or RPS present an functional -48V PS or RPS present an failure etecte Activity Off Blinking Green Soli Green No interrupts or packet transfer occurring System is servicing interrupts System is actively transferring packets Compact Flash Off Soli Green No ongoing accesses, eject permitte Device is busy, o not eject 1. Hoever, an AIM moule may not be installe in accorance ith this security policy. There is a separate security policy covering the Cisco 2811 an Cisco 2821 routers ith AIM moule installe. 4

Cisco 2811 an Cisco 2821 Routers Table 2 Cisco 2811 Rear Panel Inicators Name State Description PVDM1 Off Soli Green Soli Orange PVDM1 not installe PVDM1 installe an initialize PVDM1 installe an initialize error PVDM0 Off Soli Green Soli Orange PVDM0 not installe PVDM0 installe an initialize PVDM0 installe an initialize error AIM1 Off Soli Green Soli Orange AIM1 not installe AIM1 installe an initialize AIM1 installe an initialize error AIM0 Off Soli Green Soli Orange AIM0 not installe AIM0 installe an initialize AIM0 installe an initialize error Table 3 escribes the meaning of Ethernet LEDs on the rear panel: Table 3 Cisco 2811 Ethernet Inicators Name State Description Activity Off Not receiving packets Duplex Spee Link Soli/Blinking Green Off Soli Green One Blink Green To Blink Green Off Soli Green Receiving packets Half-Duplex Full-Duplex 10 Mbps 100 Mbps No link establishe Ethernet link is establishe The physical interfaces are separate into the logical interfaces from FIPS 140-2 as escribe in the Table 4: 5

Cisco 2811 an Cisco 2821 Routers Table 4 Cisco 2811 FIPS 140-2 Logical Interfaces Router Physical Interface 10/100 Ethernet LAN Ports HWIC Ports Console Port Auxiliary Port ENM Slot 10/100 Ethernet LAN Ports HWIC Ports Console Port Auxiliary Port ENM Slot 10/100 Ethernet LAN Ports HWIC Ports Poer Sitch Console Port Auxiliary Port ENM Slot 10/100 Ethernet LAN Port LEDs AIM LEDs PVDM LEDs Poer LED Activity LEDs Auxiliary LED Compact Flash LED Console Port Auxiliary Port Main Poer Plug Reunant Poer Supply Plug FIPS 140-2 Logical Interface Data Input Interface Data Output Interface Control Input Interface Status Output Interface Poer Interface There are to USB ports but they are not supporte currently. The ports ill be supporte in the future for smartcar or token reaer. The CF car that store the IOS image is consiere an internal memory moule, because the IOS image store in the car may not be moifie or upgrae. The car itself must never be remove from the rive. Tamper evient seal ill be place over the car in the rive. 6

OPTIONAL RPS INPUT 12V 11A -48V 4A SYS AUX/ SYS PWR PWR ACT CF Do Not Remove During Netork Operation 100-240 V~ 4A 50/60 Hz Cisco 2811 an Cisco 2821 Routers The Cisco 2821 Cryptographic Moule Physical Characteristics Figure 4 The Cisco 2821 router case COMPACT FLASH 1 CONSOLE 0 AUX 95903 The Cisco 2821 router a multiple-chip stanalone cryptographic moule. The router has a processing spee of 350MHz. Depening on configuration, either the internal NetGX chip or the IOS softare is use for cryptographic operations. The cryptographic bounary of the moule is the evice's case. All of the functionality iscusse in this ocument is provie by components ithin this cryptographic bounary. The interfaces for the router are locate on the front an rear panel as shon in Figure 5an Figure 6, respectively. Figure 5 Cisco 2821 Front Panel Physical Interfaces 7 6 5 4 3 2 1 CONSOLE SYS PWR AUX/ PWR SYS ACT CF COMPACT FLASH 1 0 AUX Do Not Remove During Netork Operation OPTIONAL RPS INPUT 100-240 V~ 3A 50/60 Hz 12V 18A 95553 7

Cisco 2811 an Cisco 2821 Routers Figure 6 Cisco 2821 Rear Panel Physical Interfaces 2 1 6 4 5 3 7 A= ACT A= FDX S= SPEED A= LINK A GE 0/1 GE 0/0 A F F S S L L EVM 2 ONLY PVDM2 PVDM1 PVDM0 AIM1 AIM0 1 95572 8 9 The Cisco 2821 router features a console port, an auxiliary port, to Universal Serial Bus (USB) ports, four high-spee WAN interface car (HWIC) slots, to10/100 Gigabit Ethernet RJ45 ports, a Enhance Netork Moule (ENM) slot, a Voice Netork Moule (VeNoM) slot, an a Compact Flash (CF) rive. The Cisco 2821 router supports one single-ith netork moule, four single-ith or to ouble-ith HWICs, to internal avance integration moules (AIMs) 1, three internal packet voice ata moules (PVDMs), to fast Ethernet connections, an 16 ports of IP phone poer output. The Figure 5 shos the front panel an Figure 6 shos the rear panel. The front panel contains 4 LEDs that output status ata about the system poer, auxiliary poer, system activity, an compact flash busy status. The back panel consists of 13 LEDs: to Ethernet activity LEDs, to uplex LEDs, to spee LEDs, to link LEDs, three PVDM LEDs, an to AIM LEDs. The front panel contains the folloing: (1) Poer inlet (2) Poer sitch (3) Console an auxiliary ports (4) USB ports (5) CF rive (6) LEDs escribe in table 1. (7) Optional RPS input The back panel contains the folloing: (1) GE 0 port (2) GE 1 port (3) HWIC 0 slot (4) HWIC 1 slot (5) HWIC 2 slot (6) HWIC 3 slot (7) VeNoM slot (8) ENM slot (9) Groun connector 1. Hoever, an AIM moule may not be installe in accorance ith this security policy. There is a separate security policy covering the Cisco 2811 an Cisco 2821 routers ith AIM moule installe. 8

Cisco 2811 an Cisco 2821 Routers Table 5 an Table 6 provie more etaile information conveye by the LEDs on the front an rear panel of the router: Table 5 Cisco 2821 Front Panel Inicators Name State Description System Poer Off Blinking Green Soli Green Soli Orange Poer off ROMMON moe Operating normally System Error Detecte Auxiliary Poer Off Soli Green Soli Orange -48V PS an RPS not present -48V PS or RPS present an functional -48V PS or RPS present an failure etecte Activity Off Blinking Green Soli Green No interrupts or packet transfer occurring System is servicing interrupts System is actively transferring packets Compact Flash Off Soli Green No ongoing accesses, eject permitte Device is busy, o not eject Table 6 Cisco 2821 Rear Panel Inicators Name State Description PVDM2 Off Soli Green Soli Orange PVDM2 not installe PVDM2 installe an initialize PVDM2 installe an initialize error PVDM1 Off Soli Green Soli Orange PVDM1 not installe PVDM1 installe an initialize PVDM1 installe an initialize error PVDM0 Off Soli Green Soli Orange PVDM0 not installe PVDM0 installe an initialize PVDM0 installe an initialize error AIM1 Off Soli Green Soli Orange AIM1 not installe AIM1 installe an initialize AIM1 installe an initialize error AIM0 Off Soli Green Soli Orange AIM0 not installe AIM0 installe an initialize AIM0 installe an initialize error Table 7 escribes the meaning of Ethernet LEDs on the front panel: 9

Cisco 2811 an Cisco 2821 Routers Table 7 Cisco 2821 Ethernet Inicators Name State Description Activity Off Not receiving packets Soli/Blinking Green Receiving packets Duplex Off Soli Green Half-Duplex Full-Duplex Spee One Blink Green To Blink Green 10 Mbps 100 Mbps Link Off Soli Green No link establishe Ethernet link is establishe The physical interfaces are separate into the logical interfaces from FIPS 140-2 as escribe in the Table 8: Table 8 Cisco 2821 FIPS 140-2 Logical Interfaces Router Physical Interface 10/100 Ethernet LAN Ports HWIC Ports Console Port Auxiliary Port ENM Slot VeNoM Slot 10/100 Ethernet LAN Ports HWIC Ports Console Port Auxiliary Port ENM Slot VeNoM Slot 10/100 Ethernet LAN Ports HWIC Ports Poer Sitch Console Port Auxiliary Port ENM Slot FIPS 140-2 Logical Interface Data Input Interface Data Output Interface Control Input Interface 10

Cisco 2811 an Cisco 2821 Routers Table 8 Cisco 2821 FIPS 140-2 Logical Interfaces (Continue) 10/100 Ethernet LAN Port LEDs AIM LEDs PVDM LEDs Poer LED Activity LEDs Auxiliary LED Compact Flash LED Console Port Auxiliary Port Main Poer Plug Reunant Poer Supply Plug Status Output Interface Poer Interface There are to USB ports but they are not supporte currently. The ports ill be supporte in the future for smartcar or token reaer. The CF car that store the IOS image is consiere an internal memory moule. The reason is the IOS image store in the car cannot be moifie or upgrae. The car itself must never be remove from the rive. Tamper evient seal ill be place over the car in the rive. Roles an Services Authentication in Cisco 2811 an Cisco 2821 is role-base. There are to main roles in the router that operators can assume: the Crypto Officer role an the User role. The aministrator of the router assumes the Crypto Officer role in orer to configure an maintain the router using Crypto Officer services, hile the Users exercise only the basic User services. The moule supports RADIUS an TACACS+ for authentication. A complete escription of all the management an configuration capabilities of the router can be foun in the Performing Basic System Management manual an in the online help for the router. User Services Users enter the system by accessing the console port ith a terminal program or via IPSec protecte telnet or SSH session to a LAN port. The IOS prompts the User for username an passor. If the passor is correct, the User is alloe entry to the IOS executive program. The services available to the User role consist of the folloing: Status Functions Vie state of interfaces an protocols, version of IOS currently running. Netork Functions Connect to other netork evices through outgoing telnet, PPP, etc. an initiate iagnostic netork services (i.e., ping, mtrace). Terminal Functions Ajust the terminal session (e.g., lock the terminal, ajust flo control). Directory Services Display irectory of files kept in flash memory. 11

Cisco 2811 an Cisco 2821 Routers Crypto Officer Services During initial configuration of the router, the Crypto Officer passor (the enable passor) is efine. A Crypto Officer can assign permission to access the Crypto Officer role to aitional accounts, thereby creating aitional Crypto Officers. The Crypto Officer role is responsible for the configuration an maintenance of the router. The Crypto Officer services consist of the folloing: Configure the router Define netork interfaces an settings, create comman aliases, set the protocols the router ill support, enable interfaces an netork services, set system ate an time, an loa authentication information. Define Rules an Filters Create packet Filters that are applie to User ata streams on each interface. Each Filter consists of a set of Rules, hich efine a set of packets to permit or eny base on characteristics such as protocol ID, aresses, ports, TCP connection establishment, or packet irection. Vie Status Functions Vie the router configuration, routing tables, active sessions, use gets to vie SNMP MIB statistics, health, temperature, memory status, voltage, packet statistics, revie accounting logs, an vie physical interface status. Manage the router Log off users, shuton or reloa the router, manually back up router configurations, vie complete configurations, manage user rights, an restore router configurations. Set Encryption/Bypass Set up the configuration tables for IP tunneling. Set keys an algorithms to be use for each IP range or allo plaintext packets to be set from specifie IP aress. Physical Security The router is entirely encase by a metal, opaque case. The rear of the unit contains HWIC/WIC/VIC connectors, LAN connectors, a CF rive, poer connector, console connector, auxiliary connector, USB port, an fast Ethernet connectors. The front of the unit contains the system status an activity LEDs. The top, sie, an front portion of the chassis can be remove to allo access to the motherboar, memory, AIM slot, an expansion slots. Once the router has been configure in to meet FIPS 140-2 Level 2 requirements, the router cannot be accesse ithout signs of tampering. To seal the system, apply serialize tamper-evience labels as follos: To apply serialize tamper-evience labels to the Cisco 2811: Step 1 Step 2 Step 3 Step 4 Clean the cover of any grease, irt, or oil before applying the tamper evience labels. Alcohol-base cleaning pas are recommene for this purpose. The temperature of the router shoul be above 10 C. The tamper evience label shoul be place so that one half of the label covers the front panel an the other half covers the enclosure. The tamper evience label shoul be place over the CF car in the slot so that any attempt to remove the car ill sho sign of tampering. The tamper evience label shoul be place so that the one half of the label covers the enclosure an the other half covers the port aapter slot. 12

Cisco 2811 an Cisco 2821 Routers Step 5 Step 6 The tamper evience label shoul be place so that the one half of the label covers the enclosure an the other half covers the rear panel. The labels completely cure ithin five minutes. Figure 7 an Figure 8 sho the tamper evience label placements for the Cisco 2811. Figure 7 Cisco 2811 Tamper Evient Label Placement (Back Vie) Figure 8 Cisco 2811 Tamper Evient Label Placement (Front Vie) To apply serialize tamper-evience labels to the Cisco 2821: Step 1 Step 2 Step 3 Step 4 Clean the cover of any grease, irt, or oil before applying the tamper evience labels. Alcohol-base cleaning pas are recommene for this purpose. The temperature of the router shoul be above 10 C. The tamper evience label shoul be place so that one half of the label covers the front panel an the other half covers the enclosure. The tamper evience label shoul be place over the CF car in the slot so that any attempt to remove the car ill sho sign of tampering. The tamper evience label shoul be place so that the one half of the label covers the enclosure an the other half covers the port aapter slot. 13

Cisco 2811 an Cisco 2821 Routers Step 5 Step 6 The tamper evience label shoul be place so that the one half of the label covers the enclosure an the other half covers the rear panel. The labels completely cure ithin five minutes. Figure 9 an Figure 10 sho the tamper evience label placements for the Cisco 2821. Figure 9 Cisco 2821 Tamper Evient Label Placement (Back Vie) Figure 10 Cisco 2821 Tamper Evient Label Placement (Front Vie) The tamper evience seals are prouce from a special thin gauge vinyl ith self-ahesive backing. Any attempt to open the router ill amage the tamper evience seals or the material of the moule cover. Since the tamper evience seals have non-repeate serial numbers, they can be inspecte for amage an compare against the applie serial numbers to verify that the moule has not been tampere. Tamper evience seals can also be inspecte for signs of tampering, hich inclue the folloing: curle corners, bubbling, crinkling, rips, tears, an slices. The or OPEN may appear if the label as peele back. Cryptographic Key Management The router securely aministers both cryptographic keys an other critical security parameters such as passors. The tamper evience seals provie physical protection for all keys. All keys are also protecte by the passor-protection on the Crypto Officer role login, an can be zeroize by the Crypto Officer. All zeroization consists of overriting the memory that store the key. Keys are exchange an entere electronically or via Internet Key Exchange (IKE). 14

Cisco 2811 an Cisco 2821 Routers Key Zeroization: The routers support the folloing FIPS 140-2 approve algorithm implementations: Softare (IOS) implementations AES DES (for legacy use only) (transitional phase only vali until May 19th, 2007) 3DES SHA-1 HMAC-SHA-1 X9.31 PRNG Onboar harare implementations AES DES (for legacy use only) (transitional phase only vali until May 19th, 2007) 3DES SHA-1 HMAC-SHA-1 The router is in the approve moe of operation only hen FIPS 140-2 approve algorithms are use (except DH hich is alloe in the approve moe for key establishment espite being non-approve). The folloing are not FIPS 140-2 approve algorithms: RC4, MD5, HMAC-MD5, RSA an DH. Note: The moule supports DH key sizes of 1024 an 1536 bits. Therefore, DH provies 80-bit an 96-bit of encryption strength per NIST 800-57. The moule supports to types of key management schemes: Pre-share key exchange via electronic key entry. DES/3DES/AES key an HMAC-SHA-1 key are exchange an entere electronically. Internet Key Exchange metho ith support for pre-share keys exchange an entere electronically. The pre-share keys are use ith Diffie-Hellman key agreement technique to erive DES, 3DES or AES keys. The pre-share key is also use to erive HMAC-SHA-1 key. The moule supports commercially available Diffie-Hellman for key establishment. See the Cisco IOS Reference Guie. All pre-share keys are associate ith the CO role that create the keys, an the CO role is protecte by a passor. Therefore, the CO passor is associate ith all the pre-share keys. The Crypto Officer nees to be authenticate to store keys. All Diffie-Hellman (DH) keys agree upon for iniviual tunnels are irectly associate ith that specific tunnel only via the IKE protocol. Each key can be zeroize by sening the no comman prior to the key function commans. This ill zeroize each key from the, the running configuration. Clear Crypto IPSec SA ill zeroize the IPSec DES/3DES/AES session key (hich is erive using the Diffie-Hellman key agreement technique) from the. This session key is only available in the ; therefore this comman ill completely zeroize this key. The folloing comman ill zeroize the pre-share keys from the : 15

Cisco 2811 an Cisco 2821 Routers no set session-key inboun ah spi hex-key-ata no set session-key outboun ah spi hex-key-ata no set session-key inboun esp spi cipher hex-key-ata [authenticator hex-key-ata] no set session-key outboun esp spi cipher hex-key-ata [authenticator hex-key-ata] The running configuration must be copie to the start-up configuration in NVRAM in orer to completely zeroize the keys. The folloing commans ill zeroize the pre-share keys from the : no crypto isakmp key key-string aress peer-aress no crypto isakmp key key-string hostname peer-hostname The running configuration must be copie to the start-up configuration in NVRAM in orer to completely zeroize the keys. The moule supports the folloing keys an critical security parameters (CSPs). Note that keys store in NVRAM are in plaintext unless the configuration file encryption key is configure via the key config-key comman is use. Table 9 Cryptographic Keys an CSPs Name Algorithm Description Storage PRNG See X9.31 This is the see for X9.31 PRNG. This CSP is store in an upate perioically after the generation of 400 bytes after this it is reseee ith router-erive entropy; hence, it is zeroize perioically. Also, the operator can turn off the router to zeroize this CSP. Diffie Hellman private exponent Diffie Hellman public key skeyi skeyi_ skeyi_a skeyi_e IKE session encrypt key IKE session authentication key DH DH Keye SHA-1 Keye SHA-1 HMAC- SHA-1 or DES MAC DES/TDES /AES DES/TDES /AES HMAC- SHA-1 or DES MAC The private exponent use in Diffie-Hellman (DH) exchange. Zeroize after DH share secret has been generate. The public key use in Diffie-Hellman (DH) exchange as part of IKE. Zeroize after the DH share secret has been generate. Value erive from the share secret ithin IKE exchange. Zeroize hen IKE session is terminate. The IKE key erivation key for non ISAKMP security associations. The ISAKMP security association authentication key. The ISAKMP security association encryption key. The IKE session encrypt key. The IKE session authentication key. Zeroization Metho Automatically every 400 bytes, or turn off the router. Automatically after share secret generate. Automatically after share secret generate. Automatically after IKE session terminate. Automatically after IKE session terminate. Automatically after IKE session terminate. Automatically after IKE session terminate. Automatically after IKE session terminate. Automatically after IKE session terminate. 16

Cisco 2811 an Cisco 2821 Routers Table 9 Cryptographic Keys an CSPs (Continue) ISAKMP preshare Secret The key use to generate IKE skeyi uring preshare-key authentication. no crypto isakmp key comman zeroizes it. This key can have to forms base on hether the key is relate to the hostname or the IP aress. NVRAM (plaintext ) # no crypto isakmp key IKE hash key SHA-1 HMAC This key generates the IKE share secret keys. This key is zeroize after generating those keys. secret_1_0_0 The fixe key use in Cisco venor ID generation. This key is embee in the moule binary image an can be elete by erasing the Flash. NVRAM IPSec encryption key DES/TDES /AES The IPSec encryption key. Zeroize hen IPSec session is terminate. Automatically hen IPSec session terminate. IPSec authentication key SHA-1 HMAC or DES MAC The IPSec authentication key. The zeroization is the same as above. Automatically hen IPSec session terminate. Configuration encryption key AES The key use to encrypt values of the configuration file. This key is zeroize hen the no key config-key is issue. Note that this comman oes not ecrypt the configuration file, so zeroize ith care. NVRAM (plaintext ) # no key config-key Router authentication key 1 Share secret This key is use by the router to authenticate itself to the peer. The router itself gets the passor (that is use as this key) from the AAA server an sens it onto the peer. The passor retrieve from the AAA server is zeroize upon completion of the authentication attempt. Automatically upon completion of authentication attempt. PPP authentication key RFC 1334 The authentication key use in PPP. This key is in the an not zeroize at runtime. One can turn off the router to zeroize this key because it is store in. Turn off the router. Router authentication key 2 Share Secret This key is use by the router to authenticate itself to the peer. The key is ientical to Router authentication key 1 except that it is retrieve from the local atabase (on the router itself). Issuing the no username passor zeroizes the passor (that is use as this key) from the local atabase. NVRAM # no username passor SSH session key Various symmetric This is the SSH session key. It is zeroize hen the SSH session is terminate. Automatically hen SSH session terminate User passor Share Secret The passor of the User role. This passor is zeroize by overriting it ith a ne passor. NVRAM Overrite ith ne passor Enable passor Share Secret The plaintext passor of the CO role. This passor is zeroize by overriting it ith a ne passor. NVRAM Overrite ith ne passor 17

Cisco 2811 an Cisco 2821 Routers Table 9 Cryptographic Keys an CSPs (Continue) Enable secret Share Secret The ciphertext passor of the CO role. Hoever, the algorithm use to encrypt this passor is not FIPS approve. Therefore, this passor is consiere plaintext for FIPS purposes. This passor is zeroize by overriting it ith a ne passor. NVRAM Overrite ith ne passor RADIUS secret Share Secret The RADIUS share secret. This share secret is zeroize by executing the no raius-server key comman. NVRAM, # no raius-server key TACACS+ secret Share Secret The TACACS+ share secret. This share secret is zeroize by executing the no tacacs-server key comman. NVRAM, # no tacacs-server key Note All RSA operations are prohibite by policy, an commans that can be execute by Officer are shon # comman.. Table 10 Role an Service Access to CSP Note: An empty entry inicates that a particular SRDI is not accessible by the corresponing service SRDI/Role/Service Access Policy Security Relevant Data Item Role/Service User Role PRNG See r r DH private exponent r r DH public key r r Status Functions Netork Functions Terminal Functions Directory Services Crypto-Officer Role Configure the Router Define Rules an Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cars 18

Cisco 2811 an Cisco 2821 Routers Table 10 Role an Service Access to CSP (Continue) Note: An empty entry inicates that a particular SRDI is not accessible by the corresponing service Role/Service User Role Status Functions Netork Functions Terminal Functions Directory Services Crypto-Officer Role Configure the Router Define Rules an Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cars SRDI/Role/Service Access Policy DH public key r r skeyi r r skeyi_ r r skeyi_a r r skeyi_e r r IKE session encrypt key r r IKE session authentication key r r ISAKMP preshare r r IKE hash key r r secret_1_0_0 r r IPSec encryption key r r 19

Cisco 2811 an Cisco 2821 Routers Table 10 Role an Service Access to CSP (Continue) Note: An empty entry inicates that a particular SRDI is not accessible by the corresponing service SRDI/Role/Service Access Policy IPSec encryption key r r Configuration encryption key Role/Service User Role Status Functions Netork Functions Terminal Functions Directory Services Crypto-Officer Role Configure the Router Define Rules an Filters Status Functions Manage the Router Set Encryptions/Bypass Change WAN Interface Cars Router authentication key r r PPP Authentication key r r Router authentication key 2 r r SSH session key r r User passor r r Enable passor r Enable secret r RADIUS secret r TACACS+ secret r r r 20

Cisco 2811 an Cisco 2821 Routers Self-Tests In orer to prevent any secure ata from being release, it is important to test the cryptographic components of a security moule to insure all components are functioning correctly. The router inclues an array of self-tests that are run uring startup an perioically uring operations. All self-tests are implemente by the softare. An example of self-tests run at poer-up is a cryptographic knon anser test (KAT) on each of the FIPS-approve cryptographic algorithms an on the Diffie-Hellman algorithm. Examples of tests performe at startup are a softare integrity test using an EDC, an a set of Statistical Ranom Number Generator (RNG) tests. Examples of tests run perioically or conitionally inclue: a bypass moe test performe conitionally prior to executing IPSec, an a continuous ranom number generator test. If any of the self-tests fail, the router transitions into an error state. In the error state, all secure ata transmission is halte an the router outputs status information inicating the failure. Examples of the errors that cause the system to transition to an error state: IOS image integrity checksum faile Microprocessor overheats an burns out Knon anser test faile NVRAM moule malfunction. Temperature high arning Self-tests performe by the IOS image IOS Self Tests: POST tests AES Knon Anser Test Softare/firmare test Poer up bypass test RNG Knon Anser Test Diffie Hellman test HMAC-SHA-1 Knon Anser Test SHA-1 Knon Anser Test DES Knon Anser Test 3DES Knon Anser Test Conitional tests Conitional bypass test Self-tests performe by NetGX Continuous ranom number generation test NetGX Tests: POST tests AES Knon Anser Test DES Knon Anser Test 21

Secure Operation of the Cisco 2811 or Cisco 2821 router 3DES Knon Anser Test SHA-1 Knon Anser Test HMAC-SHA-1 Knon Anser Test Secure Operation of the Cisco 2811 or Cisco 2821 router The Cisco 2811 an Cisco 2821 routers meet all the Level 2 requirements for FIPS 140-2. Follo the setting instructions provie belo to place the moule in FIPS-approve moe. Operating this router ithout maintaining the folloing settings ill remove the moule from the FIPS approve moe of operation. Initial Setup The Crypto Officer must apply tamper evience labels as escribe in the Physical Security section on page 12 of this ocument. The Crypto Officer must isable IOS Passor Recovery by executing the folloing commans: configure terminal no service passor-recovery en sho version Note Once Passor Recovery is isable, aministrative access to the moule ithout the passor ill not be possible. System Initialization an Configuration The Crypto Officer must perform the initial configuration. IOS version 12.3(11)T03, Avance Security buil (avsecurity) is the only alloable image; no other image shoul be loae. The value of the boot fiel must be 0x0102. This setting isables break from the console to the ROM monitor an automatically boots the IOS image. From the configure terminal comman line, the Crypto Officer enters the folloing syntax: config-register 0x0102 The Crypto Officer must create the enable passor for the Crypto Officer role. The passor must be at least 8 characters to inclue at least one number an one letter an is entere hen the Crypto Officer first engages the enable comman. The Crypto Officer enters the folloing syntax at the # prompt: enable secret [PASSWORD] The Crypto Officer must alays assign passors (of at least 8 characters) to users. Ientification an authentication on the console port is require for Users. From the configure terminal comman line, the Crypto Officer enters the folloing syntax: line con 0 passor [PASSWORD] login local 22

Relate Documentation RADIUS an TACACS+ share secret key sizes must be at least 8 characters long, an must inclue at least one number an one letter. IPSec Requirements an Cryptographic Algorithms The only type of key management that is alloe in FIPS moe is Internet Key Exchange (IKE). Although the IOS implementation of IKE allos a number of algorithms, only the folloing algorithms are alloe in a FIPS 140-2 configuration: ah-sha-hmac esp-es esp-sha-hmac esp-3es esp-aes The folloing algorithms are not FIPS approve an shoul not be use uring FIPS-approve moe: RSA MD-5 for signing MD-5 HMAC Protocols SNMP v3 over a secure IPSec tunnel may be employe for authenticate, secure SNMP gets an sets. Since SNMP v2c uses community strings for authentication, only gets are alloe uner SNMP v2c. SSL is not an Approve protocol, an shall not be use in FIPS moe. Remote Access Telnet access to the moule is only alloe via a secure IPSec tunnel beteen the remote system an the moule. The Crypto officer must configure the moule so that any remote connections via telnet are secure through IPSec, using FIPS-approve algorithms. Note that all users must still authenticate after remote access is grante. SSH access to the moule is only alloe if SSH is configure to use a FIPS-approve algorithm. The Crypto officer must configure the moule so that SSH uses only FIPS-approve algorithms. Note that all users must still authenticate after remote access is grante. Relate Documentation For more information about the Cisco 2811 an Cisco 2821 Integrate Services Routers, refer to the folloing ocuments: Cisco 2800 Series Integrate Services Routers Quick Start Guies Cisco 2800 Series Harare Installation ocuments 23

Obtaining Documentation Cisco 2800 Series Softare Configuration ocuments Cisco 2800 Series Cars an Moules Obtaining Documentation Cisco ocumentation an aitional literature are available on Cisco.com. Cisco also provies several ays to obtain technical assistance an other technical resources. These sections explain ho to obtain technical information from Cisco Systems. Cisco.com You can access the most current Cisco ocumentation at this URL: http://.cisco.com/techsupport You can access the Cisco ebsite at this URL: http://.cisco.com You can access international Cisco ebsites at this URL: http://.cisco.com/public/countries_languages.shtml Prouct Documentation DVD Cisco ocumentation an aitional literature are available in the Prouct Documentation DVD package, hich may have shippe ith your prouct. The Prouct Documentation DVD is upate regularly an may be more current than printe ocumentation. The Prouct Documentation DVD is a comprehensive library of technical prouct ocumentation on portable meia. The DVD enables you to access multiple versions of harare an softare installation, configuration, an comman guies for Cisco proucts an to vie technical ocumentation in HTML. With the DVD, you have access to the same ocumentation that is foun on the Cisco ebsite ithout being connecte to the Internet. Certain proucts also have.pf versions of the ocumentation available. The Prouct Documentation DVD is available as a single unit or as a subscription. Registere Cisco.com users (Cisco irect customers) can orer a Prouct Documentation DVD (prouct number DOC-DOCDVD=) from Cisco Marketplace at this URL: http://.cisco.com/go/marketplace/ Orering Documentation Beginning June 30, 2005, registere Cisco.com users may orer Cisco ocumentation at the Prouct Documentation Store in the Cisco Marketplace at this URL: http://.cisco.com/go/marketplace/ Nonregistere Cisco.com users can orer technical ocumentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the Unite States an Canaa, or elsehere by calling 011 408 519-5055. You can also orer ocumentation by e-mail at tech-oc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the Unite States an Canaa, or elsehere at 011 408 519-5001. 24

Documentation Feeback Documentation Feeback You can rate an provie feeback about Cisco technical ocuments by completing the online feeback form that appears ith the technical ocuments on Cisco.com. You can sen comments about Cisco ocumentation to bug-oc@cisco.com. You can submit comments by using the response car (if present) behin the front cover of your ocument or by riting to the folloing aress: Cisco Systems Attn: Customer Document Orering 170 West Tasman Drive San Jose, CA 95134-9883 We appreciate your comments. Cisco Prouct Security Overvie Cisco provies a free online Security Vulnerability Policy portal at this URL: http://.cisco.com/en/us/proucts/proucts_security_vulnerability_policy.html From this site, you can perform these tasks: Report security vulnerabilities in Cisco proucts. Obtain assistance ith security incients that involve Cisco proucts. Register to receive security information from Cisco. A current list of security avisories an notices for Cisco proucts is available at this URL: http://.cisco.com/go/psirt If you prefer to see avisories an notices as they are upate in real time, you can access a Prouct Security Incient Response Team Really Simple Synication (PSIRT RSS) fee from this URL: http://.cisco.com/en/us/proucts/proucts_psirt_rss_fee.html Reporting Security Problems in Cisco Proucts Cisco is committe to elivering secure proucts. We test our proucts internally before e release them, an e strive to correct all vulnerabilities quickly. If you think that you might have ientifie a vulnerability in a Cisco prouct, contact PSIRT: Emergencies security-alert@cisco.com An emergency is either a conition in hich a system is uner active attack or a conition for hich a severe an urgent security vulnerability shoul be reporte. All other conitions are consiere nonemergencies. Nonemergencies psirt@cisco.com In an emergency, you can also reach PSIRT by telephone: 1 877 228-7302 1 408 525-6532 25

Obtaining Technical Assistance Tip We encourage you to use Pretty Goo Privacy (PGP) or a compatible prouct to encrypt any sensitive information that you sen to Cisco. PSIRT can ork from encrypte information that is compatible ith PGP versions 2.x through 8.x. Never use a revoke or an expire encryption key. The correct public key to use in your corresponence ith PSIRT is the one linke in the Contact Summary section of the Security Vulnerability Policy page at this URL: http://.cisco.com/en/us/proucts/proucts_security_vulnerability_policy.html The link on this page has the current PGP key ID in use. Obtaining Technical Assistance Cisco Technical Support provies 24-hour-a-ay aar-inning technical assistance. The Cisco Technical Support & Documentation ebsite on Cisco.com features extensive online support resources. In aition, if you have a vali Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provie telephone support. If you o not have a vali Cisco service contract, contact your reseller. Cisco Technical Support & Documentation Website The Cisco Technical Support & Documentation ebsite provies online ocuments an tools for troubleshooting an resolving technical issues ith Cisco proucts an technologies. The ebsite is available 24 hours a ay, at this URL: http://.cisco.com/techsupport Access to all tools on the Cisco Technical Support & Documentation ebsite requires a Cisco.com user ID an passor. If you have a vali service contract but o not have a user ID or passor, you can register at this URL: http://tools.cisco.com/rpf/register/register.o Note Use the Cisco Prouct Ientification (CPI) tool to locate your prouct serial number before submitting a eb or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation ebsite by clicking the Tools & Resources link uner Documentation & Tools. Choose Cisco Prouct Ientification Tool from the Alphabetical Inex rop-on list, or click the Cisco Prouct Ientification Tool link uner Alerts & RMAs. The CPI tool offers three search options: by prouct ID or moel name; by tree vie; or for certain proucts, by copying an pasting sho comman output. Search results sho an illustration of your prouct ith the serial number label location highlighte. Locate the serial number label on your prouct an recor the information before placing a service call. 26

Obtaining Aitional Publications an Information Submitting a Service Request Using the online TAC Service Request Tool is the fastest ay to open S3 an S4 service requests. (S3 an S4 service requests are those in hich your netork is minimally impaire or for hich you require prouct information.) After you escribe your situation, the TAC Service Request Tool provies recommene solutions. If your issue is not resolve using the recommene resources, your service request is assigne to a Cisco engineer. The TAC Service Request Tool is locate at this URL: http://.cisco.com/techsupport/servicerequest For S1 or S2 service requests or if you o not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in hich your prouction netork is on or severely egrae.) Cisco engineers are assigne immeiately to S1 an S2 service requests to help keep your business operations running smoothly. To open a service request by telephone, use one of the folloing numbers: Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227) EMEA: +32 2 704 55 55 USA: 1 800 553-2447 For a complete list of Cisco TAC contacts, go to this URL: http://.cisco.com/techsupport/contacts Definitions of Service Request Severity To ensure that all service requests are reporte in a stanar format, Cisco has establishe severity efinitions. Severity 1 (S1) Your netork is on, or there is a critical impact to your business operations. You an Cisco ill commit all necessary resources aroun the clock to resolve the situation. Severity 2 (S2) Operation of an existing netork is severely egrae, or significant aspects of your business operation are negatively affecte by inaequate performance of Cisco proucts. You an Cisco ill commit full-time resources uring normal business hours to resolve the situation. Severity 3 (S3) Operational performance of your netork is impaire, but most business operations remain functional. You an Cisco ill commit resources uring normal business hours to restore service to satisfactory levels. Severity 4 (S4) You require information or assistance ith Cisco prouct capabilities, installation, or configuration. There is little or no effect on your business operations. Obtaining Aitional Publications an Information Information about Cisco proucts, technologies, an netork solutions is available from various online an printe sources. Cisco Marketplace provies a variety of Cisco books, reference guies, ocumentation, an logo merchanise. Visit Cisco Marketplace, the company store, at this URL: http://.cisco.com/go/marketplace/ 27

Obtaining Aitional Publications an Information Cisco Press publishes a ie range of general netorking, training an certification titles. Both ne an experience users ill benefit from these publications. For current Cisco Press titles an other information, go to Cisco Press at this URL: http://.ciscopress.com Packet magazine is the Cisco Systems technical user magazine for maximizing Internet an netorking investments. Each quarter, Packet elivers coverage of the latest inustry trens, technology breakthroughs, an Cisco proucts an solutions, as ell as netork eployment an troubleshooting tips, configuration examples, customer case stuies, certification an training information, an links to scores of in-epth online resources. You can access Packet magazine at this URL: http://.cisco.com/packet iq Magazine is the quarterly publication from Cisco Systems esigne to help groing companies learn ho they can use technology to increase revenue, streamline their business, an expan services. The publication ientifies the challenges facing these companies an the technologies to help solve them, using real-orl case stuies an business strategies to help reaers make soun technology investment ecisions. You can access iq Magazine at this URL: http://.cisco.com/go/iqmagazine or vie the igital eition at this URL: http://ciscoiq.texterity.com/ciscoiq/sample/ Internet Protocol Journal is a quarterly journal publishe by Cisco Systems for engineering professionals involve in esigning, eveloping, an operating public an private internets an intranets. You can access the Internet Protocol Journal at this URL: http://.cisco.com/ipj Netorking proucts offere by Cisco Systems, as ell as customer support services, can be obtaine at this URL: http://.cisco.com/en/us/proucts/inex.html Netorking Professionals Connection is an interactive ebsite for netorking professionals to share questions, suggestions, an information about netorking proucts an technologies ith Cisco experts an other netorking professionals. Join a iscussion at this URL: http://.cisco.com/iscuss/netorking Worl-class netorking training is available from Cisco. You can vie current offerings at this URL: http://.cisco.com/en/us/learning/inex.html 28

Obtaining Aitional Publications an Information By printing or making a copy of this ocument, the user agrees to use this information for prouct evaluation purposes only. Sale of this information in hole or in part is not authorize by Cisco Systems. This ocument is to be use in conjunction ith the ocuments liste in the Relate Documentation section. q g g g y g g y Live, Play, an Learn, an iquick Stuy are service marks of Cisco Systems, Inc.; an Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certifie Internetork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empoering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iq Expertise, the iq logo, iq Net Reainess Scorecar, LightStream, Linksys, MeetingPlace, MGX, the Netorkers logo, Netorking Acaemy, Netork Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlieCast, SMARTnet, StrataVie Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, an TransPath are registere traemarks of Cisco Systems, Inc. an/or its affiliates in the Unite States an certain other countries. All other traemarks mentione in this ocument or Website are the property of their respective oners. The use of the or partner oes not imply a partnership relationship beteen Cisco an any other company. (0502R) 29

Obtaining Aitional Publications an Information 30