7
Cisco 7206 VXR Router Security Policy
The 7206 VXR NPE-400 Router
·
Status functions: view the router configuration, routing tables, and active sessions; view SNMP MIB
II statistics, health, temperature, memory status, voltage, and packet statistics; review accounting
logs, and view physical interface status.
·
Manage the router: log off users, shut down or reload the router, manually back up router
configurations, view complete configurations, manager user rights, and restore router
configurations.
·
Set encryption/bypass: set up the configuration tables for IP tunneling. Set keys and algorithms to
be used for each IP range or allow plaintext packets to be set from specified IP addresses.
·
Change port adapters: insert and remove adapters in port adapter slots as described in the "Initial
Setup" section in this document.
User Services
A user enters the system by accessing the console port with a terminal program. The IOS prompts the
user for their password. If it matches the plaintext password stored in IOS memory, the user is allowed
entry to the IOS executive program. At the highest level, user services include the following:
·
Status Functions: view state of interfaces, state of layer 2 protocols, version of IOS currently
running
·
Network Functions: connect to other network devices through outgoing telnet or PPP, and initiate
diagnostic network services (for example, ping and mtrace)
·
Terminal Functions: adjust the terminal session (that is, lock the terminal and adjust flow control)
·
Directory Services: display directory of files kept in flash memory
Physical Security
The router is entirely encased by a thick steel chassis. The front of the router provides 4 port adapter
slots, on-board LAN connectors, PC Card slots, and Console/Auxiliary connectors. The power cable
connection, a power switch, and the access to the Network Processing Engine are at the rear of the router.
Once the router has been configured to meet FIPS 140-1 Level 2 requirements, the router cannot be
accessed without signs of tampering. To seal the system, apply serialized tamper-evidence labels as
follows:
·
Clean the cover of any grease, dirt, or oil before applying the tamper evidence labels. Alcohol-based
cleaning pads are recommended for this purpose. The ambient air must be above 10C, otherwise the
labels may not properly cure.
·
The tamper evidence label should be placed so that the one half of the label covers the enclosure and
the other half covers the 7206 VXR NPE-400 Input/Output Controller.
·
The tamper evidence label should be placed over the Flash PC Card slots on the Input/Output
Controller.
·
The tamper evidence label should be placed so that one half of the label covers the enclosure and
the other half covers the port adapter slot 1.
·
The tamper evidence label should be placed so that one half of the label covers the enclosure and
the other half covers the port adapter slot 2.
·
The tamper evidence label should be placed so that one half of the label covers the enclosure and
the other half covers the port adapter slot 3.