MNR S2500 Security Policy
Version 1.3, Revision Date: 1/13/2009
Page 10
6. Access Control Policy
Authenticated Services
• Firmware Update: load firmware images digitally signed by RSA (1024 bit) algorithm.
• Key Entry: Enter Pre-Shared Keys (PSK)
• User Management: Add/Delete and manage passwords operators
• Reboot: force the module to power cycle via a command
• Zeroization: actively destroy all plaintext CSPs and keys
• Crypto Configuration: Configure IPsec and FRF.17 services
• IKE: Key establishment utilizing the IKE protocol
• IPsec tunnel establishment: IPsec protocol
• FRF.17 tunnel establishment: Frame Relay Privacy Protocol
• SSHv2 for remote access to the router
• Network configuration: Configure networking capabilities
• Enable Ports: Apply a security policy to a port
• File System: Access file system
• Authenticated Show status: Provide status to an authenticated operator
• Access Control: Provide access control for all operators
Unauthenticated Services:
• Unauthenticated Show status: provide the status of the cryptographic module – the status
is shown using the LEDs on the front panel.
• Power-up Self-tests: execute the suite of self-tests required by FIPS 140-2 during power-
up not requiring operator intervention.
• Monitor: Perform various hardware support services
To Next Page
Loading...
