JUNOS-FIPS-L2 Cryptographic Module Security Policy Document Version 1.3 Juniper Networks January 10, 2007 Copyright Juniper Networks 2007. May be reproduced only in its original entirety [without revision]. Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 Table of Contents 1. Module Overview ...................................................................................................................... 3 2. Security Level ............................................................................................................................ 5 3. Modes of Operation .................................................................................................................. 6 4. Ports and Interfaces.................................................................................................................. 7 5. Identification and Authentication Policy............................................................................... 7 6. Access Control Policy ............................................................................................................. 10 ROLES AND SERVICES ..............................................................................................................................................10 DEFINITION OF CRITICAL SECURITY PARAMETERS (CSPS)......................................................................................12 RSA 2048 BIT X.509 CERTIFICATE..........................................................................................................................14 DEFINITION OF CSPS MODES OF ACCESS ................................................................................................................15 7. Operational Environment ...................................................................................................... 16 8. Security Rules......................................................................................................................... 16 9. Physical Security Policy.......................................................................................................... 18 PHYSICAL SECURITY MECHANISMS .........................................................................................................................18 10. Mitigation of Other Attacks Policy ..................................................................................... 19 11. Definitions and Acronyms.................................................................................................... 20 Page 2 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 1. Module Overview The JUNOS-FIPS-L2 Cryptographic Module is a multi-chip standalone cryptographic module (for Juniper Networks T-Series and M-Series routers ­ see Table 1 for specifics JUNOS-FIPS- L2 HW P/N Versions and FW Version) that executes JUNOS-FIPS firmware. JUNOS-FIPS is a release of the JUNOS operating system, the first routing operating system designed specifically for the Internet. JUNOS is currently deployed in the largest and fastest-growing networks worldwide. A full suite of industrial-strength routing protocols, flexible policy language, and leading MPLS implementation efficiently scale to large numbers of network interfaces and routes. JUNOS supports the industry's first production-ready GMPLS implementation. The cryptographic module's operational environment is a limited operational environment. The cryptographic boundary is defined as being the face plates of installed RE3s or RE4s along with the internal metal portions of the RE installation cavity, which are provided by the T-Series and M-Series chassis. The internal portions of the T-Series and M-Series chassis are non-removable commercial grade metal and encapsulate all components within the boundary. The module is defined as being the unpopulated T-series and M-series chassis with the inclusion of the two installed RE cards. Figures 1 and 2 are representative of the module boundary; for all configurations, the boundary is denoted by the dotted red box. Table 1 ­ JUNOS-FIPS-L2 Versions Chassis Model HW P/N Version FW Versions Number T640 T640BASE Rev A, RE-600 (RE3) Rev A, 7.2R1.7 7.4R1.7 DOC-FIPS-140-2-L2-KIT Rev A T640 T640BASE Rev A, RE-1600 (RE4) Rev A, 7.2R1.7 7.4R1.7 DOC-FIPS-140-2-L2-KIT Rev A T320 T320BASE Rev A, RE-600 (RE3) Rev A, 7.2R1.7 7.4R1.7 DOC-FIPS-140-2-L2-KIT Rev A T320 T320BASE Rev A, RE-1600 (RE4) Rev A, 7.2R1.7 7.4R1.7 DOC-FIPS-140-2-L2-KIT Rev A M320 M320BASE Rev A, RE-600 (RE3) Rev A, 7.2R1.7 7.4R1.7 DOC-FIPS-140-2-L2-KIT Rev A M320 M320BASE Rev A, RE-1600 (RE4) Rev 7.2R1.7 7.4R1.7 A, DOC-FIPS-140-2-L2-KIT Rev A M40e M40EBASE Rev A, RE-600 (RE3) Rev A, 7.2R1.7 7.4R1.7 DOC-FIPS-140-2-L2-KIT Rev A M40e M40EBASE Rev A, RE-1600 (RE4) Rev 7.2R1.7 7.4R1.7 A, DOC-FIPS-140-2-L2-KIT Rev A Page 3 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 Figure 1 ­ M320 with RE3 (Note: The dotted line defines the cryptographic boundary) Page 4 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 Figure 2 ­ Picture of M320 chassis with installed REs 2. Security Level The cryptographic module, which is a multi-chip standalone embodiment, meets the overall requirements applicable to Level 2 security of FIPS 140-2. Table 2 ­ Module Security Level Specification Security Requirements Section Level Cryptographic Module Specification 2 Module Ports and Interfaces 2 Roles, Services and Authentication 2 Finite State Model 2 Physical Security 2 Page 5 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 Operational Environment N/A Cryptographic Key Management 2 EMI/EMC 2 Self-Tests 2 Design Assurance 3 Mitigation of Other Attacks N/A 3. Modes of Operation Approved mode of operation In FIPS mode, the cryptographic module supports FIPS Approved algorithms as follows: · DSA with 1024 bit keys for digital signature generation and verification · RSA with 1024 or 2048 bit keys for digital signature generation and verification · Triple-DES (three key) for encryption/decryption · DES for encryption/decryption (transitional phase only ­ valid until May 19, 2007; for use with legacy systems only) · AES 128, 192, 256 for encryption/decryption · SHA-1 for hashing · HMAC-SHA-1 The cryptographic module also supports the following Non-Approved algorithms: · RSA with 1024 bit keys (key wrapping; key establishment methodology provides 80 bits of encryption strength). · MD5 for hashing (used during authentication) · Diffie-Hellman with 1024 bit keys (key agreement; key establishment methodology provides 80 bits of encryption strength) · Non-Approved RNG (used to seed Approved FIPS 186-2 RNG) The cryptographic module supports the commercially available TLS, IKE, and SSH protocols for key establishment. The cryptographic module relies on the implemented deterministic random number generator (DRNG) that is compliant with FIPS 186-2 for generation of all cryptographic keys. Non-FIPS mode of operation The cryptographic module does not provide a non-FIPS mode of operation. Page 6 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 4. Ports and Interfaces The cryptographic module supports the following physical ports provided by the general purpose PC with the following mapping of corresponding logical interfaces: The cryptographic module supports the following physical ports with the corresponding logical interfaces: · Ethernet: Data input, Data output, Control Input, Status Outputs · Serial: Data input, Data output, Control Input, Status Outputs · Power interface: Power Input The flow of input and output of data, control and status is managed by the cryptographic module's API. 5. Identification and Authentication Policy Assumption of roles The cryptographic module supports six distinct operator roles as follows: · Crypto-Officer · FIPS User · AS2-FIPS PIC · RE to RE · IKE Peer · Protocol Peer The cryptographic module shall enforce the separation of roles using either identity based or role based operator authentication; the cryptographic module meets Level 2 requirements because identity-based authentication is not enforced for all authorized services. Page 7 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 Table 3 ­ Roles and Required Identification and Authentication Role Type of Authentication Authentication Data FIPS User Identity-based operator · Via Console: Username and Password authentication · Via TLS: Username and Password · Via SSH: Password or RSA signature verification or DSA signature verification Role Based authentication · Via RADIUS or TACACS+: pre- shared secret, minimum 10 characters. Crypto-Officer Identity-based operator · Via Console: Username and Password authentication · Via TLS: Username and Password · Via SSH: Password or RSA signature verification or DSA signature verification Role Based authentication · Via RADIUS or TACACS+: pre- shared secret, minimum 10 characters. AS2-FIPS PIC Identity-based operator Serial Number (6 bytes) and Password (32 authentication bytes) RE to RE Identity-based operator Pre-shared keys authentication The RE role will use pre-shared keys for secure communication. IKE Peer Identity-based operator Uses IKE Pre-shared keys. authentication Uses IKE to establish keys to be used by the PIC for IPSec communication with IPSec clients. Protocol PEER Role Based authentication Will use pre-shared keys to send encrypted traffic. Uses TCP/UDP MD5 MAC to only authenticate operator. Alternatively, a manually configured IPSec SA can be used for authentication. Page 8 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 Table 4 ­ Strengths of Authentication Mechanisms Authentication Mechanism Strength of Mechanism Username and Password The module enforces 10 character passwords (at minimum) chosen from the 96+ human readable ASCII characters. The module enforces a timed access mechanism as follows: The first two failed attempts (assuming 0 time to process) no timed access is enforced. Upon the third attempt the module enforces a 5 second delay. Each failed attempt thereafter results in an additional 5 second delay above the previous (e.g. 4th failed attempt = 10 second delay, 5th failed attempt = 15 second delay, 6th failed attempt = 20 second delay, 7th failed attempt = 25 second delay). This leads to a maximum of 7 possible attempts in a one minute period for each getty. The best approach for the attacker would be to disconnect after 4 failed attempts, and wait for a new getty to be spawned. This would allow the attacker to perform roughly 9.6 per minute (576 attempts per hour/60 mins); this would be rounded down to 9 per minute, because there is no such thing a 0.6 attempts. Thus the probability of a successful random attempt is 1/96^10, which is less than 1/1 million. The probability of a success with multiple consecutive attempts in a one minute period is 9/96^10 which is less than 1/100,000. RSA Signature The module supports RSA (1024 or 2048 bit) which have a minimum equivalent computational resistance to attack of either 2^80 or 2^112 depending on the modulus size. Thus the probability of a successful random attempt is 1/2^80 or 1/ 2^112, which are both less than 1/1 million. The probability of a success with multiple consecutive attempts in a one minute period is 5.6e7/2^80 or 5.6e7 / 2^112 which are both less than 1/100,000. DSA Signature The module supports DSA (1024 bit only) which have an equivalent computational resistance to attack of 2^80. Thus the probability of a successful random attempt is 1/ 2^80, which is less than 1/1 million. The probability of a success with multiple consecutive attempts in a one minute period is 5.6e7 / 2^80 which is less than 1/100,000. AS2-FIPS PIC Password The module supports 32 byte passwords to authenticate the PIC. Thus the probability of a successful random attempt is 1/ 255^32, which is less than 1/1 million. The probability of a success with multiple consecutive attempts in a one minute Page 9 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 period is 4,940,716 /255^32 which is less than 1/100,000. RE to RE Pre-shared The module uses 160 bit HMAC keys for RE to RE keys authentication. Thus the probability of a successful random attempt is 1/2^160, which is less than 1/1 million. The probability of a success with multiple consecutive attempts in a one minute period is 54,347,880 /2^160 which is less than 1/100,000. IKE Pre-shared keys The module uses 160 bit HMAC keys for RE to RE authentication. Thus the probability of a successful random attempt is 1/ (2^160), which is less than 1/1 million. The probability of a success with multiple consecutive attempts in a one minute period is 54,347,880 /(2^160) which is less than 1/100,000. Protocol Peer Pre-shared keys The module supports TCP-MD5 with a 128 bit pre-shared key. Thus the probability of a successful random attempt is 1/ (2^128), which is less than 1/1 million. The probability of a success with multiple consecutive attempts in a one minute period is 54,347,880 / (2^128) which is less than 1/100,000. 6. Access Control Policy Roles and Services Table 5 ­ Services Authorized for Roles Role Authorized Services User: · Configuration Management: This service allows the User to configure the router. Configures and monitors the router via the console, · Router Control: This service allows the user to modify the SSH, or TLS. state of the router. (Example: Shutdown, reboot) · Status Checks: This service will allow the user to get the current status of the router. · SSH: This service provides encrypted login via the SSH protocol. · TLS: This service provides encrypted login via the TLS protocol. · Console Access: This service provides direct login access via the console. Page 10 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 Cryptographic-Officer: · Configuration Management: This service allows the CO to configure the router. Configures and monitors the RE via the console, · Router Control: This service allows the user to modify the SSH, or TLS. Also has state of the router. (Example: Shutdown, reboot) permissions to view and edit secrets within the RE. · Status Checks: This service will allow the user to get the current status of the router. · Zeroize: This service allows the user to zeroize the configuration (all CSPs) within the module. · Load New Software: This service allows the verification and loading of new software into the router. · SSH: This service provides encrypted login via the SSH protocol. · TLS: This service provides encrypted login via the TLS protocol. · Console Access: This service provides direct login access via the console. AS2-FIPS PIC · Receives SAs: Allows the PIC to receive the SAs associated with a particular IPSec tunnel · Secure IPC Tunnel: Allows the PIC to communicate with the RE using a secure tunnel. RE to RE · Configuration Management: Allows propagation of configuration database to the backup RE. The RE role is able to communicate with other · Router Control: Allows the Master RE to control the state of RE's to enable failover the backup RE. capabilities. · Status Checks: This service will allow the user to get the current status of the router (Ports, Number of Packet, Up Time, etc.) · Secure Transport: Allows the Master RE to communicate with the Backup RE using a secure IPSEC connection. IKE Peer · Key Agreement: Allows the negotiation of keys for use with an IPSec tunnel. This role performs IKE Page 11 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 negotiation with the RE. The IKE peer will create SAs for the AS2-FIPS PIC to use when using IPSec with a VPN client in cyberspace. Protocol PEER · Mutual Authentication: Allows validating a known protocol peer. This role allows remote router to communicate with · Protocol Exchange: Allows the peers to communicate using the RE via standard an agreed upon protocol. networking protocols. The supported routing protocols · Secure Protocol Transport: Allows IPSec connection (BGP, ISIS, LDP, MSDP, between Protocol Peer and router. OSPF, RIP2, RSVP, VRRP, NTP) authenticate · SNMPv3: Allows the Protocol peer to use SNMPv3 on the peers to each other for router. Note that the cryptography supported by SNMPV3 purpose of updating routing has only been implemented to support the underlying tables. protocol; no security attributes are attributed to the SNMPV3 functionality. Unauthenticated Services: The cryptographic module supports the following unauthenticated services: · PIC Software Image Load: Downloads PIC software image to PIC. · Receive Service Set Configuration: Allows the PIC to receive service set configuration database. · Show status: This service provides the current status of the cryptographic module. · Self-tests: This service executes the suite of self-tests required by FIPS 140-2. · Routing Protocols: Unauthenticated routing protocols (e.g. TCP, UDP) · SNMP Traps (Status) Definition of Critical Security Parameters (CSPs) Page 12 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 Table 6 ­ Table of CSPs CSP Description SSH Private Host Key 1st time SSH is configured the key is generated. RSA, DSA. Used to Identify the host. SSH Session Key Session keys used with SSH, TDES (3key), AES 128, 192, 256, HMAC-SHA-1 key (160), DH Private Key 1024 TLS Host Certificate, Private Portion X.509 Certificates for TLS for authentication. RSA or DSA TLS Session Parameters Session keys used with TLS, TDES (2 or 3 key), AES 128, 192, 256, HMAC-SHA-1; Pre-master Secret User Authentication Key HMAC-SHA-1 Key Used to authenticate users to the module. CO Authentication Key HMAC-SHA-1 Key Used to authenticate COs to the module. IPSec SAs Session keys used within IPSec. TDES (3 key), HMAC-SHA-1 IKE Session Parameters Nonces, DH Private Key 1024 bit keys, TDES, HMAC-SHA-1, used within IKE Secure IPC (Internal) Session Key TDES (3Key) Used to communicate securely between the RE and the PIC RE to RE Authentication Key HMAC Key (Manual IPSecSA) 160 bit key with 96 bit truncated MAC. RE to RE Encryption Key TDES key (Manual IPSec SA) Protocol Peer Authentication Keys TCP-MD5 key to authenticate the routing peer role for the following protocols: BGP, ISIS, LDP, MSDP, OSPF, RIP2, RSVP, VRRP, NTP, APSCP Page 13 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 CSP Description ASPIC password 32 byte password RADIUS shared secret Used to authenticate COs and Users (10 chars minimum) This includes the Authentication Data Block TACACS+ shared secret Used to authenticate COs and Users (10 chars minimum) This includes the Authentication Data Block Manual SA for PIC Entered into the RE, which is then passed over to the PIC for use by PIC with IPSEC Definition of Public Keys Table 7 ­ Table of Public Keys Key Description/Usage SSH Public Host Key 1st time SSH is configured the key is generated. RSA (1024 or 2048 bit), DSA. Identify the host. TLS Host Certificate, Public Portion X.509 Certificates for TLS for authentication. RSA (1024 or 2048 bit) or DSA User Authentication Public Keys Used to authenticate users to the module. RSA (1024 or 2048bit) or DSA CO Authentication Public Keys Used to authenticate CO to the module. RSA (1024 or 2048 bit) or DSA JuniperRootCA RSA 2048 bit X.509 Certificate Used to verify the validity of the Juniper Image at software load and also at runtime for integrity. EngineeringCA RSA 2048 bit X.509 Certificate Used to verify the validity of the Juniper Image at software load and also at runtime for integrity. Page 14 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 Key Description/Usage PackageCA RSA 2048 bit X.509 Certificate Used to verify the validity of the Juniper Image at software load and also at runtime for integrity. PackageProduction RSA 2048 bit X.509 Certificate Certificate that holds the public key of signing key that was used to generate all the signatures used on the packages and signature lists. RE RSA Verify Key (Public RSA 1024 bit sent to the PIC to sign data to allow the PIC Authentication key) authenticate to RE by have the PIC sign data that is verified by the RE PIC RSA Verify (Public RSA 1024 bit key to allow the RE to authenticate to the Authentication) Key PIC by signing data and having the PIC verify the signature. PIC RSA Encrypt Key RSA 1024 bit used to encrypt the TDES session key. RE RSA Encrypt Key RSA 1024 bit sent to the PIC; note that the PIC never uses this key DH Public Keys Used within IKE and SSH for key establishment Definition of CSPs Modes of Access Table 8 defines the relationship between access to CSPs and the different module services. The modes of access shown in the table are defined as follows: Table 8 ­ CSP Access Rights within Roles & Services Role Service Cryptographic Keys and CSPs Access Operation IKE Prot. CO User RE ASPIC R=Read, W=Write, D=Delete Peer Peer Configuration All CSPs (R, W, D) X Management Configuration No access to CSPs X Management Configuration All CSPs (R, W) X Management Page 15 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 X X X Router Control No access to CSPs X X X Status Checks No access to CSPs X Zeroize All CSPs (D) X Receives SAs Relevant IPSec SAs (R) X Key Agreement IPSec SAs (R) Mutual Relevant Authentication data: X (R) Authentication Protocol Exchange No access to CSPs X (OSPF, VRRP, etc) Load New No access to CSPs X Software X X SSH SSH session key (R) X X TLS TLS session parameters (R) X X Console Access CO Authentication Key, User Authentication Key (R) Secure IPC Tunnel Secure IPC (Internal) Session X X Key (R) Secure transport RE to RE Encryption Key, RE X to RE Authentication Key (R) Secure Protocol Protocol Peer Authentication X Keys R transport 7. Operational Environment The FIPS 140-2 Area 6 Operational Environment requirements are not applicable because the cryptographic module is a limited operational environment. 8. Security Rules The cryptographic module's design corresponds to the cryptographic module's security rules. This section documents the security rules enforced by the cryptographic module to implement the security requirements of this FIPS 140-2 Level 2 module. 1. The cryptographic module shall provide six distinct operator roles. These are the FIPS User role, the Cryptographic-Officer role, RE Role, PIC Role, IKE Peer Role, and Protocol Peer. 2. The cryptographic module shall support both role-based and identity based authentication mechanisms. Page 16 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 3. Authentication of identity to an authorized role is required for all services that modify, disclose, or substitute CSPs, use Approved security functions, or otherwise affect the security of the cryptographic module. 4. The cryptographic module shall perform the following tests: · Power up tests A. Cryptographic algorithm tests i. DES - CBC KAT ii. TDES - CBC KAT iii. AES - CBC KAT iv. AES - CFB KAT v. SHA-1 KAT vi. HMAC-SHA-1 KAT vii. RSA pairwise consistency test (sign/verify & encrypt/decrypt) viii. DSA pairwise consistency test (sign/verify) ix. FIPS 186-2 DRNG KAT B. Firmware integrity test: i. RSA digital signature verification (PKCS1.5, 2048 bit key, SHA- 1) and SHA-1 hash verification C. Critical functions tests i. Verification of Limited Environment ii. Verification of Integrity of Optional Packages · Conditional tests A. Pairwise consistency tests i. RSA pairwise consistency test (sign/verify & encrypt/decrypt) ii. DSA pairwise consistency test (sign/verify) B. Firmware load test: RSA digital signature verification (2048 bit key) C. Manual key entry test: duplicate key entries test D. Continuous random number generator test: performed on the Approved FIPS 186-2, Appendix 3.1 DRNG, and on a non-Approved RNG that is used to seed the Approved DRNG. E. Bypass test is not applicable. Page 17 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 6. At any time the cryptographic module is in an idle state, the operator shall be capable of commanding the module to perform the power-up self-test by power cycling the module. 7. Prior to each use, the internal RNG shall be tested using the continuous random number generation conditional test. 8. Data output shall be inhibited during key generation, self-tests, zeroization, and error states. 9. Status information shall not contain CSPs or sensitive data that if misused could lead to a compromise of the module. 10. The module shall support concurrent operators. 11. The FIPS module is a combination of Routing Engine and Juniper Router Platform Chassis in which the RE is installed. The Routing Engine must be installed on one of the approved chassis as listed above per Juniper installation guidance. The installation shall include the placement of tamper labels installed in specific locations on the module. 9. Physical Security Policy Physical Security Mechanisms JUNOS-FIPS-L2's physical embodiment is that of a multi-chip standalone device that meets Level 2 physical security requirements. The module is completely enclosed in a nickel or clear zinc coated cold rolled steel and plated steel and brushed aluminum. The cryptographic boundary does not have any gaps or openings what so ever. There are no ventilation holes, gaps, slits, cracks, slots, crevices, etc. that would allow observation of any kind to any component contained within the physically contiguous cryptographic boundary. Tamper evident seals are used to provide evidence in the case that the module was physically tampered with. Table 9 ­ Inspection/Testing of Physical Security Mechanisms Physical Security Recommended Frequency of Inspection/Test Guidance Mechanisms Inspection/Test Details Tamper Labels, opaque metal Upon receipt of the module Labels should be free of any enclosure. and per security policy of end tamper evidence. user. Page 18 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 Figure 3 RE Tamper Label Placement Figure 4 Tamper label placement (2) 10. Mitigation of Other Attacks Policy The module has not been designed to mitigate attacks, which are outside of the scope of FIPS 140-2. Table 10 ­ Mitigation of Other Attacks Other Attacks Mitigation Mechanism Specific Limitations N/A N/A N/A Page 19 Juniper Networks JUNOS-FIPS-L2 Security Policy Version 1.3 1/10/07 11. Definitions and Acronyms ACRONYM DESCRIPTION AES Advanced Encryption Standard DES Data Encryption Standard DRNG Deterministic Random Number Generator (aka. Pseudo Random Number Generator) DSA Digital Signature Algorithm EMC Electro-Magnetic Compatibility EMI Electro-Magnetic Interference FIPS Federal Information Processing Standard GMPLS General Multi-protocol Label Switching HMAC-SHA-1 Keyed-Hash Message Authentication Code IKE Internet Key Exchange Protocol IPSEC Internet Protocol Security MD5 Message Digest 5 MPLS Multi-protocol Label Switching PIC Physical Interface Card RADIUS Remote Authentication Dial-In User Service RE Routing Engine RSA Public-key encryption technology developed by RSA Data Security, Inc. The acronym stands for Rivest, Shamir, and Adelman. SHA-1 Secure Hash Algorithms SSH Secure Shell SSL Secure Sockets Layer TACACS Terminal Access Controller Access Control System TCP Transmission Control Protocol TDES Triple - Data Encryption Standard TLS Transport Layer Security UDP User Datagram Protocols Page 20